I am using Splunk Enterprise version.

I have been using Splunk Enterprise Security solutions for almost the last five years.

The integration and plugin availability are nice. The AI module is also great.

The most challenge was identifying the problems within the infra. I think it's quite short when we compare to others. The reporting on Splunk is much faster than other solutions.

View full review »

The query functionality is very easy to use and fast to retrieve logs in comparison to other SIEM solutions. While the visual interface may not be as polished as some other SIEM products, the speed of usability is exceptional.

Graphically, the interface could be improved. However, the usability is better than other SIEM solutions, in my honest opinion.

We integrate many solutions into Splunk Enterprise Security, including Qualys, CrowdStrike, and other security solutions that we have on the perimeter. We develop use cases based on data that comes from these other solutions.

We have experienced some problems, but with the help of support, we have been able to fix them in most cases. Personally, I am satisfied with Splunk Enterprise Security integration. Splunk Enterprise Security has many out-of-the-box connectors or add-ons created directly by Splunk or by vendors such as CrowdStrike or other platforms. Splunk Enterprise Security's app store contains a lot of integration options and the community is always very helpful for troubleshooting problems that we may have.

View full review »

The most valuable features of Splunk Enterprise Security are the main component, which is the correlation engine that can specify detailed conditions such as how many events there need to be, what notification I will get, and if I get it per event or one per batch. 

There is also throttling; in basic Splunk, there is no throttling at all. In Splunk Enterprise Security, there is an additional layer of control of these alerts. I appreciate the correlations and the alerts in that product.

The asset management is particularly useful. We can enable asset lookups to show in every event. We define one, and it will translate to all events, allowing asset management to be easy. 

Splunk Enterprise Security helps to reduce alert volume because the language is similar to SQL with Google-style functionality above it. We can use these terms to specify what is in the allow list. We can specify what's in lookups, what should be there, and what's not. It definitely helps to reduce the numbers of full score.

Splunk Enterprise Security helps to speed up security investigations. When the finding is created, there are many correlations. You can quickly see what asset it is, what identity is involved, and you see the historical progress of what happened. Right from the findings, you can call VirusTotal and other resources, which is definitely helping.

I assess Splunk Enterprise Security's insider threat detection capabilities for helping to find unknown threats and anomalous user behavior as great. It regularly checks new events through the correlation search and compares them with threat intelligence. The threat intelligence is refreshed regularly, downloading new threat information. Splunk has a special research team for security content and intelligence, which distributes its own threat list to Splunk Enterprise Security.

It's great for finding anonymous threats. It checks new events and also works with the latest threat intelligence. At least once a day, it develops new threat information. In Splunk, there is a special research team. They are also distributing their own threat lists. The solution is capable of very good threat detection.

In basic SPL, with the Splunk query language, we can detect brute force without threats. It scans every event, and if it finds patterns, IOCs, it can trigger notable events, which are now called findings. The new version includes an internal Git repository, so when the SOC team makes improvements to the correlation search and makes changes, it automatically keeps a history of that correlation search, what was changed, when, by whom, and you can revert if it breaks.

The value that Splunk Enterprise Security offers in resilience is vital. It helps customers distributing gas across the Slovak Republic, ensuring that critical infrastructure, such as operational pipelines, are running. If there were an outage that delayed recovery, the economic impact could be significant. 

It's good for analyzing malicious activities and detecting breaches. The interface sometimes can be very essential.  

Splunk has helped us reduce alert volume. We can use terms to specify what is whitelisted and we can search like we would on Google. 

We've been able to speed up security investigations. We a finding is created, there are many correlations. You can quickly see the asset, the identity involved, the history, et cetera. 

View full review »

The two features I appreciate the most in Splunk Enterprise Security are the built-in searches, which have been very easy for us to get started with right out of the box, and the fact that it accesses all of our other systems. You can access it as a pane of glass rather than having to search individually. 

We also have the option to compare our analysts from our service to service. Splunk Enterprise Security helps our SOC team prioritize and investigate high-fidelity alerts more effectively by providing a more in-depth look and the ability to access a lot more of our data. Instead of jumping from several segmented systems, it allows us to have everything brought together in one place.

For example, you have to move from our purview to our build system and to Splunk Enterprise Security, and it enables us to streamline that process. The built-in features of Splunk Enterprise Security, which we recently procured, have given us a good starting point and demonstrated the value of the product, providing an easy way to sell it to our company. 

The ease of getting everything into our purview helps us, and it serves as a good start for the investigation part in one location rather than what we usually have, which is jumping from system to system to system.

Splunk Enterprise Security plays a role in our company's strategy to combat insider threats and advanced persistent threats by currently being in its technical test phase. We are still rolling it out, and it should help us find any insider threats based on information that our policy states should not be present in our system.

Splunk Enterprise Security's risk-based alerting (RBA) has impacted our alert volume and analyst productivity because we've got many different systems feeding into it. However, it has helped to make it easier for our analysts to go through a set of events rather than 100 alerts. RBA allows us to streamline the process and customize it for our analysts.

When it comes to leveraging Splunk Enterprise Security's dashboards and visualizations to communicate security posture to executives, it's pretty straightforward for any type of information. The visualization is easy to understand, but I haven't had any direct conversations with our executives.

View full review »

The specific features I find the most valuable in Splunk Enterprise Security include the amazing UI and good integrations, and I can say this from a practitioner standpoint. 

It is just comfortable. Splunk Enterprise Security is easy to use for an analyst, and the whole analyst experience is great; it is pretty insane. It is honestly very addicting. 

As I told my fellow colleagues, they love using Splunk Enterprise Security. Once you go to any other platform, it is similar to going through withdrawal sometimes. You have to set up use cases, update data models, and link the right use cases to the right data models for those detections to happen. 

In terms of challenges, there are none; Splunk Enterprise Security is one of the best vendors in the security analytics space.

Splunk Enterprise Security has implemented improvements that may help reduce false positives, as it has some amazing features that go underutilized, such as the machine learning toolkit. The gap in skill set within the SOC environment is the reason for this underutilization.

Splunk has some amazing features we are not utilizing. For example, ML. I have not specifically utilized AI-driven security initiatives or machine learning within Splunk Enterprise Security; even the ML toolkit is not related to advanced AI components. It operates more an advanced SQL query based on existing data trends without offering out-of-the-box advanced ML capabilities to provide significant value.

The dashboards for some default use cases are provided. Similarly, default dashboards and reports are provided. You can pivot off of these and drill down on your investigations. The Splunk query language is definitely very easy to understand and use on a regular basis. The learning curve is also very low. So, from a practitioner standpoint, you're not going to face so much struggle in learning the Splunk query language. In fact, for other solutions, you might need AI capabilities to translate natural language. 

Additionally, Splunk Enterprise Security claims to reduce data storage to a certain extent. I'm not sure if that's the case, however, I have heard that that was the case.

Lookup tables are very useful in Splunk. 

View full review »

From my perspective, the room for improvement in Splunk Enterprise Security is about the number of inbuilt correlation rules that they would generate. Splunk Enterprise Security comes with some native rules and correlation searches. I guess there is an opportunity for Splunk to do even better there.

View full review »

If you want to use some of the out-of-the-box and more guided features, you have that, and if it meets your team's needs, that's great. If you also want to start to grow and mature beyond those out-of-the-box capabilities, it gives you this wide-open road to be able to create and develop your own applications, response capabilities, and detection capabilities, where your limitations are really only your imagination and what your team's able to accomplish. This is something powerful with Splunk that other vendors aren't replicating.

View full review »

The features I appreciate the most are the content. I use the content, enable, and see how that works. They give me ideas on how to tune something or determine if that use case is proper for us, or I can take the idea of that use case and customize it based on our needs. 

Splunk Enterprise Security has helped improve my organization's business resilience.

I do use disparate security solutions that integrate or import data into Splunk Enterprise Security. The integration of these solutions supports our security operations. That's the part I work on with the architect. I'm not fully familiar with that, but when we talk, he mentions those integrations and that seems to be good from that perspective because we are separate. We have separation of duty between the architect, security engineer, and analyst.

I find the process for customizing, developing, testing, deploying, and refining detections in Splunk Enterprise Security to be good. My organization uses risk-based alerting in Splunk Enterprise Security for three or four use cases. We have one active for user, cloud users, with data from Microsoft 365. We elevate the risk of users based on behavior and conditional access. It gives us visibility of which users are at real risk based on the configuration we have.

My security ops team takes around 30 minutes to one hour to remediate security incidents with Splunk Enterprise Security compared to a previous solution. They previously did everything manually with the last solution, opening tickets manually and jumping between platforms, the ITSM platform, the same platform. Now with Splunk Enterprise Security, we have everything in one place. The notables are created automatically, but they can also create their own notables based on the investigation. That improved and reduced about 50% of the manual work that was done before versus what we are doing now.

View full review »

We did use risk-based alerting in Splunk Enterprise Security. We had to refine the data model based on the initial risk-based alerting model as, when we fed it raw data, the data models built, and there were many endpoints and network devices that had a high-risk score just because the data was new. Those risk scores carried over with weights, so we had to go back in and cleanse the risk score model and rebuild it once we had good data and logs going into the ES platform.

View full review »

As a DLP Engineer and Assistant Vice President at a US bank with about 50,000+ employees, I manage the Data Loss Prevention tool, configurations, and deployments. We work across the globe in multiple regions and work on multiple different kinds of tools. Splunk Enterprise Security is leveraged quite heavily to support our DLP functions by creating SPLs for our DLP operations. We also create dashboards and reports that are required, where Splunk Enterprise Security is the single point of connection that allows us to send all the logs across and use the data as we need and see fit.

Due to my role, I have limitations on what I can do in Splunk Enterprise Security, yet for whatever access I have, it's been a very useful tool for detections and investigations. From a DLP standpoint, we look into enabling blocking, and we want to make sure that we are looking into what's happening there and how many people would be affected. Splunk Enterprise Security gives us access to that data, while the DLP platforms themselves provide data too, however, Splunk Enterprise Security's integrations with various inputs from identity and asset management create a single point for all information.

I appreciate the statistics feature of Splunk Enterprise Security since it helps showcase numbers to management. While we can share a long spreadsheet, that's not a good way of sharing data. Although we still share spreadsheets, having statistics, visualizations, and dashboards to showcase security benefits is much more effective.

Any new tooling we bring in and adding that data set helps create much richer data. Different integrations enhance our ability to find the right context for threat analysis and insider threat analysis.

I don't have any metrics regarding how Splunk Enterprise Security has helped reduce our team's average mean time to detect. However, I can think of the practical aspect: we have four different tools with their alerts. When we go into each of those tools, we can see what a user has done. With Splunk Enterprise Security, we can just pop in an SPL, search for the user, and find all the details from different sources in one spot, making it much easier to dive into investigations.

View full review »

The features of Splunk Enterprise Security that I appreciate the most include the SPL search. It allows me to get all the data I need, make it beautiful, show it to my boss, and show it to less technical people. It's easy to display the data.

When we have a major incident, we need to move fast and answer quickly. Also, we need to inform non-technical people, so it's easier to show them.

Instead of showing them a raw log that's ugly and hard to read, we can show them a very concise point such as 'This insider threat with this IP address accesses this system,' and pivot wherever needed. It's really useful for data presentation.

Dealing with incidents depends on the type of incident; a major incident can take a few months, while a smaller incident can take from five minutes to five hours. We use Splunk SOAR, and we're starting to use that in Splunk Enterprise Security to automate our response. It's made my life easier because repetitive tasks can be automated with a playbook, and everything gets done in the background without manual triage.

Splunk Enterprise Security helps improve my business's resilience by protecting our enterprise. Every time there's something not working, it's our central log space. Every incident and everything that's not working is in Splunk. The factors that led to adding Splunk involve our relationship with the sales team and our technical contact. We have a very good relationship with them, which helps considerably.

The integration of these security solutions supports my security operations by providing us with better visibility into various types of endpoints. We have custom detections that we make on Splunk, and we also integrate Microsoft Defender alerts into Splunk. I have one place to investigate them all instead of going from product to product.

View full review »

The features of Splunk Enterprise Security that I find most valuable include Mission Control, which I really appreciate, the way accelerated data functions, making it really fast to see, the integration with SOAR, which is something really cool and integrates with automated processes, and the way to ingest threat intelligence feeds, which is an amazing feature as well.

Splunk Enterprise Security has helped improve my organization's business resilience, as we were able to detect an attack that was happening after hours and prevent it thanks to the detections. We stopped it immediately in a matter of about 30 minutes. Splunk Enterprise Security has improved my ability to predict, identify, and solve problems in real-time; it's not just proactive, but also really predictive. My organization uses Risk-Based Alerting in Splunk Enterprise Security, which speeds up our process to detect and our mean time to respond. It's very helpful, and after we improved the configurations, we have RBA working fine, something that will always be maintained; it may not be perfect, but we do our best to maintain it.

On average, my security ops team takes less than five minutes to remediate security incidents with Splunk Enterprise Security compared to our previous solution, which used to take hours because we needed to see different sites. We are using new threat detection features in Splunk Enterprise Security by ingesting a lot of threat intelligence feeds from our main vendor, which has significantly improved the indicator of compromise, the IOCs detections. We also use Sigma detections and adapt to Splunk.

View full review »

The Mission Control feature of Splunk Enterprise Security benefits my organization by providing quick alerts, making it easy for the SOC team to navigate events and find threats quickly.

I use disparate security solutions that integrate or import data into Splunk Enterprise Security. This integration supports our security operations effectively because we work with different tools, and Splunk apps support many integrations, so we don't need to write custom ones; it's available by default.

It has supported our SOC by improving it; in looking through many alerts, we can look at only the critical alerts, and the number of alerts investigated by SOC has changed drastically. Currently, my security ops team remediates security incidents with Splunk Enterprise Security within 45 minutes compared to our previous solution.

I would be using Detection Studio, which is one of the new threat detection features in Splunk Enterprise Security that I'm interested in. Splunk Enterprise Security has definitely helped improve my organization's business resilience; it has helped us to pass our SOC 2 audit, and we have good monitoring about security alerts and threats happening.

I assess Splunk's ability to predict, identify, and solve problems in real time as very good.

View full review »

The most valuable features of Splunk Enterprise Security are several add-ons and TAs, while the lack of a DB requirement is a significant advantage for the business, allowing easier management without needing in-depth DB knowledge. I find that Splunk Enterprise Security's ability to import data from various sources, including looking up Excel files, is quite effective, providing a good way for management.

We import data from several unique data sources into Splunk Enterprise Security, possibly more than a hundred because we have AWS and multiple servers. We have disparate security solutions that integrate data into Splunk Enterprise Security. I can still query data in Splunk Enterprise Security regardless of where it resides, and in my perspective, the query provides data quickly.

Splunk Enterprise Security has improved our organization's ability to ingest and normalize data compared to before using Splunk Enterprise Security. The unified platform helps consolidate networking, security, and IT observability tools, which is very relevant to our internal needs. Using Splunk Enterprise Security, our focus was not on reducing alert volume but on properly finding and handling alerts; we've managed to capture 100% of them effectively.

Splunk Enterprise Security provides the relevant context to help guide investigations by allowing us to share application logs and details with clients efficiently. We utilize out-of-the-box detections in Splunk Enterprise Security, and we have created dashboards that add value to our monitoring efforts. Customizing, developing, testing, deploying, and refining detections in Splunk Enterprise Security is easy; it has been a good experience without significant difficulties.

