Splunk User Behavior Analytics Reviews

We do technical training and so we do training on the platform. We deploy it on our lab machines for students.

We're building some Splunk dashboards with it and it's useful.

We're currently monitoring students' log in, log out and verifying how they can collect the information. It's a good system for a learning environment. 

We're not specifically using it, we're doing training on it.

The solution appears to be stable, although we haven't used it heavily.

You can use the demo version in order to try the solution for free.

I'm not aware of any lacking features. 

I've been using the solution for six years. 

We don't generate enough data to know whether it's reliable or not.

That said, with the small usage that we do utilize, it's pretty stable.

I've never dealt with technical support. I cannot rate their services or speak to how helpful or responsive they are.

We did not previously use a different solution before choosing Splunk. 

The initial setup is pretty straightforward. It's a couple of scripts you run. It's pretty easy.

We simply use the free demo version of the product. We do not pay any licensing fees at this time. 

We're just end-users. We don't have a business relationship with Splunk.

I'm not sure what version of the solution we are on currently. I believe it's about a year and a half or so old.

This product is the easiest way to check if the work's correct.

It works well. It does what we need it to. I'd rate it a ten out of ten.

We use the solution to feed telemetry data from the network into the collective for display-only. We haven't yet come to a point where we have decided on the process of the status for subsequent operational automation. 

The automation is very good.

The product is at the forefront of auto-remediation networking. It's great.

The pricing of the solution is very reasonable.

Currently, a lot of network operations need improvement. We still need people to handle incidents. Our vision is to leverage status and convert it directly from the network devices. It would be ideal if we could take action using APIs and API code and remove manual processes.  

I've been using the solution for one year at this point.

The solution, from what I have witnessed, is stable. There aren't bugs or glitches. It doesn't crash or freeze. A company can rely on its performance.

The scalability is pretty good. A company that wants to expand it out shouldn't have an issue doing so.

There's a handful of people on it at my organization. We have maybe ten users on it in total. They are mostly admins and engineers. We do have plans to continue to use the solution.

Technical support has been adequate. We aren't blown away by amazing service, however, they do help if we need them to. I personally haven't had any direct contact with them.

We didn't previously use a different product. We're rather new to automation and Splunk in general.

The solution doesn't have a complex setup. It's rather straightforward. 

If you are talking of simply spinning off a container, it's very easy.

The complexity should be on the workflow. It's also the most time-consiuming process. For example, how do you handle this incident? It has to be very careful to ensure you don't have false positives that could mistakenly trigger actions. That can to be the most costly mistake. Other than that, a lot of products you can acquire from open source.

There were a few of us that were tained specifically for the implementation. There were a number of us to speed up the process in order to get automation happening quickly for hte company. 

The solution isn't overly expensive. It's quite affordable. It's not the priciest option on the market. I'm not sure of the exact cost as its not an aspect of the solution I directly deal with.

We're simply customers. We don't have a business relationship with Splunk.

We're using the latest version of the solution. I'm not sure of the exact version number.

I'd recommend the solution to other companies.

On a scale from one to ten, I'd rate it at a seven. If the cost was more reasonable, I might rate it a bit higher. It's not too expensive, but it could always be better.

Our primary use is intrusion detection and analysis. It is a great product because it is intelligent and does everything for us.

It is a great product because it is intelligent and does everything for us. We have a LAN (Local Area Network) and sensitive, classified data and we have to be sure it is well-protected.

It's a component that is easy to configure and easy to use. They have familiar and friendly dashboards for the users. You can make a lot of the dashboards if you want to integrate with it. If you have the basic skills and basic codes you can just create more use cases. You can also have alert systems. You have a lot of different alerts that you can use. You can integrate with all the applications and scripts, like with Kaspersky. We integrate multiple publications with this product.

Actually, the most valuable aspect of Splunk is the data. You do not need to use your databases to perform all things from on all the servers we have. Splunk has three big things it can do with data: it can show it hot, warm and cold. The hot of it allows you to see the data as soon as things happen — maybe to the second. We have the warm, the warm will segment the data up to the hot up to three months ago. The cold will store all of the archives of all the data after the six months. After that, you can't make comparisons any further. 

