Splunk Enterprise Security Reviews

We use it for log analysis and alerting, and our stock analysts use it.

I have used the product for more than five years. Then, in the cloud, I have used it for probably a year. It scales better in the cloud than on-premise.

It is a place for all our logs, and everything goes in one place. The stock analysts and security people use one single dashboard (one single location) to check our logs.

• Easy indexing.
• The solution is faster.

Every product needs improvement. If we can get a faster product, we will take it. There are new services which are coming up. If Splunk can catch up with the speed of Amazon, and with the integration, instead of us waiting for another year or so, that would be good.

We would like more integrations with other cloud products, not just AWS, e.g., Azure.

The stability is good. We stress it at 98 percent.

The AWS scalability is pretty good. We currently have it running on three servers.

Other teams have told me that the technical support is pretty good.

For the few integrations that we have already made, these have been easy to do.

We have seen ROI.

Splunk is not free.

I would recommend trying different stuff based on your company's needs and log types.

We like the product.

The analytics and querying the indices is super easy.

The data representation options in the dashboards are excellent.

Multiple datasource/filetypes are supported and each can be customized in a few clicks.

Security administration and user access control is pretty basic. This can be improved.

The user access control could be much more granular, so that the admins can control r/w/x access for specific features of the product like dashboards, etc.

If this is improved, with a mapping against LDAP roles, it would be excellent.

We had no stability issues.

We had no scalability issues.

Technical support and the online community are some of the best for any product.

We did not have a previous solution.

The setup was quite easy and there is lot of technical documentation for handholding you through the process.

Pricing and licensing is quite expensive. But for the value the product provides, it seems at par in the market.

We looked at IBM SmartCloud Analytics and Log Analytics.

Please watch out for the licensing agreement. There are a lot of IP specific clauses that Splunk has included in their license agreement. Per my understanding, any plugin available in the community cannot be used OOB, due to licensing restrictions. (This might be specific to our organization.)

They provide excellent predefined user cases.

This helps us in the footprinting of all the incidents.

When we deep dive into the events for the triggers, we have very little information in some instances.

I have used Splunk for two years.

We raised support cases.

Scalability is always a question for this product.

Response from technical support can be improved. There was always a delay and we had to chase them.

We didn’t have a previous solution.

I was not present during the initial setup.

Pricing and licensing are always high compared to other products in the market. Storage is very expensive as well.

It is a good product, but expensive.

The solution is primarily used to monitor the operating system for threats, specifically related to login threats. If someone trying to log-in, or somebody trying to break into the system, the idea is it will check that and catch things. It's mainly for external threats to the operating system.

The solution has improved our organization by providing a comprehensive picture of any external threats to the operating system. It improves asset control.

The logs on the solution are excellent. Mostly I see just the reports or the outcome, however, with the log portion, where you could actually take log entries and pass them through the system in order to create events or conditions, and get reports. You can set up your conditions to the logs that you invested into Splunk, and get the reports or the output that you want. 

We're still going through it at this time. However, there are a few changes that could be made.

It could be more user friendly, in terms of the end-user experience. The end-user aspect of it could be more enhanced, whereby you could probably have a lot more people that could sign into the tool and look at the reports, and have the reports actually laid out in plain English. Usually, with tools like Audit Vault and Splunk, if you're not the IT person and you're not trained on that system and you're seeing all of the outputs, the language is something you have to convert.

Therefore, the end-user experience could be improved so that when you get those alerts and notifications, you could have supervisors and different people actually knowing what those reports mean instead of having someone convert them into something more easily digestible. 

There should be more enhancements done to the end-user dashboards. Improved dashboards are always good. If you have an IT tech that's up there, and they're looking at the dashboards and they're seeing everything, it would help they could do events and have a dashboard that they could log into as a supervisor and see everything, and just get specific reports for specific areas.

We've been using the solution for three years.

I can't really speak to the solution's stability beyond how I use it, which is for training. However, I've never experienced bugs or glitches on it and therefore believe it to be very reliable.

The solution seems to be very adaptable, and if not, we'll figure it out what to do in the next couple of years when the program has developed more, and the general capabilities become apparent. 

It is a log parsing tool, so if you take any type of log, operational or financial or security logs, and you put it in there, hopefully, we will find out that a log is a log, and you just create your events and you get the output that you want. Therefore, I don't foresee an issue with scalability per se.

The technical support is pretty good. I would rate it at a seven out of ten. We're mostly happy with the level of service we receive from them.

What they probably need to do is help make the reports more manageable for the end-user or to help the end-user understand them more easily.

We didn't previously use a different solution. We've only ever really used Splunk.

The initial setup was not complex. It was pretty straightforward. It was already loaded on the environment. It's managed by a third party or service provider, therefore we just kind-of fell into the rhythm of using it pretty quickly.

We're just a customer. We don't have a business relationship with Splunk.

We're using the latest version of the solution.

I'd advise those considering the solution to do some basic training before jumping into using the solution. It will help you understand how everything is supposed to work.

I'd rate the solution at an eight out of ten, due to the fact that it's more flexible than other solutions. I like the idea of taking a log, any log, and putting it into a tool and creating your events and your conditions in order to get the output that you're looking for. It's more scalable and flexible than other options on the market.

• Log collection and analysis
• Reporting for the whole enterprise environment.

Improved visibility.

Log search and alerting/reporting.

Code understanding requirement is complicated for most users.

• Can ingest data from various data sources.
• Is very useful for organizations who are attempting to meet compliance requirements.
• Is able to fully configure and integrate various solutions into one tool and provide actionable results.

My use of Splunk at my previous place of employment improved how we functioned.

I have used Splunk for three years.

We didn’t have any stability issues.

We didn’t have any scalability issues.

During our use of Splunk, we had professional services assisting and not actual technical support. However, the professional services team was great.

Our organization did not have an established SIEM tool.

The initial setup is straightforward, depending on the level of implementation of the tool.

Take into consideration the labor costs for a dedicated Splunk developer who can craft the required queries needed for each organization. Organizations usually have their own form of implementation of each tool.

We didn’t evaluate any alternatives.

I used it in the SOC environment to get logs, create dashboards, and filter out data.

The indexing and data collection are valuable. 

Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better.

Their sales support and tech support need improvement. Their support is really bad.

I used it for nearly one year in my previous organization. I last used it about seven months ago.

It is stable.

Its scalability is good.

Their sales support and tech support are really bad. They take really long to respond.

We were using AlienVault. We switched because we weren't really happy with it. So, we looked into different solutions, such as Splunk.

Its initial setup was okay.

We did it ourselves. We had around two people for deployment and maintenance, but we had around 15 users. They all were SOC people.

We had a yearly subscription.

I can recommend this solution to others. It is a great product. 

I would rate it an eight out of 10.