We upgraded to Splunk Enterprise Security from version 8.0.4 to 9.0.6, and also from 8.1.4 to 9.0.6; it worked well with the support we received from the team, and it has proven to be very useful. Splunk Enterprise Security provides the foundation for unified threat detection, investigation, and response, enabling fast identification of critical issues.

View full review »

Business resilience is valuable, though I am not completely certain about Splunk Enterprise Security in that regard. Visibility would be considered a valuable feature. The more I think about it, business resilience is probably valuable as well. View full review »

The biggest advantage I can see in Splunk Enterprise Security is the big data analytics. The simple search query with faster responding results is also appealing. My team handles large volumes of cybersecurity data. To be able to search against such a big amount of data with efficiency is the key driver for my team to do threat detection and data analytics.

View full review »

The features of Splunk Enterprise Security that I enjoy the most include reporting, dashboards, and RBA. These features have benefited my organization since the dashboards and reports help us review security alerts and events in a timely manner. The RBA is what we are currently working on to develop and have some early detection on security alerts and notifications.

Currently, I am using disparate security solutions that integrate or import data into Splunk Enterprise Security. This integration supports my security operations by providing some visibility into security. Yet we have many basic issues where we need to fix the log sources, integration, and quality of the content that's going into Splunk Enterprise Security.

I find the process for customizing, developing, testing, deploying, and refining detections in Splunk Enterprise Security quite basic. We don't have any sophisticated process. We have contractors and MSSP who are timely filling those gaps, going through the rule review process, going through regular security testing, and prioritizing what is more important as an organization.

View full review »

The features of Splunk Enterprise Security that I find most valuable are the correlation and correlation data. These features have benefited my organization through the model of investigation, correlating with correlation alerts, and integration with other tools, which is a good point.

In my experience with other tools in previous jobs, the time is reduced by around 70% compared to the previous tool.

My impressions of Splunk's ability to predict, identify, and solve problems in real time are positive. There are points to consider when enriching the data with these kinds of inputs. It is a good opportunity for companies trying to start with this environment, though it might be a challenge for those who have been using it for a long time since it requires identifying the context and use cases.

View full review »

The features of Splunk Enterprise Security that I value most are the correlation searches, being able to bring multiple things together and to have one result to look at in a single pane of glass. 

View full review »

I really appreciate the all-integrated SIEM feature of Splunk Enterprise Security, which serves as a one-stop shop to get all security tasks done. It actually helps us by not having to develop all the use cases ourselves, providing an integrated product that has everything in one place. 

It has integrated threat intelligence and an integrated use case library, so it requires only one installation and configuration. This specifically benefits my organization by reducing the implementation time at our customers, getting faster time to value with a better turnover rate for our customers.

We are using disparate security solutions that integrate or import data into Splunk Enterprise Security. We are implementing all data sources that are somehow possible, so there's no limitation to that.

The process for customizing, developing, testing, deploying, and refining detections in Splunk Enterprise Security is pretty straightforward. Developing our own solutions is pretty good, and even though we are using the Security Essentials and the Enterprise Security content libraries, that's a very good way to progress.

View full review »

I really love the identity and asset lookups, being able to pull that identity data in and be able to enrich our alerts that are going through. Finding next-level managers, locations, and being able to build out a bigger story for our analyst as they receive these alerts is a huge functionality that I personally love the most.

The identity lookups have definitely benefited our company because it takes that guesswork of looking in other utilities and brings that live data of who our employees are, what their job titles are, and be able to build out the story of what's going on. If we have someone who works as a data analyst accessing sales data, sales information, that's a huge red flag for us so we're able to make an intelligent decision and respond faster by having that data available.

Splunk RBA or risk-based alerting definitely made our lives a lot easier. We went from hundreds of alerts having to be triaged a day, that generally could be false positives or just noise, and bubble them into one overall alert that we can look at on a per-day basis and see what's rising to the top and respond faster, have a higher rate of true positives and find evil a lot quicker.

Splunk Enterprise Security helps us look at high-fidelity alerts a lot quicker because we're using RBA. It's taking the sum of those small alerts that would be generally noise, combining them into a larger picture, boiling them up to the top and letting our analysts then focus on those, which generally have been the true positives of those malicious actors who are impersonating users or accessing through our network and be able to respond a lot quicker.

View full review »

I never liked Splunk Enterprise Security much until the new version, and now that they've ramped up RBA and made changes in version eight, I prefer it much better. 

Splunk Enterprise Security streamlines the creation of what they call notables, which takes a lot of the effort that we would have to put into creating our own solution off the table and does it for us.

We haven't made the newspaper yet, so Splunk Enterprise Security is doing its job. That integration supports my security operations very efficiently, or we wouldn't use it. I find the process for customizing, developing, testing, deploying, and refining detections in Splunk Enterprise Security effective. That's my bread and butter.

My organization uses risk-based alerting in Splunk Enterprise Security. The SOC is still in the development and testing phase for RBA, so they're not seeing any risk-based alerting yet. Within the next week or two, they should start seeing it.

I have no idea how long on average my SecOps team takes to remediate security incidents with Splunk Enterprise Security. I am not using any new threat detection features in Splunk Enterprise Security since we write our own correlation searches from scratch.

Regarding Splunk's ability to predict, identify, and solve problems in real-time: prediction capabilities are not present at all, identification is pretty good, and resolution is effective. It's a good tool. We've got really amazing people behind it, using it, and although there are only four of us behind it, we've got really amazing people using it.

View full review »

The features of Splunk Enterprise Security that I prefer most are the correlation engine and the common information model, basically the aggregation of data. It's usually designed to take all the data, normalize it into a flat schema, so you can then see patterns more easily. That's the significant aspect.

View full review »

The features I appreciate the most in Splunk Enterprise Security are the scheduled alerts and the search function. 

The other SIEMs were more menu-driven, similar to Yahoo in the past. With Yahoo, you would navigate to find restaurants in San Francisco. Splunk Enterprise Security operates more with a 'tell us what you want and we'll find it' approach versus directing users to look in specific directions. It is very hunt-friendly. 

We are able to prevent breaches with Splunk Enterprise Security. 

Integration supports our security operations since our analysts operate within Splunk.

View full review »

The feature I appreciate the most about Splunk Enterprise Security is the CIM data model, which allows users to bring in data from different technologies, such as firewalls, endpoints, and perimeter DMZs, enabling every device to pump data into Splunk Enterprise Security, with the data model normalizing all the data and placing it in a common plane.

The main benefit of Splunk Enterprise Security features is the increased visibility of our data itself since we can pump in all the data from every security device within our enterprise, providing comprehensive visibility in a single pane of glass without needing to check every tool for individual alerts, allowing us to identify outliers and anomalies easily and build detection rules across multiple technologies.

Splunk Enterprise Security's risk-based alerting has been a game-changer for us. Previously, we were flooded with many alerts, leading to alert fatigue; now, risk-based alerting adds intelligence to alerts by considering behavioral or internal asset-based criteria, effectively helping us prioritize alerts and filtering out noise that can be ignored.

When it comes to leveraging Splunk Enterprise Security's dashboards and visualizations, we struggle to communicate our security posture effectively to leaders such as the CISO, yet Splunk Enterprise Security provides the ability to create tailored reports from generated data using correlations, macros, and specific metrics such as MTTR or MTTD, allowing us to convert this into strategic or tactical-level reports sent directly to the CISO for situational awareness.

Splunk Enterprise Security assists our SOC team in prioritizing and investigating high-fidelity alerts effectively after we triage and identify them; there are various ways to dig deeper, either by building search queries that expand the scope to other data sources or using adaptive response actions to gather additional context, aggregating everything inside Enterprise Security for a comprehensive investigation.

View full review »

As an administrator, I mainly ensure other people can use the system effectively rather than using it extensively myself. 

My impressions of Splunk's ability to predict, identify, and solve problems in real time are solid. I definitely notice when it makes predictions and helps with what we're trying to find in general. The ability to identify risks as they come in is quite good.

The integration of disparate security solutions supports our security operations by providing multiple methods to handle things. We have 21 lines of business with different Splunk pods, each requiring different solutions.

Personally, the integration creates some challenges, particularly when trying to standardize processes and migrate to Splunk Cloud. Managing different Splunk pods on-premises and separate stacks leads to confusion and time inefficiencies.

The process for customizing, developing, testing, deploying, and refining detections in Splunk Enterprise Security works adequately. While I don't write the detections myself, I work closely with those who do, and it doesn't seem to be an issue.

Our Security Ops team's incident remediation time has improved significantly. Previously, it took approximately 11 hours, but now it takes a few hours, though we're still working to reduce this time further through our migration to Splunk Cloud.

View full review »

The features of Splunk Enterprise Security provide a standardized platform for investigating.

The content libraries are helpful. In our organization, we don't use them a lot. We will use them as ideas and rebuild them into what our needs are.

It's standardized and easy to use, so you don't have to have a lot of top-tier analysts to do the same job.

The investigations plane and use case library have been beneficial.

We utilize Splunk Enterprise Security for our fraud team using pure ES. We use all the fraud features, and that's been incredibly helpful.

The detection rate and prevention rate has gone up 30 times compared to when they were working on a spreadsheet. The fraud team loves it.

Once we move over to 8.2, we're going to utilize more of the built-in features.

I appreciate the visual control and the investigations plane, though that will be a major migration for us.

View full review »

The best feature of Splunk Enterprise Security is the documentation. Splunk Enterprise Security's documentation is well-organized. For example, if you have a problem or if you want to read about what you're looking for, you can easily go there and read from the documentation. It also has many resources worldwide. It is a de facto standard of the SIEM solutions. For example, I have used IBM QRadar, which is another solution many companies are using.

One of the most beneficial use cases for me is that Splunk Enterprise Security is fast. I cannot speak to how the SIEMs work in the backend, but I can say it is fast to find any logs. 

Its UX and UI experience is getting better. It is much better than one year ago. Some of the buttons and other features are much easier to locate and choose. The user interactions are much better than one year ago. The advanced queries are much faster. The UI design is much better. That is one of the best changes that happened in one year.

View full review »

Splunk Enterprise Security's most valuable features are its stability and the robust Splunk Search Processing Language, allowing extensive customization and analysis capabilities.

View full review »

The features of Splunk Enterprise Security that I most appreciate are CIM, the data model, the search capabilities, and the investigation feature embedded into Splunk version 8.

The investigation feature helps the team seamlessly put everything together, providing a consistent view of all relevant artifacts for incidents.

Splunk's ability to predict, identify, and solve problems in real-time is exceptional due to its ease of data ingestion and comprehensive search capabilities with various options.

I find the process for customizing, developing, testing, deploying, and refining detections in Splunk Enterprise Security to be excellent, especially with the new Mission Control included in Splunk Cloud version 8. It is really easy to use.

We are sending data directly to Splunk Cloud without any broker or pipeline in between. Our organization does not use risk-based alerting in Splunk Enterprise Security yet, and our SecOps team has not measured incident remediation times compared to our previous solution.

I would advise other organizations considering Splunk Enterprise Security to check their business case, considering the number of systems and amount of data to determine if it is the right tool in terms of the licensing model. If they decide to implement Splunk Enterprise Security, getting professional support is crucial.

One of our decision drivers was the customer support, which we found to be very responsive based on feedback from other customers. Additionally, the ability to extend the license for IT-related topics provides flexibility to leverage the platform across all departments, not just security - a unique feature compared to other SIEM tools.

View full review »

I can create dashboards to collect and view information in a tabular, graphical format. This feature is important because it helps me understand time-series data over one or two hours. It creates graphs, allowing us to check spikes and examine average values and 90th and 95th percentile values. This capability is useful for performance monitoring and issue identification. I believe it has helped speed up security investigations.

View full review »

The ability to create SPLs in Splunk Enterprise Security is my favorite feature. These features benefit my organization primarily through threat detection, which I use for, so that's a huge benefit. Splunk Enterprise Security has absolutely helped improve my organization's business resilience.

View full review »

The features of Splunk Enterprise Security that I have found most valuable include the risk-based score and UBA/UEBA, user behavior analytics, or user and entity behavior analytics. Based on this feature, we can identify anomalies in any activity from the user or device. 

It serves as a single pane of glass for all the security-related events. It helps cross-correlate with minimal manual intervention, detect true positives, and take remediation steps in an orchestrated manner. It is very efficient. It's a top solution in Gartner Quadrants and Datamatics.

View full review »

With the Classic flavor we have in our company, the feature that I find good in Splunk Enterprise Security is from the MITRE coverage point of view, and then the level of information that it provides. The integration with its own SOAR platform is also one of the pros.

View full review »

The features of Splunk Enterprise Security that I appreciate the most are its flexibility and scalability. 

I use disparate security solutions that integrate or import data into Splunk Enterprise Security. This integration supports my security operations, as one of the biggest advantages is that Splunk Enterprise Security comes with many apps and applications out of the box through Splunkbase, and there's essentially a connector available for any log source imaginable.

I find the process of customizing, developing, testing, deploying, and refining detections in Splunk Enterprise Security pretty straightforward overall. There's a lot of out-of-box content that can be leveraged and many features available to ensure all configurations are working as expected.

My organization uses risk-based alerting in Splunk Enterprise Security. It supports our SOC by significantly reducing the alert count and allowing analysts to focus on what matters most.

My SecOp team's remediation time for security incidents with Splunk Enterprise Security is definitely faster than other solutions.

I am utilizing new threat detection features in Splunk Enterprise Security, specifically the Assets and Identity Framework and risk-based alerting. These features have improved efficiency and helped reduce false positive counts.

Splunk Enterprise Security has helped improve my organization's business resilience. The flexible pricing models allow us to pick and choose, and I can easily see how different business units are consuming Splunk Enterprise Security, thereby distributing the cost within the organization.

I have recently expanded my usage, and the process was smooth.

View full review »

The notable feature of Splunk Enterprise Security, which in version 8 is going to be called "findings," is the ability to send notables, and all the actions that can be chained with the notable when you actually have a hit or a finding.

The ability to quickly automate detections based on alerts or intelligence that we operationalize in the environment benefits my company, as we get that alert sent to the appropriate parties and put in front of the analysts quickly, allowing for triage and the ability to group the alerts together instead of just always looking at a single finding.

View full review »

I appreciate the Identity and Assets framework the most, as well as the threat analysis framework. Those are my two favorites in Splunk Enterprise Security, along with correlation searches and the entire incident response workflow.

The Risk-Based Alerting in Splunk Enterprise Security is a great addition to our team, as it correlates data from different sources and adds scores to users or systems, allowing us to make decisions based on risk scores assigned to assets or identities.

Splunk Enterprise Security dashboards communicate our security posture and risk score to executives, including major contributing risk factors, key performance indicators (KPIs), and key risk indicators, which help us make informed decisions about future focus areas.

Splunk Enterprise Security helps our team save time by performing correlation searches automatically, eliminating the need for manual searches. We also utilize SOAR for taking automated remediation responses.

View full review »

The feature I appreciate the most in Splunk Enterprise Security is the case management, although I have more critiques for the case management than favorite features. Having case management in Splunk Enterprise Security is something I appreciate since we needed a way to centrally manage all of our incidents. 

Having case management in Splunk Enterprise Security has really benefited our organization.

View full review »

The best features of Splunk Enterprise Security are the correlation rules and automation over the correlation rules. We can trigger alerts and notifications. The alerting and notification mechanism is really powerful and good. 

View full review »

The features of Splunk Enterprise Security that I prefer the most are risk-based alerting, the new Mission Control, and the integrations that are coming into place between Mission Control and Splunk SOAR.