In the future, we make Splunk in the SOC (Security Operations Center). In the SOC now, we use one feature, it's called the alert system. So in the future, we want to make it so we can send all the data and we can build its security and its management. It will be published in all the places as it is now. We need to do this so we can build more data centers from all the past and existing data crunch.

From the IP end and from ArchSight from HP, I think that Splunk works out very good for me. Not 100%, but 80%. IBM has a lot of features not familiar to the user and the support is very bad. ArcSight thas support, but they forget they have small issues. So, we use Splunk because it is the pinnacle of the organizations. We have specificity. We don't want any kind of application that can corrupt all our data. So we use the Splunk because we see more admirable organizations using it. So we share the knowledge with them.

This solution is scalable depending on your need. The security department belongs to Splunk, so we have approximately 25 people using the system.

We have plans to increase usage soon.

If you implement something with this product I think you need one-year technical support. But the first thing you need is your BUC (Business Use Case). The BUC allows you to know how much deploying the application costs and how many prerequisites you need to fulfill. After defining the BUC you will kick off the project, and after you have implemented, you have to purchase from the vendors one year of support. After that, they give you support until you are ready for the kick-off of the live project but have their support if something goes wrong.

For SIEM (Security Information and Event Management), we used to use McAfee, and it was not good for us. And also we used ArcSight. But we also realized it could not do some things. After that, we networked and decided to use Splunk.

It's good we are using the firewall and it's very good for Splunk. To implement the system depends in most cases your prerequisites. You have to know what you are building in the environment, how many servers you have, how many other devices, restrictions, and routing. It's a different environment depending on how many applications you have.

So the choices depend on what you need most of the time. We assigned a project manager for technical support for planning. I think it cost us six months to have it running. But it could be very different in other situations.

There are a few things about the price. There are several packages but if you want to use it as an enterprise, you have to pay enterprise price. That is the initial price is for the basic enterprise application, but you get charges for volume use, not per user. Initially, we bought 100GB and now we bought 200GB.

Other applications you want to install for additional, integrated functionality costs more. For example, for Splunk they have two modules you need to use it optimally, I think. One is for applications. It's called Splunk Enterprise Security. After that, you will want to purchase another application called Defense. So it's more than one model for pricing. The more you use, the more you pay. It comes with unlimited users and volume discounts.

We worked with McAfee and ArcSight, but Splunk turned out to be better.

From my experience and from the security perspective, I recommend this product for all the people that need good security for investigation. The Splunk team and products are good for those purposes.

The storage gets better priced with the amount you use. The storage is very expensive if you take some of the license options from the company. We won't be using unlimited storage for how much data will be imported from our bandwidth. I think the unlimited license is good because we will use a lot.

On a scale from one to ten when one is the worst and ten is the best, I would rate Splunk User Behavior as a nine. I didn't give them ten because Splunk does not provide something for the professional investigation. There is something that prevents you from using data the way you want to use data for in an investigation. Sometimes with Splunk, we cannot bring the data out in a better form and some users cannot understand it exactly. What I am talking about is options for a more professional investigation, not for normal behaviors. If you want to just look at normal behavior the program will give all you need. But sometimes you need other use cases to see the action.

The solution has two main uses. The primary use is for log management and storage. The secondary use is related to solution log coordination and selection.

Splunk is a very powerful platform. It's a machine data platform, and it can provide several models that use the same appliance and on the same platform, including some business platforms. I do believe when it comes to functionality and ease of use, Splunk is one of the market leaders in this area.

When it comes to quality, I believe Splunk is the easiest platform on the market. It has a lot of subscripts, and a lot of licenses, which can provide the customer with all the requirements they need.

The solution has some predefined use cases that we count on. It's a customizable platform as well, which can be easily customizable based on the customer requirements and the environment itself. 

It provides ease of use. It's straightforward in terms of configuration and troubleshooting and log management and monitoring as well. These are the edge points in addition to it being a modular solution where you can capitalize on your current licenses with extra licensing models, which can match the customer's business requirements. It can help the customer to design or to actually plan their own roadmap. And it can be rolled out in several phases.

The solution is much more expensive than relative competitors like ArcSight or LogRhythm. It makes it hard to sell to customers sometimes.

I would like to see a better tracking intelligence module with lower costs fully integrated with a user behavior analytics module. It would empower this module with the keys and real-time updates in terms of security.