View full review »

The features I appreciate most about Splunk Enterprise Security are the different domains they have and the intelligence that comes along with each of those dashboards, being that single pane of glass for analysts to go in and look at. Splunk Enterprise Security has helped improve my organization's business resilience.

We use Cribl to pull data in and get it optimized before it hits Splunk Enterprise Security as far as collection. I have not done much customizing, developing, testing, deploying, and refining detections in Splunk Enterprise Security yet; we started off with just getting data in, and now we are at the point where we are starting to look at detections.

In Splunk Enterprise Security, I do not use risk-based alerting as much as we should. That goes back to the whole time issue, as we need to teach people what to do with it and how to tune them, and we do not have enough time in the day.

View full review »

One of the features of Splunk Enterprise Security that I really enjoy is the ability to have the scalability of the product and the moldability that's really customized to meet our specific needs. 

The flexibility of Splunk Enterprise Security is beneficial, and that feature, while a broad statement, is crucial in itself, as it allows us to design our own environments with the flexibility and malleability needed to function effectively.

Splunk Enterprise Security's Risk-Based Alerting or RBA has been really amazing. We're still new at it, however, it's definitely nice to be able to have those results at your fingertips instead of having to search what you need to.

Using Splunk Enterprise Security's dashboards to communicate security posture to executives is probably one of the nicest things that Splunk offers. Not everyone is as skilled with the inner workings of the system as we are in my industry, so being able to put a visualization on there is critical.

The ability of Splunk Enterprise Security to ingest data has been amazing for our threat detection. Combating insider threats and advanced persistent threats is an amazing feature of Splunk Enterprise Security, and it gives us the visibility that we need for those detections that other software doesn't have.

The stability and reliability of Splunk Enterprise Security is outstanding. It's a software and product that anybody can really pick up and use.

View full review »

The feature I appreciate the most in Splunk Enterprise Security is RBA. These features in Splunk Enterprise Security help my organization contextualize security alerts and put them in a framework that makes sense for our customers.

My organization uses risk-based alerting in Splunk Enterprise Security. Risk-based alerting in Splunk Enterprise Security supports my SOC by giving me a holistic view of what's happening and prioritizing alerts based on various risk factors that are important to me.

The most significant challenges I face when using Splunk Enterprise Security for advanced threat detection are zero-day events. I use disparate security solutions that integrate or import data into Splunk Enterprise Security. This integration supports my security operations by giving me a holistic view of what's happening in my environment. I find the process of customizing, developing, testing, deploying, and refining detections in Splunk Enterprise Security easier than other platforms.

On average, my security ops team takes fairly quickly to remediate security incidents with Splunk Enterprise Security, depending on the use case, minutes versus hours, compared to my previous solution, which was ArcSight.

Splunk Enterprise Security has helped improve my organization's business resilience.

My impressions of Splunk Enterprise Security's ability to predict, identify, and solve problems are good. I would say to other organizations considering Splunk Enterprise Security to solve your data challenges first and focus on data quality, and then everything else will work with your infrastructure.

View full review »

I appreciate the ability of Splunk Enterprise Security to tap into various network equipment and services on the network to pull it all into one place. That's my favorite feature.

The feature I've mentioned helps us in responding to incidents and disasters and different technical situations by being able to pull data from various sources and analyze it and take action.

Splunk Enterprise Security's Risk-Based Alerting, or RBA, has enabled us to prioritize and focus on the most critical threats and issues, while blocking out some of the noise and various information that can come from all these different sources.

Splunk Enterprise Security helps my SOC team prioritize and investigate high-fidelity alerts more effectively by enabling us to quickly gather information, collaborate, and provide various teams with access to the same information, allowing them to follow the workflow to complete the task.

Splunk Enterprise Security's ability to ingest and normalize data from diverse sources has enhanced our threat detection capabilities by making us aware of what's going on in the world, relating to our use cases and our threat tolerance, as we constantly pull in that information and brief everyone who has a stake.

View full review »

The feature I appreciate the most about Splunk Enterprise Security is the dashboard. It has supported my SOC by making their job easier regarding notifications. It also reduces the time they have to spend using other tools to help them out, cutting down on their workload.

When it comes to incidents, we are able to detect, monitor, and handle incidents that come in. We can take those incidents and correlate them to other tools that we use. It serves as our single pane of focus.

Our security ops team's remediation time with Splunk Enterprise Security is measured in minutes. One notable improvement has been the maturation of our SOC, which now features a single pane of glass for incident viewing.

View full review »

Splunk Enterprise Security has helped mainly when it comes down to the data science part. If you have a strong data science background, it is easy to detect anomalies. Some of the toolkits that are deployed with Splunk Enterprise Security and ML Toolkit allow you to do a lot more upfront than you typically would be able to do.

Splunk Enterprise Security has helped to improve the ability to ingest and normalize data.

The impressions of Splunk Enterprise Security's ability to identify and solve problems in close to real-time are that the different ingest methods that it provides are critical to finding out and looking at the breadth of data that comes in through machine data. In some parts, some people call them logs, some people call them metrics, some people call it telemetry. Having an aggregator at the ingest level like Splunk is amazing because it does not matter what you want to send, you can send it. It does not need to be in a particular format. A lot of the data brought in is not log data, it is programmatic from APIs and customer activity and things that need to be looked at as a whole picture. So when it comes to security, to be able to look at that in real-time requires compute and less structure because you need to be able to see there are payloads coming in that are typically not in this correct format, and the tool should not miss that because fields are not necessary. Splunk's ability to do schema on search is immensely powerful and that does aid in the ability to get results faster.

Threat topology and the MITRE ATT&CK framework features for helping discover the overall scope of an incident in Splunk Enterprise Security are pretty good. In this particular discipline when it comes to security, applying knowledge and then having a tool support that knowledge and drive forward, the integration paths of those particular types of things are very helpful. The more data that you bring in across your topology, if you will — network, user activity, user behavior activity, authentication, and application errors — you get this full landscape that you can see. With that, if a type of MITRE ATT&CK comes along and you understand what it is, you can see where the attack entry point was, the activity that was performed, and then start the incident response.

View full review »

It is highly customizable, which is a significant advantage. It requires substantial customization and tailoring to particular organization requirements, meaning that out of the box, most features would need configuration.

View full review »

The best features I've experienced over the past six years with Splunk Enterprise Security are the ability to create use cases and the flexibility to customize searches and use cases based on our specific requirements. 

It's user-friendly. You don't need to be an expert to create a use case. Even a basic understanding will allow you to do the work. There are lots of knowledge articles as well. 

From a visibility perspective, the solution has significantly improved our organization by providing a single platform to visualize our entire IT landscape. This has also enhanced our security posture by enabling us to view all logs.

We do connect with a Splunk representative on a monthly basis. They can proactively provide us with solutions. 

View full review »

The features I find most valuable in Splunk Enterprise Security are Incident Review, Security Essentials, Asset and Identity Management, and Machine Learning Toolkit. 

We are enriching data from Asset and Identity Management, and we have more data for our incident response and investigation with Splunk Enterprise Security when we need more data to investigate.

I use disparate security solutions that integrate or import data into Splunk Enterprise Security. The integration currently supports my security operations as it's now on a POC, however, it's not in production right now. 

I have expanded usage, and that process was very smooth. I assess the stability and reliability of Splunk Enterprise Security as very good.

View full review »

I appreciate the integrations with the SOAR architectures and the expandability that can be used throughout the entire ecosystem of Splunk Enterprise Security. They've improved my threat detection capabilities.

View full review »

They have approximately 50,000 predefined correlation rules, which is quite a lot, and I find that good.

View full review »

I have experience with Palo Alto, Cisco, and Fortinet products. Splunk Enterprise Security is more dedicated to logs, not a unified product like Palo Alto. Palo Alto Cortex has the same UI across Cortex EDR and Cortex XSIAM, so all the product family is in one UI, whereas Splunk Enterprise Security is more focused on log search.

Palo Alto has better speed and better visibility. I can see all the M-points from one UI and search the logs from this UI. I use disparate security solutions that integrate or import data into Splunk Enterprise Security, including different log sources from the endpoint, firewall, router, switches, and everything that needs logging for visibility.

Splunk Enterprise Security can retain logs for compliance purposes longer than the usual three months. The dashboard capability also allows Splunk Enterprise Security to create dashboards based on logs, which makes it really helpful for visibility.

View full review »

The features I appreciate the most about Splunk Enterprise Security are the Enterprise Security features, the threat intelligence of Enterprise Security, the onboarded ones, and the versioning of the rules introduced on Enterprise Security; these are the top ones.

My organization uses risk-based alerting in Splunk Enterprise Security. Splunk Enterprise Security has supported my SOC a lot, however, we have some challenges due to the architecture of our network, so there is some custom work to be done by Splunk engineers to help us maximize the benefits.

I am using new threat detection features in Splunk Enterprise Security, including the onboard ones and Mandiant. These new features have highly improved our threat detection capabilities.

Splunk Enterprise Security has helped improve my organization's business resilience.

I'm not dealing with pricing, setup costs, or licensing for Splunk Enterprise Security; I'm focused on the technical part. What works with Splunk Enterprise Security is that it does work in general; I haven't faced any challenges; it's great.

View full review »

Splunk has been recognized by Gartner as a leader in providing visibility for observability and monitoring across various platforms, including physical, virtual, and container environments, for several years. This has made it a popular choice for many organizations, including those in the banking industry. Currently, only one of our banks utilizes QRadar. This may be due to the cost associated with switching from Splunk, which can be expensive. As a result, the customer might be prioritizing financial considerations over functionality at this time. It's important to note that while Splunk is recognized as a leader in platform capabilities, the decision to use a specific solution should ultimately be based on both functionality and cost considerations. This is why we have established a joint engineering team with Splunk to develop a platform that meets the needs of our customers.

View full review »

The most valuable features of Splunk Enterprise Security are reporting capabilities. It is a good tool for checking systems and analyzing situations. I find it useful to check my systems and analyze situations.

View full review »

The incident review in Splunk Enterprise Security seems to be the most helpful feature. 

View full review »

The best feature about Splunk Enterprise Security is its clean interface and the detail it provides. It helps us manage logs with a very clean interface, which is not available in other software. 

They also provide extensive learning resources on their official site that help us while performing tasks. Its documentation and community are very strong, making it a perfect SOC tool. If we come across any problem, we can search the community or consult the documentation for solutions. 

It is very clean and detailed, helping us detect threats easily. Splunk Enterprise Security performs 80% of our work on its own; we just have to do the remaining 20%, which gives us the freedom to explore and detect threats more effectively.

View full review »

The features I appreciate the most about Splunk Enterprise Security are the basic search capabilities, seeing what I input into the search and what results I receive, such as the charts and their visibility. These features benefit my organization by helping with our investigations; when we receive something, we're able to quickly find its source and nature. Everything I'm seeing now in Splunk Enterprise Security is effective, especially the AI and the Attack Analyzer, which I found particularly impressive.

View full review »

What I appreciate about Splunk Enterprise Security is creating the newest SPL for network traffic. I use the risk-based alerting feature. The risk-based alerting helps my organization by allowing me to learn more information about Splunk every day because it is a big platform.

View full review »

The feature I appreciate the most about Splunk Enterprise Security is Search Processing Language. These features have benefited my organization by making searching data a lot easier than other tools I've used.

View full review »

I find it beneficial that Splunk Enterprise Security easily integrates with other tools. Due to its excellent API capabilities, it facilitates connections with various cybersecurity tools. We utilize different controls, such as Anomaly and Threat Intelligence, and also integrate it with Data Diode, which assists in one-way communication for infrastructure. Splunk Enterprise Security can seamlessly receive logs from various infrastructures, including Data Diode and firewalls.

We utilize Threat Topology and MITRE ATT&CK features, as these aspects fall under the MITRE ATT&CK framework. They provide coverage for continuous user activities and password issues. The MITRE ATT&CK framework is beneficial for detection and outbound traffic, and it offers a good number of default use cases that we have implemented in our environment.

View full review »

The biggest thing that Splunk is known for across all its platforms is aggregation. We have thousands of log sources coming in, and Splunk Enterprise Security does a great job of correlating that information and making it very searchable and usable for the end user. This is my most enjoyable feature. 

Splunk Enterprise Security is a huge value-add to us because I can confirm that our security team treats it as a normal component of their daily operations. They access Splunk Enterprise Security multiple times every single day doing their job. This proves substantial value given they need it that frequently, and considering the proportion of our contract.

View full review »

The Splunk Enterprise Security's threat-hunting capabilities have been particularly useful in later releases.

View full review »

The best feature I've seen is the ability to easily change the query based on the dashboard or based on the chart we have to create, allowing any value or metric we want to add to that particular chart while keeping the rest of the dashboard settings intact. However, it's worth noting that Splunk Enterprise Security does not accommodate data from various products as Tableau does because Splunk Enterprise Security is primarily focused on infrastructure and application metrics.

View full review »

The two features I like most in Splunk Enterprise Security are the content management system and the inter-incident review dashboard. The incident review dashboard allows us to directly view significant events triggered by the use cases I've configured within the content management system.

View full review »

The most valuable features include the incident review and Dashboard Studio. My job involves building dashboards, so it's easy to visualize and explain the environment using Dashboard Studio. 

Incident review with my SOC job helps me check all the incidents and alerts coming in.

View full review »

One of the features I appreciate most is privileged account threat detection. It identifies suspicious activity associated with fraudulent accounts detected on the endpoints of target systems.

Furthermore, the platform offers threat analysis and reporting that leverages Splunk data. This allows for the detection of irregular user access from machines directly. This functionality is crucial in large PAM environments with thousands of users, as it identifies inactive accounts.

For scenarios where users might not access the PAM portal to change passwords, different policies are implemented. Splunk plays a key role in detecting irregular user activity. By establishing a three-month threshold, we can identify cases where users haven't used their accounts despite not being on leave or vacation. Such instances warrant investigation to determine the continued need for privileged access.

We can automatically suspend or terminate suspicious sessions. We have also customized reporting within Splunk.

View full review »

As an analyst, I've observed that Splunk offers a variety of rule sets, along with built-in and customizable use cases. We have the flexibility to create dashboards and expand reports for management visibility. One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities. With Splunk, we can seamlessly integrate and coordinate data from various sources, enhancing our analytical capabilities.

View full review »

The features of Splunk Enterprise Security that I appreciate the most are out-of-the-box detections. These features have benefited my organization because it's a product we sell, and we sell detecting threats in the organization.The features have benefited the organizations I sell to because without them a lot would have been self-programmed, and they support us in very different ways.

View full review »

The features of Splunk Enterprise Security that I find the most useful include the event collector and the tool for analyzing the incidents. The dashboard that we use summarizes the alerts within a certain period of time. The customizable dashboard feature helps to improve the team's decision-making skills because it provides us with a clear image of the types of events that we have within a month, and we are able to classify them based on severity.

View full review »

Splunk can deliver more information by going deeper. By creating a dashboard, we can identify the root cause of the threat. Let's say I have a firewall from Check Point. Splunk will find the dashboard for Check Point, implement it in our environment, and connect it to the Check Point firewall logs, which are shown on the dashboard. If we request a custom dashboard, the engineer will take longer to complete the task. 

I can create a custom dashboard for the firewall, antivirus, or endpoint protection. This will take time to complete because they need to understand the log type and mitigation of the process from the system or API.

Splunk helps us manage our hybrid environment, including our email system. The main email system is Microsoft Exchange, which is deployed on-premise, and the second is Office 365. There isn't much security for the hybrid environment. We get logs from the web application firewall, the firewall, and the anti-spam solution. 

View full review »

Splunk lets us integrate multiple third-party threat intelligence feeds. We can also customize the data models for correlation more than we could with competing SIEM solutions. We can filter out the noise and see our alerts. 

I created some security reports or dashboards. We also have dashboards for user requests related to our firewalls, like Palo Alto and traffic or activity alerts. We can also see where we're getting a lot of authentication failures, etc. We've also created some other custom use cases, like using VPN logs and use cases for analyzing the national origins of repetitive malware. We have integrated some other solutions like Carbon Black EDR or MDR as well as Vectra, which is fully automated with AI. They have their own signatures.

We get decent visibility with Splunk and integration with data visualization tools like Grafana. We also have various threat intelligence feeds that are updated regularly with the latest IOCs and signatures, which we can use for threat hunting. 

View full review »

I like that the tool is light and the agent doesn't slow down the machine. Splunk Enterprise Security is a standard solution providing good customer service and partnership.

View full review »

Splunk Enterprise Security offers valuable features like seamless integration and a SQL-standard Structured Query Language for easy searching. Additionally, implementing devices is straightforward, similar to a plug-and-play process.

View full review »

The most valuable features are its ability to transact in the cloud and its ability to onboard data easily with minimal connectors. Some of the new players in the market need to build new connectors to bring data into the SIEM solution. With Splunk Enterprise Security, you get built-in connectors, as it is a major platform.

View full review »

Splunk's visualizations make it easy for users to understand the data. Additionally, Splunk can ingest all our data, creating a centralized and informative platform. This combination is a powerful asset for data analysis.

View full review »

Splunk's strength lies in its single-page view. This interface allows us to explore all our data, build dashboards with alerts, and visualize real-time information through various charts like column, bar, and pie formats, providing a full user experience.

View full review »

The security part is useful as it helps secure the entire environment. I designed the security aspect of it for a lot of applications in my company. It's the security thread within the application that we build. I'm able to use Splunk to secure the applications. 

We use the solution to monitor multiple cloud environments. We can monitor even on Amazon products. It's a good source for monitoring all types of applications. 

I can manage and correlate different kinds of searches within my environment. It's good for performance monitoring as well. I can do auditing and reporting through Enterprise Security.

The solution gives us visibility into multiple types of environments. There's a good level of cost optimization as well. It's good for end detection and prevention. I can identify anomalies and get a data view of fraudulent activities. You can uncover the source type and the IP address from where things originate.

Splunk gives us the capability to handle insider threat detection. I'm able to create my own dashboard that will visualize the information. It does depend on how you handle the configuration and permissions. 

We do use the MITRE ATT&CK framework. It helps us discover the scope of the incidents. It helps us to target incidents immediately. We're able to quickly resolve it and stop it. We get data visibility to see what's coming in, which helps us act fast. 

We can work with data from any source as long as you configure it correctly.

The solution has helped us to reduce our alert volume. You can tune your alert thresholds. You can also create rules to define your alerts. It gives you the capacity to optimize queries as well. 

View full review »

It is user-friendly. It is more effective than other solutions. The support and help for troubleshooting and the documentation from Splunk make it very effective.

It has multiple features. It has data integration, search, reporting, and alerting.

It does not need any advanced programming. It only requires basic programming.

View full review »

Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier.

Dashboards are useful when we present things to management. They want the numbers and the results. The leaders aren't interested in what we are working on. We need some visualization for our presentations. Splunk has beautiful and useful visualization and dashboard alerts. We can easily create visualizations using the available options and create different types of charts, reports, and graphs that are easy for management to understand. We can also provide our leaders direct access to the dashboards, so they don't need to reach out to our team to get this data or we can automatically send them the reports via email. 

Splunk has several useful features, like asset and identity management. If we integrate our asset and identity management properly in this log, it's effortless to identify the user, device, or asset. We can get all the details if we integrate those things into the lookup engine.

View full review »

I appreciate how Splunk Enterprise Security connects users to the research team and threat documentation, providing access to current events impacting other clients, security vulnerabilities, and relevant use cases. The platform's daily updates offer valuable insights for enhancing our security posture.

Splunk Enterprise Security allows us to create custom dashboards by changing fonts and modifying widgets. Those familiar with XML coding can further personalize dashboards to align with frameworks such as MITRE. Alternatively, we have the option to use the pre-built dashboards.

View full review »

Splunk Enterprise Security's value lies in its ability to collect and analyze security logs, providing insightful dashboards.

View full review »

Being able to ingest data from all the tools and all the apps being used in the environment is valuable. Being able to create alerts when, for example, the CPU usage reaches 95% is also valuable. We can set up alerts and proactively fix the issues. Splunk helps with all these things, and Splunk Enterprise Security has almost 2,000 use cases. It follows MITRE ATT&CK and Cyber Kill Chain frameworks. There are certain notable events for which we can configure our security posture. We can onboard all the logs through indexes and create dashboards to view what is going on in the environment.

View full review »

The solution's most valuable feature is that it helps with our use cases to detect anomalies in our data and it is important to my company since we have a lot of data on different logs on the systems. We need to be able to create insights that are indicative of malicious activities, which is one of the main purposes of having Splunk Enterprise Security in our company.

View full review »

Splunk Enterprise Security's dashboards are a key asset. They offer comprehensive visibility across our entire environment, allowing us to diagnose and address security issues directly from the interface.

View full review »

Splunk Enterprise Security helps me detect threats faster depending on the type of log I'm using. If I have a current company's log, I can easily detect it faster. 

The ability of Splunk Enterprise Security to import data is simple. It is not hard; it is just an easy task that gives me what I want. 

The command line in Splunk Enterprise Security helps to search for specific queries, such as analyzing a security log to find login attempts and distinguish between failed and accepted passwords. 

End-to-end visibility in Splunk Enterprise Security is something that is appreciated. Splunk Enterprise Security is easy to use. 

The Threat Intelligence Management feature in Splunk Enterprise Security is applied and helps me to normalize the data. 

Splunk Enterprise Security is part of the SIEM tool, so it helps me tremendously to do my work.

View full review »

What I appreciate the most about the product is the flexibility with data ingestion and searching, which is very powerful; you can do whatever you want with it. We were able to see its benefits pretty much right after we got it implemented.

View full review »

The most valuable feature of the solution is the correlation searches. The one-stop shop shows me all my insights, and alerts, and can send alerts to my analysts.

I would say it is fairly important for my organization that Splunk Enterprise Security provides end-to-end visibility in our environment. At the same time, my company has other products that cover the observability piece. From a security perspective, we use data outside of our security data to piece together the whole picture. I think our company's perspective is that no matter how we get the whole picture, we will do it, even if it is from outside Splunk Enterprise Security. I think Splunk Enterprise Security plays a major role in this.

In terms of Splunk Enterprise Security for helping our company find any security event across multi-cloud, on-premises, or hybrid environments, I would say that it is great once you get past the learning curve. The learning curve is higher than normal.

I think Splunk Enterprise Security has helped improve our organization's ability to ingest and normalize data in a great manner. Splunk is a great product and provides these features, but not so much when it comes to identifying and solving problems in real-time because there are always data delays. There is always onboarding, mapping, creation of correlation search, and then enabling Splunk ESCU part. It works in a general sense and not on a real-time basis.

In terms of whether Splunk Enterprise Security has helped reduce alert volume, I would say that it is the only active SIEM tool my company is currently utilizing. Reducing alert volumes involves tuning up certain areas of the engineering team. If I look at the product alone, I would say it can help reduce alert volume. If I consider the learning curve, I would say that you have to learn how to tune it the right way with the help of professional services or experts. You need to utilize your resources, which I think is the best way to do it.

Splunk Enterprise Security provides our company with relevant context to help guide our investigations since the correlation searches with the enriched data do help gain insights on all of our investigations. At the current point, we are still trying to get past the tool's learning curve so that all of our analysts and everyone on the security team can utilize the tool the best way they can. The more they learn, the better it gets, so currently, we are doing our best.

Splunk Enterprise Security helped reduce the meantime needed to resolve our issues because we have all our data in a centralized location and mapped to a data model. As long as we know what detection and data we are looking at, we can go to our data model and figure out where the issue lies.

Splunk Enterprise Security's ability to help improve our organization's business resilience revolves more around observability. Our company recently migrated to Splunk Cloud, and I think we have more hands-on experience with the ingestion side than ever before. I think it is a lot easier for us since we moved to Splunk Cloud as we don't have to focus on maintaining the infrastructure so much, and we can focus more on the data. I think this is outside of Splunk Enterprise Security's scope and falls under Splunk Cloud's capacity.

Speaking about Splunk's unified platform helping consolidate networking, security, and IT observability tools, I would say that my company is not there yet.

View full review »

Being able to aggregate detection and alerts from various sources is valuable. Like everyone else, we have a wide range of tools in our shop. We are able to stop at one spot and look at all the data. All the data is able to come through, and we can then jump from source to source or index to index. We can dig deep whenever we need to and get a good high-level understanding.

View full review »

Splunk stands out for its extensive application integrations. It boasts a user-friendly interface with intuitive features that are easy to understand and navigate for technical users. This accessibility is a major reason why I find Splunk so appealing.

View full review »

I like Splunk's Notable Events. We have created several dashboards for our customers, where you can see the activity and number of alerts. The database receives data about the mask and domain IPs of any user trying to gain access.  We ingest logs from multiple antivirus products and firewalls and analyze them to prevent attacks and threat activities.

View full review »

Incident detection is the positive impact I have seen from Splunk Enterprise Security. It probably saved the company from financial losses because of the early detection of the incidents. I cannot say about ROI because I am not involved in financial matters, so I cannot estimate any kind of cost.

View full review »

Splunk Enterprise Security’s most valuable features include its powerful log aggregation from diverse platforms, flexible search and correlation capabilities, and customizable alerting system. It allows me to collect logs from virtually any source—servers, firewalls, cloud services—and create custom rules to generate meaningful alerts. The flexibility of Splunk’s Search Processing Language (SPL) makes it easy to build tailored dashboards, identify threats, and quickly pinpoint the root cause of issues, significantly improving operational efficiency and threat detection accuracy.

View full review »

It has so many features. The incident review pane is the best part of it because that is where the SOC lives. It is the heartbeat of what the SOC needs to do. You are able to start the investigative process. As you are sitting in the incident review pane, you see the alert, and from that one alert, which is called a notable alert, you can drill in and see all the different specific details that are tied to that. You then have adaptive response action that can be taken automatically on that, or you can even drill in to look at what events drove that alert to be created. You can then start doing more hunting and querying that way. There is so much information contained in the notable alert itself in that panel. It helps to drive the direction of where the engineer should go.

View full review »

The most valuable features in Splunk Enterprise Security are the cluster capabilities.

View full review »

I like Splunk's automated threat detection and orchestration capabilities. Splunk offers a single solution for analyzing, aggregating, correlating, monitoring, reporting, visualizing, etc. You can get all of these capabilities in one place. On top of that, it provides a cloud, testing, on-premise, and hybrid solution, giving customers more flexibility for their use cases. 

Splunk's real-time monitoring is one of its best features.  The user interface gives you a single dashboard to directly view all the high-level information. The security incident monitoring and investigation page is also very helpful. You can document an investigation step by step. Many investigators can work on a single incident also based on their shifts. Everyone can add notes on the investigation page. 

The incident response features are based on real-time data. The monitoring team can immediately take over an incident and prioritize tasks based on risk scores. We can assign multiple technicians to one security incident based on their skill, improving resolution time.  The incident review dashboard provides many useful details, like the indicators of compromise and risk scores.

We can get threat intelligence from multiple platforms, including the latest known IOCs, to support our response to security incidents. We store the threat data from various sources in a centralized place, and it updates every six to 12 hours. 

The MITRE ATT&CK framework feature is helpful for understanding which phase an incident is in and what the next steps are so a technician can prevent it from progressing. It gives us a detailed overview of other tactics it might be associated with, enabling us to stay vigilant. We can correlate with other simultaneous or sequential incidents and take action to strengthen our security based on these incidents.

View full review »

It's easy to monitor multiple environments with Splunk. The cloud model is better than the previous on-premises version. The custom dashboards are helpful. We have created multiple dashboards for user activity, logins, phishing, etc. If you miss an alert, you can check the dashboards. For example, if you need to check some user activity, we have a dashboard for Azure Active Directory, and Mimecast is integrated for monitoring email-based attacks like phishing. It throws the information up on the dashboard when we get an alert.

View full review »

The dashboards are very good in Splunk Enterprise Security. There are pretty good options to fine-tune the alerts, to wipe out false positives, and only get the correct alerts as per our requirements. The UI is pretty good and easy to use because it is integrated with different EDR tools. This integration is very helpful for identifying different malicious activities or malware for any of the endpoints, especially the critical servers.

The architecture of Splunk Enterprise Security is really good at collecting and parsing logs. Each detail, how it correlates, and all the features are up to the mark compared to other vendors. The indexing speed is pretty good in Splunk Enterprise Security. 

I used many of its machine learning automatic detections. It's really helpful to identify any malicious activity or the behavior of malware over time. There was a malicious activity that involved privilege escalation from the MITRE ATT&CK framework. It was very helpful in detecting that escalation, and due to Splunk Enterprise Security's machine learning capability, we tracked down the malware, remediated it, and prevented it from spreading further to other endpoints.

View full review »

I like the ease of setting up dashboards on Splunk. They're easy to create, manage, alter, and share. You can fine-tune them any way you see fit. One of Splunk's unique features is that you can customize it for your needs, especially if you've got homegrown solutions. It accepts whatever kind of logs and can be normalized at any point. With a one-off solution, you can work with the developer who created it, and they give you the features or key information you want to keep.

View full review »

The end-to-end visibility into our environment that Splunk provides is impressive. We just need to use it better.

We are a small team. For us to look at all those logs ourselves would be difficult. There is some decent insight into what's going on. It's just a matter of actually utilizing that data and taking action on it. 

We would probably see more time savings if we used Splunk more. 

We're an on-prem network. During the installation, we found several issues that we should look into. We just need to utilize more.

Splunk has shown us some gaps where we need to ingest and normalize data, and we have built those gaps.

Splunk Enterprise Security provides us with context to help guide our investigation. It's a starting point to actually look at the logs and figure out what we need to look into. It's useful. 

It helped to consolidate networking security and IT observability tools. We use Splunk in general a lot for operations, and then we've been able to build dashboards.

View full review »

The solution's most valuable feature is the aggregation of all the logs in one place, using enterprise securities built-in or ESCU use cases to find them.

The end-to-end visibility Splunk Enterprise Security provides in our environment is very important because we might not see everything or miss something without it.

Once you have it set up correctly, Splunk Enterprise Security works great for helping us find any security event across multi-cloud, on-premises, or hybrid environments.

Splunk Enterprise Security has helped improve our organization’s ability to ingest and normalize data. The ability to identify and solve problems in real-time is pretty robust.

Splunk Enterprise Security has helped reduce our alert volume with RBA and has helped reduce our mean time to resolve. With correlation searches in risk-based alerting, you don't have to sift through information; it is presented to you.

View full review »

It is lovely to have everything we need in one tool. Everything is quite centralized.

View full review »

One of the most popular features that I personally like is that in the case of an event, I should be able to run a desired action for that on a threshold, but that is not how we are using it right now, unfortunately. We have a pretty manual process. We have an operating procedure, and we follow that. I would like to see it automated. I do not want analysts to decide whether the action needs to be done or not. It should be done provided the policy says so. If the policy says it needs to be done, it should be an automatic process rather than a manual process.