It's stable. I used to deal with other vendors in the UBA such as HP ArcSight, which is a bit more sophisticated and complicated in terms of configuration and in terms of monitoring. Splunk is much easier and very straightforward in terms of configuration and monitoring and customization as well.

There is a question as to how to scale up, especially in the log management area. Customers have their own predefined retention period, which means storing the logs for a long time. It's usually a minimum of six months or in some cases, up to one year. So the scalability has a little bit a limitation or restriction in storage components.

I'm not an end-user, so I'm not supposed to open any end-user cases. However, the team that receives requests from customers and end-users themselves feels comfortable with the level of support they get. They're being provided with answers from a strong technical support team. So I do believe that it's going good. I haven't heard anything about them suffering from any problem of latency or shortage of resources, or a lack of knowledge and so on. I think technical support is fine.

I used to deal with several solutions, like HP or Micro Focus ArcSight, IBM Curator, and LogRhythm.

The solution is relatively expensive. There are costs above the standard licensing as well.

Pricing varies according to the customer's needs and set up. Pricing depends on the licensing model and if the normal log management licensing model or the security plus license. It also depends on the licensing model and the platform required by the customer. It can further depend on if the customer owns a Splunk hardware platform, or if they can host these licenses and subscriptions on their own platform. It can vary depending on the OPEX model and CAPEX model as well. There are a lot of variables that encompass the total cost of the solution.

I believe that Splunk is about 50% more expensive than other solutions.

I'm a system integrator, which provides the solution to end-users and customers.

We handle the on-premises deployment model.

I would recommend the solution because of the ease of use, the simple administration, the good level of support, the predefined use cases, and the predefined user behavior analytics.

I would rate the solution seven out of ten.

We are a cybersecurity vendor and Splunk is the main product that we work with. We are predominantly a Splunk shop. We sell security solutions, so our primary use case for Splunk UBA is security.

This is a good security product.

The price of Splunk UBA is too high.

I have been working with Splunk UBA at this company for the past year.

Everything that Splunk does is great, as far as stability.

Scalability is excellent on all Splunk products that I've dealt with.

The technical support is excellent.

The biggest lesson that I have learned from working with this product is that it is priced high, and you can achieve much of what it does through other methods. That combination makes it hard to sell.

I would rate this solution a nine out of ten.

Four technicians in our company work within the active directory to look for compartmental behaviors associated with users and conduct analytics like clustering, grouping, and searching. 

The solution is fast, flexible, and easy to use. 

I would like improved downward integration with other tools such as McAfee and other GCP solutions. 

I have been using the solution for four years. 

The solution is stable. 

The solution is scalable. 

Technical support is very good and answers my questions. 

The initial setup is easy. 

The solution works very well with large data sets. 

I rate the solution a ten out of ten. 

Our main use of this solution is threat intelligence and we are very satisfied with it, as it is exactly what we need in our situation. 

In the future I would like to see simplified statistics and analytical threats, as well as a more user-friendly interface for dashboards.

I think the solution is very stable.

The solution is definitely scalable, because we currently have 1000 users in our company and we plan to increase.

I am really satisfied with their technical support. The technicians are very professional.

The licensing costs is around 10,000 dollars.

I will rate this product a seven out of ten, and I would definitely recommend it to others.

Splunk has features that no other solutions have. We work in organizations that have a big volume of data. Our primary use case of this solution is for indexing. The best solution that we found that could fit our needs was Splunk.

The most valuable features are the indexing and powerful search features. 

The correlation engine should have persistent and definable rules. Splunk should have more features and options in regards to correlating in real-time. It should have the ability to set more permanent rules.  

Correlation capabilities in ArcSight are better than in Splunk. 

The stability is good. It's reliable and can be used in enterprise environments. 

It is a scalable solution and can support many users. The scalability is another powerful feature of this solution.

We have around ten users using this solution in our company. We also provide this solution to our subsidiary companies so there are more than twenty users.

We are in Iran and are under U.S. sanctions so we can only use online forums for support. We can't use their technical support. 

The initial setup was easy. 

We did the implementation in-house. 

Our licensing costs are on a yearly basis. 

We researched many solutions before choosing Splunk like LogRhythm, ELK, and FortiSIEM.

After more than three years of using this solution, I would recommend this solution, especially for environments that have a big volume of data. I would rate this solution a nine out of ten. It is a really great product.