View full review »

The solution's newly developed dashboard is pretty amazing. The full platform is quite useful, and there are a lot of tools that we can use to leverage and modify for our own purposes. Clients don't necessarily know about it, but the tool is powerful because it saves so much time.

View full review »

Splunk has an excellent threat intel feed, so we can get the latest IOCs. The threat intel service enhances the threat detection capabilities because the solution is purely based on threat intel. They gather each threat intel from the dark web and the other areas of the internet. Once the integration is done, it's much more helpful than the traditional Splunk features, which may yield limited visibility. Splunk isn't purely a threat intelligence solution, but it may not have feeds at that frequency.

The threat detection capabilities are excellent, but it depends a lot on the configuration. If we can't configure the indicators of compromise correctly, then it becomes difficult for Splunk to evaluate a threat. For example, let's say a user is accelerating some data through the email gateway, and the gateway isn't being monitored. Splunk can't do anything about that because it requires a gateway monitoring system to be installed. Splunk is only aggregating the events coming in, and it cannot find the exact DLP agent. The DLP logs need to be forwarded to this Splunk connector.

View full review »

We put all of our logs and data into Splunk, like network switches, firewalls, and web-based protection. In general, every component within the infrastructure sends data to Splunk. 

Then, we have an engineering team transforming, manipulating, and analyzing the data to create a front-end dashboard in a meaningful way.   

View full review »

The most valuable feature is the ability to look at threats and link them to the MITRE ATT&CK framework. This helps our staff identify threats within our environment and appropriately landscape them.

Splunk Enterprise Security provides us with relevant context to help guide our investigations. 

At a high level, we can see threat details and then drill down further. It maps to important frameworks, like MITRE ATT&CK, to help us fully understand the origin of threats and where we need to go next to go in our investigative process.

It integrates with other platforms like Attack Analyzer and SOAR, and soon, AI integrations. These will further help us reduce the threat landscape.

View full review »

The most valuable feature of the solution is correlation searches, which allow you to easily find threats and other such areas.

It is really important that Splunk Enterprise Security provides end-to-end visibility into our company's environment, as it can help save time and make the response faster.

Splunk Enterprise Security has helped improve our organization's ability to ingest and normalize data with the use of data models and Splunk CIM.

The tool has helped reduce our company's alert volume as the identification process is fast.

Splunk Enterprise Security provides our company with relevant context to help guide our investigations. Any incident can be resolved in a minimal amount of time than expected, and we can get more information about such incidents. It can be resolved mostly on the same day and even in a few hours.

Splunk Enterprise Security helped reduce mean-time resolve. It has also helped improve our organization's business resilience. Considering the tool's ability to predict, identify, and solve problems in real-time, I would say that it keeps our company safe.

Splunk's unified platform helps consolidate networking, security, and IT observability tools. I cannot provide too many details because I am not working directly on the analytics part.

View full review »

Some of the tool's best features are RBA and UBA. I also like the tool's single point-of-view dashboard for incident response. The case management area is one of its good features.

The tool has reduced the mean time needed to resolve. The reason is that the dashboard offers a single point of view, especially in areas where people aren't spread out. Our company is getting all the relevant data in there, and we are able to identify the problem instead of having to go to multiple tools or different interfaces.

It is very important for our organization that Splunk Enterprise Security provides end-to-end visibility into our environment. It is our company's way of understanding what is going on in our environment, and then it is our way of handling security events, relevant events, mitigating risk, understanding risk, quantifying risk, producing metrics, and everything else.

Splunk Enterprise Security provides our company with the relevant context to help guide our investigations. The tool has allowed us to gain better visibility and accuracy into security events.

The tool has helped our company improve the resiliency of our security operations. This is based on the fact that we don't have full adoption of the tool for all users in our organization, especially not Splunk Enterprise Security.

My company uses the tool for security operations, and we have built our security operations around Splunk based on what it can do and its performance.

View full review »

I very much enjoy Splunk's robust search nature, which enables me to find the data I want within the data I have. It's helpful for doing an investigation, whether that's an incident response or threat hunting.

It is important to our organization that Splunk Enterprise Security provides end-to-end visibility into our environment. That way, we can see where the data is throughout the entire process, depending on where we are in the incident.

Splunk Enterprise Security has helped improve our organization’s ability to ingest and normalize data.

Splunk Enterprise Security has, by far, the best search capabilities. It ties that into alerts and notables, allowing you to refine what you want to see in your data.

View full review »

The most valuable feature of Splunk Enterprise Security is website activity monitoring.

View full review »

Recently, Splunk upgraded to version 9.0.02, which includes excellent data dashboards and visualization effects. This upgrade makes it easier for me to implement all the dashboards. I have created a dashboard that showcases all the VPN monthly data in one place, which is a beneficial feature of the new visualization effects.

View full review »

I like that it's a review panel, you can see all of your alerts. Another valuable feature is that it integrates with other apps like UBA and SOAR. 

I also like the guided alert creation. The guided alert creation is useful, especially for new people who don't know CPL. 

It's a premium app, it's easy to use and intuitive. 

Enterprise Security has one pane of glass for all of our alerts. We still use the Enterprise Security page where we keep track of everything. 

It's very important to us that Splunk offers end-to-end visibility into our environment. It has the ability to identify any security events or if data is reingested, we'll get an alert for that. End-to-end visibility is very important for a mature security program.  

Splunk helped to ingest and normalize data. Anytime that we put data in, we always normalize the SIEM model. ES runs off of that so it helps us to dot our I's and cross our T's. It helps us to use our data effectively.

It has tools to reduce our alert volume. We get a lot of alerts. It's more of a tuning thing than anything that the app can help with. 

It provides us with the relevant context to help guide our investigations. It's really useful in that aspect. 

It hasn't reduced our MTTR. SOAR would do that. It has helped our mean time to detect. 

It has increased our business resilience. It's a top-of-the-line SIEM security product. It's the best tool for our security analysts which helps them do their job better. That then protects our company from adversary actors. 

View full review »

The most valuable function is the notable events. When I joined the team, I asked them what they could currently see, and they said nothing. I was pretty shocked. I know that they were using Enterprise Security or at least they had purchased it. I told them that there are several dashboards within Splunk that we can leverage. There is also notable events where we can see potential incidents or potential alerts about the infrastructure and the network itself. 

The dashboards give us numbers for malware infection. So long as those dashboards are actionable, they help the SOC team a lot.

It's important to respond to incidents in a timely manner. Having end-to-end visibility across the board equips the team to make sure that whatever incident happens, it has a very minimum impact on the business. It also allows us to fix things that need to be fixed immediately. That's the asset of having end-to-end visibility across the board.

Enterprise Security really helps us normalize our data because it comes with predefined dashboards, so we only need to ingest the logs and Splunk will do the work to display what we need to see on a day-to-day basis.

When we started using Splunk, we had tons of false positives. We reduced our alerts by 90%. Most of our alerts now are actionable.

View full review »

Splunk Enterprise Security stands out for its ability to integrate with existing security tools, provide informative dashboards, and offer IT Service Assurance functionality that goes beyond basic threat detection to include service performance monitoring.

View full review »

Splunk Enterprise Security offers two valuable features: the Common Information Model and arrangement modules. The CIM helps standardize data for efficient searches, while arrangement modules automate incident log processing by enriching them with contextual client information.

View full review »

The Splunk queries are valuable. There are a lot of query options available in Splunk compared to Sumo Logic.

View full review »

The most valuable features for us include its robust log management capabilities, which allow us to efficiently handle and retain logs for extended periods as needed. The flexibility to customize log retention periods is particularly beneficial. Additionally, we find the dashboard functionality and the advanced query language options to be highly valuable. These features, especially the powerful query language, are extensively utilized in our day-to-day operations.

View full review »

The feature that we use the most is the correlation search engine within ES. That is the one we use. Absolutely the most. There are a lot of other features in there, however, that's the one we use.

Our organization does monitor multiple cloud environments. It's not "easy" per se. I'm a Splunk-certified architect. I've got 30 years of experience. If you've got 30 years of experience and you're a Splunk-certified architect, it's easy. If you haven't, you've got no chance.

Splunk Enterprise Security's visibility into multiple environments, for example, cloud, on-prem, and hybrid is good. Splunk doesn't care. It's as easy on-prem as it is on the cloud, as it is hybrid. I've built up all three individually and separately depending on the environment.

The insider threat detection capabilities for helping our organization find unknown threats and anonymous user behavior are okay. It can do it, however, it is not out of the box a UEBA. It doesn't pretend to be. Splunk has a separate product for that which is not the enterprise security suite. That said, if you enable the access domain correctly within ES, it gives you really good insight into what your Insight users are doing. That's what the access domain is. However, it doesn't have the advanced features that you would expect from your UEBA product as it is not one.

We use the threat intelligence management feature. My impressions of the actionable intelligence provided by the threat intelligence management feature are mixed. We import anomaly threat intel into the Splunk ecosystem to do that. We use the framework that Splunk provides, and we supplement it with the threat intel from a third party, and that works really well.

We use the MITRE ATT&CK Framework. We’ve mapped all of our detections around that Miter framework. There's there's four frameworks built in, and we chose Miter. It just makes more sense. You only pick one. There’s no sense in picking more than one.

It’s helpful to uncover the overall scope of an incident. If you've done the work to map your MITRE ATT&CK Framework into the product, then you have a hit against a MITRE ATT&CK technique. Then at least you know where it is in the MITRE ATT&CK framework so that you can describe it as a common frame of reference with a third party. However, it doesn't necessarily give you an idea of the scope. It requires more effort. That said, it's certainly a really good starting guide as to where you are.

Splunk Enterprise Security is okay for analyzing malicious activities and detecting breaches. It's only as good as the operators that use it. Out of the box, it doesn't do anything. You have to put the work in to make it do that. I can't begin to say how useful it is when it's first configured. You need to spend a lot of time working on your environment to make it do that.

It helped us detect threats faster. Without it, you can't check anything. It's too complicated.

The solution has helped us speed up our security investigations. Without it, you don't have investigations. Also, with the alerting itself, Splunk becomes best of breed.

View full review »

We use Splunk Enterprise Security to serve our clients. Our clients from the financial and health sectors deploy the solution in their environment for cloud visibility. Our clients use the solution to find any threats or vulnerabilities inside their environment. We use the solution to get use cases, reports, dashboards, or visibility onto their environment. We use the solution to detect any attack or malicious intent of users inside the environment. We try to create use cases specific to their environment through Splunk Enterprise Security.

View full review »

The search engine and indexes are fast and optimized, and the report generation dashboard is user-friendly.

View full review »

The Splunk incident response dashboard is pretty useful because it helps first responders triage incidents and properly escalate when necessary.

We find Splunk very useful on the enterprise level to detect and prevent security threats.

Splunk Enterprise Security has definitely helped improve our organization's ability to ingest and normalize data. We have many log sources and over ninety thousand staff. We have endpoints, servers, Syslog Data, and BYOT data. Splunk has been instrumental in maturing the security posture of the organization.

Splunk does a pretty good job at identifying threats in real-time. 

It provides us with the relevant context to help guide our investigations. During onboarding, once the log sources are properly onboarded based on Splunk's recommendation for SIEM compliance, we found real value in being able to aggregate different types of data and load them properly so that we can then pass on and access them very easily. 

It has improved my organization's business resilience. We've been able to mature our security program and posture over the years.

The ability to see everything from a single tool is very helpful. From the context of communication with our executives, being able to show them a unified dashboard to see the security posture has been very useful. For example, our executives can see the security posture or position of all of the branches of the bank from a single dashboard. Dashboards like that give them peace of mind to have that kind of visibility to know the state of things. Splunk is very instrumental in that. 

View full review »

The solution's most valuable feature is risk-based alerting, focusing on building out user risks for individuals throughout the enterprise.

It is important to our organization's security that Splunk Enterprise Security provides end-to-end visibility into our environment.

Splunk Enterprise Security's ability to find any security event across multi-cloud, on-premises, or hybrid environments is good. It's more about how you configure it and how well your company is equipped to provide and allocate resources to make the best use of the tool.

It has helped reduce our mean time to resolve.

View full review »

Splunk Enterprise Security gives us a single pane of glass so that we can use just one tool instead of having to use different solutions.

It is pretty important to our organization that Splunk Enterprise Security provides end-to-end visibility into our environment, and it gets more important every year.

Splunk Enterprise Security has helped improve our organization’s ability to ingest and normalize data.

It has helped us reduce our alert volume.

Splunk's unified platform helps consolidate networking, security, and IT observability tools. It gives us a single pane of glass, so instead of having to go to different tools, we just go to one tool.

It is deployed as an app on its own server.

View full review »

The dashboard is amazing. Out-of-the-box dashboard is very good. It is very user-friendly. It is out of the box. With a few clicks, the dashboard is there.

View full review »

The most valuable feature is the custom dashboard feature.

Splunk is robust and user-friendly.

View full review »

Splunk Enterprise Security comes with 300 pre-deployed use cases that can be easily customized to meet the specific needs of our organization, without the need to purchase additional tools.

We can easily identify the number of security devices and users that are authenticated on the network and present the information to the executive team.

View full review »

The correlation searches are most valuable just because we are able to do things like RBA. One of the things that we started pretty recently is our insider threat program, and it has been pretty good, especially using RBAs as our framework for the insider threat.

View full review »

The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items, as well as the capacity to create custom alerts using the SQL language employed by Splunk. This makes it a highly potent and versatile solution tailored to both user and company needs.

View full review »

The ability to easily aggregate data and make meaningful reports is what makes Splunk Enterprise Security excellent. If I want to search for the number of failed passwords, I can go to my index, write my query, and create a report quickly. When my manager wants me to create a report concerning a particular incident, I go to my dashboard, type my query, create my dashboard from there, and everything works out smoothly.

View full review »

Incident review is pretty valuable. You can have everything in one place, review it, and assign things to analysts, and they can work on it. 

We also have different teams segmented; it is not one team. So, we brought that using the teams method in Enterprise Security, which I think most people are not using. This way, different users have different dashboards or lists of incidents.

View full review »

The most valuable feature of Splunk Enterprise Security is the threat intelligence integration because essentially having to go out and correlate all the data on our own becomes convoluted. We don't have the resources, so having that included in the product makes it easier for us.

View full review »

The dashboards let us dig deep into our actual system. Our system is spread throughout Alaska with about 70 sites, each with all kinds of equipment. Splunk Enterprise Security helps us mine through that data and look for security events.

View full review »

Splunk Enterprise Security is a valuable tool that allows us to monitor data from the APS daily. This monitoring focuses on the success or failure of APS calls. Successful calls are identified by a status code of 200, while unsuccessful calls are indicated by a status code of 400 or any other code. By monitoring these codes, we can proactively identify situations where the intended data retrieval fails due to backend server issues. This distinction is important because it helps us differentiate between failures caused by backend server problems and those resulting from issues with the monitoring team's ability to send requests. This clear separation allows a dedicated team to investigate these specific backend server failures and implement resolutions.

View full review »

The solution's most valuable feature is the dashboard, which allows us to see everything on the same page and provides easy visibility into problems.

Splunk Enterprise Security has helped us find security events in our on-premises environment.

It has helped improve our organization's ability to ingest and normalize data. Splunk does a good job of identifying and solving problems in real-time.

We have reduce our alert volume by 80%.

The solution provides relevant context to help guide our investigations. Splunk provides pretty detailed information. Based on that information, we can assign it to different teams.

It has helped speed up our security investigations by 40%.

Splunk Enterprise Security has helped reduce our mean time to resolve. In most cases, we're able to solve issues in less than 45 minutes.

View full review »

The ability to manage large amounts of generated data and to protect all devices from unauthorized use are the most valuable features.

View full review »

The best part of Splunk Enterprise Security is its customizable settings. We can modify the front-end interface, data sources, and various other aspects to suit our specific needs. This flexibility makes it extremely user-friendly and convenient.

Apart from its customizable settings, Splunk Enterprise Security also offers a range of other advantages. It enables us to easily analyze logs, use field queries, and perform other tasks without requiring any extensive training. The search function is intuitive and straightforward, making it accessible to anyone.

The UI-based reporting dashboard is another highlight of Splunk Enterprise Security. It provides real-time visibility into important metrics and allows us to drill down into specific events for in-depth analysis.

View full review »

The fast search is valuable. As compared to other SIEMs, Splunk is very fast in terms of the search and providing data.

The customization of the use cases is another valuable feature. It is query-based, and now, there is a feature to have machine learning as well. We can write advanced-level use cases, which is a limitation of other SIEMs.

The third point is the device integration. It is very smooth. If I need to integrate devices for logs, it is easier with Splunk. We can integrate different applications, network devices, and databases. It is also very rich in documents. It is the best.

View full review »

The risk-based alerting is excellent. It was most helpful in decreasing the amount of false positives that help bubble up the most problematic users and assets for the analysts, and it's fairly easy to implement.

Splunk Enterprise Security provides end-to-end visibility into our environment. It's a ten out of ten for that capability. Everyone wants to know what's happening across their environment. The more difficult part is defining the visibility, as we can't we can't ingest the entire company into Splunk. So, the harder part is not necessarily gaining visibility. It's rather determining what visibility looks like. Oftentimes, it comes down to determining and prioritizing using the highest value.

Splunk Enterprise Security, when set up properly,  helps us find any security events across multi-cloud, on-premises, or hybrid environments. It helps with investigations and helps us find that needle in a haystack. 

While it doesn't necessarily help with data normalization, some pieces determine whether the data is usable and create that usability outside of enterprise security. It does assist in the process. 

Splunk Enterprise Security provides us with relevant context to help guide our investigations. The context helps with risk-based learning, which is one of the things I rely on fairly heavily. It also helps reduce false positives and increases visibility to the most problematic endpoints and end users.

The Splunk Enterprise Security Hub has reduced our mean time to resolve; however, how much is hard to quantify. The dashboard is color-coded, and it's easy to read for the analysts. I don't often have to explain anything to them. Red is bad, green is good. The dashboards are relatively self-explanatory and it helps reveal the most difficult, problematic parts.

The solution does help with resilience - a bit. What it does is help us discover problems and reactively fix them.

View full review »

I am enjoying our implementation of risk-based alerting. That has helped very much with cutting out a lot of the noise that we have. It has reduced our alert volume significantly. There is about an 80% reduction.

View full review »

Splunk's advanced threat detection capabilities are excellent. Recently, Cisco acquired Splunk, so many customers are migrating to the Microsoft platform, but historically, I've found Splunk does a better job of correlating and collecting the security logs of all kinds of appliances. Most customers want to consolidate their security products into Microsoft.

It supports just about every cloud solution. It is easy to collect and correlate all the data. The visibility is good. Insider threat detection can be customized. My customer was integrated with many third-party credentials and other threat sources as well. The integration part was seamless and easy. The rates for allocating valuable information and IOCs from different sources are also good. 

View full review »

Splunk's machine learning toolkit helps us predict things like CPU and memory usage. The user interface is excellent, and since I'm using Splunk as a power user, it's easy to create dashboards.  Splunk helps monitor multiple cloud environments. We have OpenShift. All of our VMs and servers are present in the cloud. 

View full review »

Splunk has a wide range of features that customers use to find and analyze all kinds of logs. For example, they can use SQL queries to identify vulnerabilities. Additionally, they can create dashboards to visualize and filter their data, and to create real-time alerts when thresholds are exceeded. Splunk Vision is a popular tool for data modeling and visualization and is used worldwide.

View full review »

I am not into the administrator type of setup. I am more like an advanced user. The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. That is helpful for a power user like me.

View full review »

You can integrate Splunk with third-party security automation solutions and set rules for automatic response. Splunk can monitor multiple cloud environments, but it's a little tricky if you're working with several vendors. Every cloud environment is slightly different, and some are better integrated.

The visibility into multi-cloud environments is decent. It depends on the number of sources you have, and Splunk is pretty flexible from that perspective. You can add any type of data source. The challenge is the engineering effort some of these data sources require, but others are effortless to manage.

We haven't used the insider threat capabilities yet, but it's an area that we want to explore. We have other tools for this. We use different products for threat intelligence. 

View full review »

In the context of apps, we use a lot of search and reporting. We create many searches and reports, that quickly summarize a lot of information. That's the part that I mostly look into. That has been very valuable. I also like the dashboards and visualization features.

Its ability to provide end-to-end visibility into our environment is important. It helps a lot, especially when other users or stakeholders want that information. So being a little more transparent, but being mindful of the compliance and rules associated with that. It makes it really easy to communicate with people. They want statistics fast. The ability to quickly pull it out without a hassle is very valuable. 

We use Splunk to try to reduce the number of random alerts sent out. We're trying to consolidate a lot of functions. That has been very valuable and helpful for us.

The logging system has been a great help to us. Sometimes when we try to integrate some functions, we're not sure what errors happened. We look into the logging system, and it provides so much information. 

These optimization examples have reduced the meantime to resolve. It has been reducing cutting time.

It definitely helps our business resiliency a lot. We have a specialized cybersecurity office and on-prem technology and they really like to use Splunk. It has been addressing a lot of concerns and it is able to output the data that people are looking for. It's able to predict and identify a lot of functions.

Splunk Enterprise Security has been a great help to us in consolidating our tools. It's definitely been pulling a lot of data, especially from the network side of things. We look at it for baseline security tests. Splunk has a lot of apps and add-ons that we have been using Enterprise Security for.

View full review »

The most valuable feature is the incident review, which gives a good overview of our security incidents. I also like the solution's search functionality, which makes it easy to find things.

Splunk Enterprise Security generates our alerts, and we would have to refine the searches if we want to reduce them.

It's very important to our organization that Splunk Enterprise Security provides end-to-end visibility into our environment.

Splunk Enterprise Security has helped reduce our mean time to resolve and helped improve our organization’s business resilience.

View full review »

Correlation search, in general, is valuable because it allows us to search multiple data sources easily.

View full review »

The solution's most valuable features are the granularity and analysis of the logs. Once you learn the syntax, it's a great tool. These features are important to us because they enable us to drill down to certain users doing certain things and perform trend analysis.

View full review »

There are a lot of third-party applications that can be installed. You get a lot of good visibility on your infrastructure regarding risk. It's very data-driven, and it integrates into systems well. 

We are able to monitor multiple cloud environments with Splunk. Each data source has different stuff that requires monthly payments. 

I have used its threat intelligence management function. It can be a very useful feature for customers. 

The MITRE ATT&CK framework is helpful for helping uncover the scope of incidents. It offers a good level of simplicity.

Splunk Enterprise Security is great for analyzing malicious activities and detecting breaches.

View full review »

The most valuable features are the logs, which allow us to identify what happened and who interacted with the web repository.

View full review »

The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides.

View full review »

I like the search feature and the indexing. It's very fast and comprehensive. It's easily tuned by your service provider, so I can quickly find the results I'm seeking. So it's very practical. We are working with the search feature and using multiple indexes that combine devices from different environments, so it's easy to collect information across environments. 

We can relatively quickly detect some malicious activities based on attack patterns and implement use cases configured by our service provider with help from Splunk. It improves the speed of threat mitigation because you can gather information about the attack patterns from a few days of online activity to block threats and take the necessary actions. 

View full review »

It gives me notifications of notable events. 

The default dashboard is very good. We can see our security posture from there.

On-prem and cloud data analysis are good. You can aggregate it if you need to in order to get good data.

Splunk has proven to be great when tracking down anomalous behavior. The logs are excellent. It is the platform in the industry.  You can integrate anything. The amount of information and usability you get out of Splunk is very good.

We do use the Threat Intelligence Manager. It can be integrated with third parties. The actionable intelligence we get is useful. There is sequencing where you can gauge some actionable steps. 

I use the MITRE ATT&CK framework when I am developing a new use case. It helps us discover the overall scope of an incident. Using Splunk is essential in developing that. 

It's good for analyzing malicious activities and detecting breaches. I'd rate it highly in its capabilities. However, if you don't have the knowledge, it may be difficult. You might get a lot of false positives.

It's helped us detect threats very fast, in almost real time. 

We have reduced our alert volume. I'm not sure of the exact number, however, instead of having 100 to 200 false positives, we might get 20 to 30. 

It has helped us speed up our security investigation, although I don't handle it directly. I simply do triage, and it definitely helps there. 

View full review »

Splunk covers our cloud and on-prem environments. We were exclusively on-prem, but we are slowly moving into the cloud. Our developers can customize investigations by adding multiple interesting fields and aggregate those details in Enterprise Security by using the appropriate SQL queries.

We use Splunk's threat intelligence management feature, which provides insight into how business decisions can make an organization vulnerable to cyber attacks. All of these things fall under tactical threat intelligence. For example, it can tell us if someone is accessing our organization's API. 

We have integrated all our tools so that we can monitor any alert type, but we use Splunk primarily for investigations. We're ingesting audit, security, application, and Windows logs. Once we get an alert, we go to the tool and investigate further

Splunk uses the MITRE ATT&CK framework, giving us new tactics and techniques based on issues observed in other businesses and industries and helping us to address novel threats to our network. MITRE ATT&CK is highly useful. 

View full review »

Internal tracking is helpful because we do not like to deal with multiple ticketing systems, and I am not a fan of ServiceNow. We are able to keep everything internal and utilize Enterprise Security. Internal ticketing is helpful because we can bring in all the data and have it all available. That way, we can go back and take a look at it if we find another situation. We do not have to utilize other ticketing systems for cybersecurity.

View full review »

The consolidated overview of all the events that come in through our environment and an easy-to-access interface for all our end users are valuable. As we get more people onboard, it is important that they are able to easily jump onto the platform and understand what they need to see in our environment. Having that quick operational capability allows us to get our observability up to speed as fast as possible.

View full review »

I like Splunk's data aggregation and search capabilities. The insider threat detection features are handy, and Splunk's user behavior analytics are solid. It's one of the best tools for UBA. It covers everything. 

Splunk's Threat Intelligence Management draws from 10 to 15 open-source sites in real-time, enabling us to correlate our data with the IOCs. It helps us detect zero-day attacks. Splunk's threat topology and MITRE ATT&CK framework cover everything, including endpoints and application security from Layer 3 to Layer 7. Most queries are available out of the box. 

It's a fantastic tool for monitoring your environment. It allows you to do some granular analysis and see which assets are part of an attack. When breaches occur, you can quickly search your entire environment. It speeds up our threat-hunting process. 

View full review »

Splunk's strongest suit is its user interface. We can integrate multiple solutions and adjust settings in the Splunk interface. It's easy to manage multi-cloud environments because we can use rules to segregate the data and restrict our clients from seeing each other's data. Splunk has a lot of plugins and add-ons that provide a lot of information about our cloud and on-prem environments.

Splunk's MITRE ATT&CK framework is excellent, but I haven't used it for investigation. I'm primarily involved in implementation and development. Splunk Enterprise Security is solid detection-wise and faster than many other SIEM solutions. 

We already have an antivirus solution in our environment, so Splunk detects viruses based on that. Once the antivirus detects something, it generates an incident in Splunk that we can investigate. The detection time depends on a few factors, but we can detect a threat in two to five minutes under ideal conditions. 

View full review »

The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key questions. By seeing how others analyzed the data, we can develop new dashboards and approaches. It is always helpful to see how someone else used a tool to spark ideas about how we can enrich our items based on our specific needs. This feature covers a lot of our core general questions and is helpful, but it also allows us to see what someone who is really focused on this area has done and how we can tune and tweak it to our needs.

View full review »

Splunk is user-friendly. We can easily customize the monitoring script. We support a multi-cloud environment covering Windows Server, AWS, and Google Cloud. We also use ForgeRock to monitor Linux machines. It sends us alerts when the disk size gets full. When an employee logs in from a different region, it triggers an alert. 

View full review »

The most valuable feature is that it brings all of the components necessary to identify, analyze, and respond together.

It's pretty important that Splunk provides end-to-end visibility into your environment. As in any product that one purchases to fulfill a function, we want to recognize where it came in, who it affected, and what the challenges are that need to be met in order to resolve something, both immediately and also to make sure that it doesn't replicate in the future. Splunk does a good job of being able to do the former half. Dealing with issues requires tier-three support and above and it takes time. You can work through it with the help of your vendor team.

I would rate them an eight out of ten. It's not so much the problem of the application itself, although there are always improvements that can be done. There are a lot of moving parts that need to be added in and if you don't have the information that you need, especially within identity and inventory, then that can be an added challenge when you have to start making imprints based on what you do know.

Splunk Enterprise Security provides us with the relevant context to help guide our investigations. There are a number of different standards that can be presented, which is beneficial. Some customers like to have the information that they receive in one format. The driving factor is that when you work with federal customers, some of them want it in one format. The response will be in one format as opposed to another. 

Splunk has helped to improve my company's business resilience. It's an active component in ensuring that we are vigilant against intrusion and detecting it.

View full review »

Risk-based reporting and anomaly detection are valuable features.

The biggest advantage is the reduced time to resolution. Before, it took us up to days to resolve issues, and with Splunk, we've been able to move that down to hours or even minutes in some cases.

View full review »

Identity management is the most valuable feature. 

Its ability to find any security event across any environment is useful if you use the risk parameter. If it can correlate with an identity or an asset, then correlations between such events are up to the analyst. 

Splunk Enterprise Security helped improve our organization’s ability to ingest and normalize data.

Splunk helped to reduce our alert volume by 53%. We work based on an on-call process. The analyst who is on call can use Enterprise Security to see what alerts they have and work from there.

If you load it correctly, Splunk will provide us with the relevant context to help guide our investigations. It made it easier. 

Splunk Enterprise Security helped improve our organization's business resilience.

In terms of its ability to create, identify, and solve problems in real-time, if the problem arises, we can go and look at Splunk, but if it's happening in real time and no one reports the issue, then it doesn't work in real time. 

It helps consolidate networking, security, and IT observability tools but it doesn't have such a big impact on our company. 

View full review »

Its alerting is most valuable. We have alerts set up in our environment for certain attacks, such as an SQL injection attempt. We have a front-facing server for the website. It is out there, and anybody can access it. When those SQL injection attempts come in, we can detect that with the alert. We get the alert in our mailbox, so we can start looking at it right away. Generally, with a SQL injection attempt, there is way more to it than just the SQL injection. There could be another 15 or 20 different types of attacks attempted during the injection. They are just trying to see if there is any vulnerability, and then they can take a shot at it.

View full review »

I like the Splunk dashboard and search engine.

View full review »

I like how easy it is to integrate the logging of all of the various nodes. The product also offers nice connectors. Other features include the product's ability to allow users to customize their dashboards, signatures, metrics, and other elements, making it a very valuable and reliable tool for my organization.

View full review »

The most valuable features of Splunk Enterprise Security are its high-performance data collection, flexible query language, and its versatility across the organization. The unique query language, once mastered, provides flexibility, and the tool extends beyond just security, benefiting network and development teams. This versatility and speed in searching and trend identification enable quick defense for my clients. For me, it is about fast detection, rapid response, and easy access to crucial data.

View full review »

With this product, you can go for an in-depth search or just perform a surface-level search. There are different modes in which you can perform searches, and that basically defines the speed of how fast you can get the data. If you are going for a more detailed version offered, it'll take a bit of time. However, they'll give you more and more data. There's also a fast mode in it. 

The data which you can pull, you can basically visualize it, you can normalize the data, evaluate it, and convert the data into tables. It's much easier to pull the data, organize it, and normalize it as you are performing the searches. That's quite helpful.

I prefer working with cloud infrastructure like this as you can increase the storage capacity or the license at any time and search for a number of different endpoints. If you want to ingest more and more data, having something like Splunk available on the cloud is preferable. 

I take advantage of the incident response part of the solution. If anything happens at the endpoint, if anything happens at the user system, servers, or something like that, my role is to look into the logs, go through other investigations, perform a time scan, and create a timeline of all the events. This helps do that job.

I'm also aware they have a Mission Control. I have actually attended a few surveys on that, however, I haven't really implemented it due to the fact that we are in the middle of a few of the projects, and things are at higher priority as of now. So we haven't really focused on that.

Using Splunk, we can check out what server versions we have. If we just cross-check with the database, we can see if we have any availability and then we can pull in the files. If you have a database, you can perform a query to check for any particular problems in the entire environment. For the threat notifications, it's quite helpful.

Indirectly, it's helped us reduce our alert volume. If you have a list of files, you can run it through the environment and, based on that, create rules and exceptions. This indirectly helps reduce alert amounts. You can go through false positives and sort them out as well and create a rule against them. 

It's helped speed up security investigations. Being a central hub of logs, we can jump into a different log or source and jump into any investigation. You don't have to jump from one tool to another. This automatically reduces the investigation time. 

There are lots of free learning materials on their website. 

Overall, things are quite easy. It's a simple solution. 

View full review »

The triad is one of the best features. The product has a good security posture. It provides many customizations.

View full review »

Risk-based alerting is the most valuable feature. It really allows me to drive down the alert count and the alert fatigue for my analysts to make the alerts they see more valuable and actionable. The way that alerts are handled is better in Splunk. SPL is easier in Splunk. The UI of Splunk makes it easier for our analysts to move around and see what they need to see.

View full review »

The most valuable feature is the DSS, also known as SPL, because it allows users to script advanced queries with limited knowledge.

View full review »

Application-wise, it's good. Searching and reporting of data analytics is also fine. The dashboard presentations are also a good feature. Overall, its functionality is great and that's why we use it.

View full review »

The risk-based alerting (RBA) is one of the valuable features. It's a really cool concept to explain and see the impact that you're having on the company.

Splunk Enterprise Security's ability to find security events across different environments, whether in the cloud, on-premise, or hybrid, is really good. Because it gives me a lot of content out of the box, the only thing I need to do is ingest the data, and I'm good to go.

View full review »

The solution's most valuable feature is the criticality of alerts. Some alerts can be noise, and others will be more high-level and warrant a higher-level response than others.

View full review »

The primary feature that is the most valuable is the correlation feature, which helps you analyze the data. If there's a lot of telemetry data at some point, Splunk can take advantage of it. It can handle a large volume of data. 

Now, with big data, AI, and all those things, the amount of security data that is generated is too high. Generally, the other SIMs face trouble when handling big data. However, Splunk itself is a very strong solution for handling lots of data. It helps the SOC team analyze data very well, and it does not crash on handling a large amount. That's a key benefit.

Our customers usually monitor multiple cloud environments. It's not very difficult. There are two ways we use Splunk. One is that they can be multiple cloud environments. The second is that it can be an on-prem and a cloud environment. We are mapping it to our one solution. 

Splunk is very flexible and it's integratable with other solutions

If you want to understand how it can analyze or find out incidents, the visibility is good. The best visibility would always be in the on-prem environment. Then, the cloud, since Splunk is not a native cloud solution like Microsoft's Sentinel, is used. We don't see a lot of challenges if we do a hybrid kind of setup, however.

I'd assess Splunk's insider threat detection capabilities to help find unknown threats or anomalous user behavior at an eight out of ten. Splunk itself uses another agent or another module to do it. Splunk does the job. It's not that it will not do the job; however, it will require more refining than other solutions in the market.

My team uses the Splunk Mission Control, topology, and attach framework features, which are really helpful. We've used it for multiple customers. We take their existing SOC or detection use cases and try to map them to the framework. From a security point of view, it obviously makes a solution more superior. With Splunk, you can catch more security incidents. From a best practice standpoint also, it is a good thing as we can configure the solution, and, according to that configuration, the entire performance is better in terms of security. 

It's very useful for assessing malicious activities or detecting breaches. It's a robust solution. 

We've been able to help customers detect threats faster. It might be 5% to 10% faster in some cases. And since we can analyze large volumes of data, we're not missing any particular data point or data set. That gives us an advantage.

Splunk helps reduce alert volume. You can reduce your alert volume based on your configuration, and it's highly customizable, so it can help you reduce alerts by a lot. It's helped us improve the quality of incidents we receive. 

It's helping customers speed up security investigations somewhat.

It improves the resilience of a company thanks to its ability to quickly analyze data.  

View full review »

It is pretty good. We can extract the metrics we want on the dashboards. We are able to react to the incidents. We are also able to monitor the service. In addition to the incident response, we can also do investigations, fraud detection, and other things like that.

View full review »

Splunk Enterprise Security helps with advanced reports and keeps the system scalable and flexible. It provides a clear picture of the current status of any incidents. As a CISO, I see a lot of potential for future innovation, which is interesting. I've noticed better performance, especially with the reports.

View full review »

The ability to digest any information and then correlate it in accordance with what you need is valuable. The ability to connect to pretty much everything and bring the information in the same format is also valuable. On top of that, we can use their language in order to create and customize the dashboards, correlations, or analytics that we want to incorporate. They also have a lot of out-of-the-box correlation that we can use, which is awesome.

View full review »

The incident review is great for working inside of a SOC if we want to see everything and we want to configure notables and have all notable features, it's useful. We're moving to SOAR right now for configuration for our work center. As far as ES in our work center, just detecting our notables and monitoring all our traffic, is the most important feature as far as what our day-to-day is concerned. 

Splunk has helped us with mean time to respond, although I don't have exact numbers.

Splunk has helped improve our company's resilience level.

Splunk is very good at predicting, identifying, and solving problems in real time. I've never used anything else, however, I'm impressed with the ease of it and the ability to find anything and everything we need. 

View full review »

Splunk is very fast and user-friendly as well. The UI and design is user friendly. It is easy to understand. 

We can do a lot of things on Splunk. We can integrate a lot of other applications on Splunk. And that can be used for day-to-day security operations. It is easy to use, easy to implement, and it is fast. It is reliable.

Our organization monitors multiple cloud environments. We monitor all the infrastructure and cloud environments of clients.

It is easy to monitor multiple cloud environments with Splunk. You have to get clients onboarded to Splunk first, and then the monitoring part comes last. We have a couple of things that have to be done before the security team starts monitoring. For example, we install the agents and set up the hosting. We get the data from the host, we pass it. It is quite a lengthy process. It is easy, however, we have to do it very carefully and cautiously.

Splunk Enterprise Security provides visibility into different environments.

The solution's insider threat detection capabilities for helping our organization find unknown threats or anomalies in behavior are good. We have multiple security frameworks. For example, we have micro frameworks. There are different sets of rules. We set it. What Splunk does internally is just match the incoming logs. Based on the rules that we have set, it will match with the incoming logs. If it matches, then it will generate alerts for the security team. Based on that, we can identify if there is a potential threat trying to get into the company or internal infrastructure. 

The actionable intelligence provided in Splunk Enterprise Security is good. 

It will help us to automate things and can handle certain items on its own. It will just investigate, remediate, and close the necessary alert. If it is beyond Splunk's capability, then an investigation team will be involved in it. 

I have used the threat topology and attack framework feature, however, now I am more of an administrator.

Splunk Enterprise Security is good for analyzing malicious activities and detecting breaches. There are a couple of other tools as well, which do the same thing. However, with Splunk, it's very easy to work with the dashboard and do search queries. You can easily look through the logs via Splunk UI.

The solution helped reduce our alert volume. It will just minimize the false alerts, and just post positive alerts. It's likely reduced false alerts by 60%. A lot is automated now and that helps cut down on manual work.

The solution has helped to speed up our security investigations. Once again, the automation will speed up the process of investigation. It saves a lot of time for analysts as it allows them to see the initial data. If a team has multiple alerts, it will take them time to go through and check everything. However, Splunk does the initial investigation for analysts and will escalate to analysts as needed. It might have reduced security investigations by 80% compared to earlier versions. 

View full review »

Exporting is a good feature. It helps me out when I have to do reports. I do a lot of exporting and crunching of the numbers. Dashboards are okay for showing to the leadership, but for doing statistics and updating tickets, the export feature is very beneficial for me.

They offer training. That is a big part of it. If you do not understand the tool, they are able to provide everything that you need, which helps the business. When you have learned a tool, you are able to speed up the process meantime, so you are not wasting a lot of man-hours trying to figure things out. 

View full review »

It gives us good visibility into multiple environments, including cloud, on-premises, and hybrid; irrespective of platform.

The UI is also very friendly. You don't have to work very hard to find things.

View full review »

Splunk enables us to customize dashboards and queries, and we can add multiple admin users. We only use the essential parts, including the MITRE ATT&CK framework capabilities. Organizations share threat information under the MITRE ATT&CK framework. We do threat hunting and marketing based on that.

We do manual threat hunting. We get all the IP addresses and check the threat databases to determine if it's malicious. 

View full review »

Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks.

View full review »

The most valuable features of Splunk Enterprise Security are the enterprise search bar and the dashboards.

View full review »

The solution's most valuable feature is threat intelligence correlations. It's too hard to stay up-to-date on all the different data feeds yourself. So, having a tool that does it for you is very beneficial.

Splunk Enterprise Security has increased our alert volume because we now have new data to work with, and we're writing more alerts. We don't use the solution a lot for observability. Usually, our primary use case for Splunk Enterprise Security is cybersecurity.

It is extremely important to our organization that Splunk Enterprise Security provides end-to-end visibility into our environment. That's the primary reason we use it. We want the ability to do everything from one tool without having to trash back and forth and take that precious time.

Splunk Enterprise Security has helped reduce our mean time to resolve. We're at least twice as efficient with Splunk Enterprise Security at identifying risk, following up, tracing it throughout the chain, and resolving it. We still have various toolings, but over time, the goal is to nest everything into Splunk Enterprise Security to make it cohesive from end to end.

View full review »

Splunk Enterprise Security has helped speed up our security investigations.

View full review »

The solution offers a variety of good features. It has a simple user interface where we can find various options easily. The search functionality is great.

Integrations can be done easily. It’s not complex like other solutions, like Radar or Azure. Everything is easy to manage, including the low sources.

The visibility is continuous. We have different web servers, databases, routers, endpoints, et cetera, and we gain visibility from a security perspective to all of them. We can generate different types of dashboards to visualize traffic from various resources.

We can see user behavior and have access to user behavior analytics. We also are able to have some custom rules that allow us to effectively continuously monitor the activities of our users. We use a third-party solution for that.

Splunk Enterprise Security is helpful for analyzing malicious activities and detecting breaches. I can take various logs from log sources and centrally manage everything via custom rules. We have been satisfied with the capability to analyze malicious activities and detect breaches.

It helped us with faster detection of threats. If we compare it with other solutions, it is much faster. For big organizations that have their logs and terabytes, working with something like QRadar takes lots of time. Splunk is much faster.

Since the time of deployment, we've been able to use all of the features and integrate rules and use cases with threat intelligence. We've reduced false positives by 90%. Between the first and sixth months, we reduced our alert volume by 50% to 60%.

Splunk Enterprise Security helped speed up our security investigations. We now have an in-depth insight into endpoint usage. We've saved about 60% of our time if you compare Splunk to how we were operating before in terms of monitoring. 

View full review »

We use Splunk for security and tracking what happens on our network and it is effective at that.

We like the big data analyzer.

The dashboard and alerts are good. We can use them for monitoring to see what’s happening on our network. It’s centralized. It gives us good visibility into multiple environments. We can use it in Windows, Linux, et cetera.

We can use platforms and integrate everything together. We can see multiple environments on-premises.

When something happens, we get alerts via SMS or email. 

We use the MTTR attack feature and it is very effective to use for detecting threats.

We can also schedule reports on a monthly or weekly basis.

It’s very useful for tracking. If you can look at the steps and see what happens, you can investigate effectively, and so on.

Splunk Enterprise Security is excellent for analyzing malicious activities and detecting breaches. We can see, step by step, what happened. We can escalate and investigate and so on.

Splunk has helped us detect threats faster. The alerts are very effective.

It helped to reduce alert volume. I’m not sure precisely how much, however, it depends on how many client devices you are tracking and analyzing.

Splunk is a suitable resource for collecting logs. 

View full review »

The correlation search functions that generate all the notables are valuable. That can get pretty complicated, and it handles that pretty well.

View full review »

I am a basic user. The search lookups are useful.

View full review »

From the class that I took this week, being able to create notable events from whatever you find in the data set is pretty useful.

View full review »

It provides a risk score for each object, device, or user. We can then take action if they are at a higher risk.

View full review »

The dashboard and reporting are very good. Our clients monitor multiple cloud environments and Splunk helps because, in general, monitoring multiple cloud environments is definitely difficult and very complex. It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk.

The solution is also very good in its threat-hunting capabilities and anomaly detection. It uses an AI-based detection system to identify real-time anomalies and provides complete visibility into the network.

And you can feed multiple threat sources into Splunk and the Threat Intelligence Management feature gives you information about current or potential attacks. It provides complete security support in the threat intelligence space. It helps your administrator to correlate indicators of compromise from threat intelligence databases and feeds.

Also, the Splunk Mission Control feature, which is mainly for Splunk Enterprise Security cloud users, provides a unified and simplified security operations experience for SOC analysts.

We also use the solution's Threat Topology and MITRE ATT&CK framework feature. That's something you need for cyber breaches to contain a threat. This feature comes into play when you need to mitigate an incident in your environment.

View full review »

Splunk works based on parsing log files.

View full review »

The deployment server is very good and is one of the best features of Splunk Enterprise Security for me; you can use that deployment server even for distributing any agents, upgrading automatically, and universal forwarders. Its search is very flexible, allowing you to search anything by typing a sentence.

View full review »

The tool drastically reduces SOC overhead. Its integration with our tool suite is great and helps us correlate events. The solution is also a lot faster than our standalone instances. 

Splunk Enterprise Security helps address our customers' missions. We want to ensure that our environment is secure and safe and detects anomalies and threat actors as soon as possible. 

The solution helps my organization's ability to ingest and normalize data. It has also improved resilience.  

View full review »

The solution is the market leader.

Our customers are always looking to partner with market leaders as you can't go wrong with them.

Customers can monitor cloud environments. 

The threat detection capabilities are quite fast and efficient based on my customer's feedback. 

We've used the MITRE ATT&CK feature and it's good. It's pretty standard and comparable to IBM. Most products offer this as well. 

It's good for analyzing malicious activities. It's good as an overall platform. It's good at detecting threats. It's a basic feature that is quite effective.

Splunk can help to reduce alert volume if you configure it properly.

They are a market leader in a lot of areas in terms of features and functions. 

It helped us speed up security investigations. I'm not sure of the exact percentage it helped us speed up by, however.

It has a lot of basic and standard features. 

It is a full-fledged solution that provides everything a company needs.

View full review »

Three features stand out for me: the SDK for writing Python, the customizable and adaptable diagnostic dashboard, and the optimizer for collecting data.

View full review »

Integration with the cloud is pretty important and good for us. We found the integration with a lot of tools, not all tools yet, valuable. It does make the transfer of data, log files, and other things easier for us.

View full review »

The availability of the data and the fact that we're able to collect a large amount of data into the system and analyze it is valuable to us. The product’s speed and availability make it really useful for us. I'm excited about the additional enhancements to the machine learning toolkit. To be able to use it more is exciting to me.

View full review »

I haven't had the chance to properly sink my teeth into Enterprise Security but so far I like that they added the MITRE ATT&CK features. 

This feature helps us know how to plan when we have an incident, know where to look, what to look for, and aspects like that. 

The MITRE ATT&CK planning is valuable. When we see those incidents and those logs, having the information right there speeds up the process a bit.

We did not have a SIEM at the time, so we added Enterprise Security as our SIEM. We're hoping to learn more about it and grow as we progress.

View full review »

From my experience, the visual aid that it provides is most valuable. There are charts and other means to provide information.

View full review »

The ability to ingest different log types from many different products in our environment is most valuable.

It seems to have everything in terms of features. Every time I think of something, I go out to their site, and I can pretty much find it.

View full review »

The ease of use and building queries, specifically SQL queries, is notably beneficial as it is easy to build, and the data model itself is very simple. The advanced correlation capabilities are very useful for identifying patterns or malicious activity of users.

View full review »

The metrics and trends that Splunk Enterprise Security generates using all the data points we send allow customers to understand better what their users are doing.

View full review »

We use the threat intelligence management feature. 

We have been considering implementing certain frameworks, such as MITRE ATT&CK or threat topology features.

It contributes value by enhancing resilience, crucial for adopting a Security Information and Event Management solution. Site resilience is imperative for our organization, meeting a key security requirement.

View full review »

The features are fine; they aren't exceptional in any way.

We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular. 

The visibility we get has been good. 

Inside threat detection capabilities are good. 

It's helped us to reduce our alert volume a little. I haven't properly calculated it fully so it's hard to lay out a percentage. 

View full review »

Incident Review and correlation search are valuable features. These features help us create correlations and have good actions afterward. The product provides visibility and enables us to correlate data and generate alerts.

View full review »

Being able to track impossible travel logins and things of that nature is valuable. We can track user logins from various IPs, various countries, and at various times to see if everything adds up. We can check to see if it makes sense that someone logged in from China and in the US within an hour.

View full review »

The notable events and the incident review features are the most valuable. It gives you an overall idea of what's going on in terms of security in the environment. 

I also like the automation. We write custom scripts and automate certain tasks. That's also interesting. This feature saves us time.

Splunk is capable of doing a lot in real-time with data coming in that is a terabyte in size, you can still do searches in real-time. We have correlation searches that do similar functions.

It has a lot of the features we're looking for. 

View full review »

The monitoring and the security functionality are the most valuable aspects of the solution.

It is easy to set up.

It is very scalable. 

You can basically make it do whatever you want, from log management and monitoring security, intrusion detection, prevention, and linking to your antivirus to report to it. Having kind of a single point where everything feeds in and create dashboards however you like is useful and works with how many ever systems you want in that dashboard.

View full review »

It is a very well-organized solution. I find it more user-friendly than ArcSight and QRadar. I can search, and I can do whatever I need in terms of dashboards, reports, etc.

It is the best tool if you have a complex environment or if data ingestion is too huge.

View full review »

This is a very capable and flexible solution. It's based on Linux and even Windows installations use the Linux file structure. You can use it to gather syslog messages from anything; jet engines, fin-tech financial institutions, banking, regular enterprise, etc. You can gather the messages from network equipment, elevators, anything you can think of that generates syslog, and Splunk it. They also have a good API so you can write your own code to talk to it or interact with it. The solution has a lot of applications that people have written. It's the best solution on the market. 

View full review »

The most valuable feature of Splunk is security information and event management(SIEM). Additionally, the solution is easy to use, has useful reports, and good interface.

View full review »

The feature that I have found most valuable with Splunk is the ability to sift through a bunch of data very quickly.

We have about a 500 gig license with Splunk, so it's not like petabytes of data, but even 500 gigs is kind of hard to sift through sometimes.

View full review »

The solution's most valuable feature is its data modeling. Splunk has data from so many different vendors. Moving all that or normalizing that to the data models allows us to look at one place holistically across all the different inputs.

View full review »

The most valuable feature is the incident dashboard, and the extensive use of correlation searches, which isn't available with a standard Splunk search package. This feature is important to me because it enables SOC analysts to do their job more efficiently and be able to investigate or mediate incidents at a faster pace.

Another benefit is the expansion of the use of ITSI, SOAR, and now Mission Control being able to holistically monitor an environment with one tool. Also with Mission Control, we have the ability to have one interface.

It's very easy to monitor a single cloud with ES solutions. I've worked with several other SIEM tools before and Splunk does it better.

Splunk's ability to predict, identify, and solve problems in real time is good. They do it better than other tools.

View full review »

Enterprise security is the solution’s most valuable feature.

Its reporting functionality is excellent.

I really like the user interface and how it works.

It’s scalable.

The solution is stable.

You can integrate any other tool or any other solution, including existing solutions, with Splunk. They have a good setup.

The log analysis is something that is good. In general, data analysis is something you can do in Splunk in various ways. You can leverage it as per your requirements or as per your investigations. You can write your own queries and complicated queries, and you can have your own alerts. You can correlate events. It’s very flexible.

View full review »

Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize.

View full review »

Splunk provides a free version so you can test it before purchasing.  It's better than IBM, in my opinion, because it's an independent entity. IBM, for example, if you want to use EDR, and other features, you must use the features of other companies, such as ServiceNow and Jira.

I am still exploring the features provided in Splunk. As I have not used it for a long time, I don't have a clear vision of it.

View full review »

The log management is great.

It has a very good alert tool that you can create with the logs that Splunk gets.

You can check up on security from the dashboards. We use some custom applications which we have created by ourselves. It's very helpful to have custom dashboards with knowledge of the system of what we monitor.

The initial setup is simple. 

We have found the solution to be stable.

Its scalability is quite good.

View full review »

Splunk is quite flexible for our customers. Splunk does not filter from a specific lock, you can define it later.

View full review »

The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly.

View full review »

The SIEM is the most valuable feature of the product.

Having a better integration method and then ingesting and mapping the information have been somewhat easier than some of the other tools that I've used previously (other than QRadar and Rapid7).

The initial setup is pretty simple.

The solution is scalable.

Stability has been quite good. 

The pricing is pretty decent.

View full review »

Splunk has a great platform. Their edge is in their lock management and being a very powerful lock server. Recently, they added some licensing and updated correlation rules to act as a SIEM Solution. They seem to be penetrating the market in a proper way.

View full review »

One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us. 

View full review »

The additional vendors we've brought on board, particularly the Elastic, have been quite beneficial.

It's a solid platform.

View full review »

What is nice about the solution is that it makes it easy to build the queries, search for the events and then do analysis. I recently have become involved in the Playbooks, since it is painful for the client to respond to the threat, be it positive or negative. As such, I currently see the Phantom component of the solution to be of great value. Otherwise, most other features seem to be similar to Netwitness, such as the monitor log, network, and endpoint capabilities. Importantly, the solution lacks endpoint options, as these are currently deployed on Cisco, which is okay, as it works fine with that bad side of the endpoint security. This translates into them building queries, rules and then Playbooks. 

The main advantage of the solution is that it provides an easy setup platform in the new environment. When set up afresh, it is also easy to build queries. Historical queries can be used to site for a new event, which makes it easy to use, deploy and understand.

View full review »

The flexibility of the search capability is most valuable. You can use it for more than just a basic log aggregator. It is powerful in that regard.

View full review »

The most valuable aspect of the solution is the ability to capture the different data streams. We also appreciate the reporting in that aspect of Splunk. If we can grow now, with any security arena, it's going to be proactive, not reactive. It allows us to digest the information, the data, the different data streams, so we can make decisions based upon information that we receive, and it is pretty robust.

View full review »

The solution's capability is its most valuable aspect.

The initial setup is very straightforward.

The solution has proven to be quite stable.

We've found the solution to be very mature.

The integration capabilities are excellent. They have apps that integrate quite well with Palo Alto and Cisco, for example.

View full review »

Its dashboard is valuable. If you have a good knowledge of how to create a dashboard, you can create any dashboard related to cybersecurity. If fine-tuned, the alarms that are triggered for instant review are also very valuable and useful.

View full review »

There are quite a lot of things that we find useful. Splunk agents are useful and good. Its UI is quite impressive.

View full review »

The most valuable feature is the reporting and the information that is provided by the tool.

It is very easy to implement a PoC using Splunk, which will show the value of the reporting and data that it provides.

The integration is seamless with many devices and operating systems.

It is flexible enough that you can choose what kind of deployment model you want.

They have a large solution toolkit that supports IoT, wherein businesses can get a lot of help with the centralized management functionality. There are also tools to assist from the security and SIEM perspective, and there is a centralized dashboard.

View full review »

The ease of log connection has been great. 

Its compatibility with other SIEMS is very useful. 

They have many basic use cases that we like. 

The cloud version of the solution is especially scalable.

The product has been quite stable so far.

The initial setup is very easy.

View full review »

The logging features are useful as are the dashboards and alerts in addition to the organization of data. It has options for creating dashboards and alerts. You can also create queries in the SQL language. Splunk is a user-friendly solution.

View full review »

Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data. 

The ease of deploying the agent is great in Splunk. One can easily deploy the Universal Forwarder which can extract any amount of information and put it into an indexer. The flexibility of ingesting any kind of data is good with Splunk.

In regards to action-oriented tasks, If an alert is triggered where I have to perform a certain action in the form of executing a Python script or invigorating a PowerShell script — this is easy to do with Splunk. 

The Splunkbase is great. There are thousands of apps that are already available, I can install those apps with full-connectivity and use them to extract any form of data. The community in the Splunkbase is also really strong. 

The ease of integration with third-party tools is great. In the Splunkbase, there are so many apps that are easy to integrate with. 

The user interface is really good. There is a machine learning toolkit — I like it a lot. They have use cases in place so that people with little experience in machine learning can go through these examples of use cases and gain a better understanding. 

View full review »

It's the completeness of the solution that we like the most. It has a solution for backend log analytics, but also one for mobile applications.

View full review »

The most valuable aspect of the solution is the dashboard. It's very intuitive. 

The reporting is excellent. The team and the SOC analyst are able to easily track the alerts and the correlation is very good compared to other SIEM tools. 

View full review »

The completeness of the solution is what we like the most.

View full review »

The graph visualization is the most valuable feature.

View full review »

The indexing and data collection are valuable. 

View full review »

Splunk has machine learning which is a valuable feature.

View full review »

It is very easy to use and integrate. There are connectors for every technology.

View full review »

The fact that Splunk is a platform and not just a SIEM solution is a key benefit.

Our customers like that they can use Splunk to optimize their security.

View full review »

The most valuable feature of Splunk is the management and built-in workflows.

View full review »

The product is good, it satisfies our customers.

View full review »

It's basically one of the best SIEM products on the market.

The scalability is great.

We have found the solution to be stable. 

Technical support is helpful. They respond in a timely manner. 

View full review »

The solution is very fast and succinct. 

View full review »

The most valuable features are how stable and easy to use Splunk is. 

View full review »

Splunk handles a high volume of data that we have, and it does it really well.

For what we're using it for, we're happy with its functionality.

The reporting aspect is good and it does what I need it to do.

From an operational standpoint, it helps us on the operations side and it also shows where we're having issues.

It connects to a lot of stuff. We can collect information from a lot of sources.

View full review »

I like that the solution is easy to use and stable. 

View full review »

We have found all the features useful. However, the dashboarding and logging have been very helpful. Additionally, the log analysis does a great job.

View full review »

We enjoy the whole solution. It is meeting our requirements, especially the SIM solution. 

The alerts are very user-friendly.

We can easily configure things as required in relation to our use cases.

The search functionality is good. It works like Google. 

Onboarding is quite easy.

The scalability is good.

Product-wise, the performance is good. 

View full review »

The log aggregation is great.

The solution offers good data analytics.

The dashboards are very helpful.

The initial setup is simple and straightforward. 

The solution is low-maintenance.

It's a stable product.

We have found that the solution scales well. 

View full review »

The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening.

View full review »

The solution allows easy gathering and ingestion of the data.

View full review »

The speed is a very valuable aspect of the solution. 

The way Splunk handles low data and low-rate costs are great.

The level of robustness on offer is very good. 

The initial setup is very straightforward. 

We have found that the solution offers good integrations with other products.

Overall, the solution works very well.

View full review »

Splunk can quickly be deployed and it's not difficult to learn the solution. 

View full review »

The most valuable features of the solution are it is straightforward to use and the documentation is good for finding out how to get the data you are looking for.

View full review »

Because I'm security focused, I prefer the security features such as Splunk Phantom and Splunk Enterprise Security.

View full review »

Its integration is most valuable. Its UI is also pretty much easy.

View full review »

It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool.

It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want.

View full review »

• Core Splunk
• Saved searches
• Dashboards (SimpleXML) 

With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM.

View full review »

The solution has plenty of features that are good.

View full review »

The Splunk programming language allows you to pipe searches into another searches.

What I really like is that even if you have already collected the data, you can extract data and  add fields which improves building searches. This is not the case with Elasticsearch, where this needs to be done upfront.

View full review »

The features I have found most valuable are the dashboards. 

I monitor the complete capacity that users are using in the company.

View full review »

Splunk is good at log collection and log management.

View full review »

The models that we use are pretty mature at this point, which means we can be assured we are given the best use cases right out of the box.

We can just plug into the applications and everything is set up. There's very little configuration necessary.

The integrations that are offered with different tools are all very good. They offer integrations for all levels of security and have offerings from some of the other major solutions in the space.

The initial setup is pretty straightforward.

View full review »

The correlation capabilities are the first value that our clients say they like with Splunk. Another benefit is that they can connect to any device or log from any device from anywhere.

It's easy, the tool is very easy to install and set up. 

View full review »

The most valuable feature is that it's very good for log aggregation.

View full review »

The ability to analyze huge amounts of sales data and accurate prediction of sales forecasting is the most valuable feature. 

View full review »

The most valuable feature is the log aggregation, being able to scan through all of the logs.

View full review »

The logs on the solution are excellent. Mostly I see just the reports or the outcome, however, with the log portion, where you could actually take log entries and pass them through the system in order to create events or conditions, and get reports. You can set up your conditions to the logs that you invested into Splunk, and get the reports or the output that you want. 

View full review »

This is a straightforward solution, easy to configure and difficult to mess up. 

View full review »

The flexibility of the solution is quite good.

The product is stable.

It offers good scalability if you are willing to pay.

The technical support on offer is responsive.

View full review »

All the features are valuable. It helps us uncover bottlenecks in the network.

View full review »

The most valuable feature of Splunk is the log monitoring.

View full review »

Selecting the relevant events and records.

View full review »

The ability to correlate results.

View full review »

Splunk is a good solution to collect more events than other solutions. It's a good solution, for me, for this reason.

View full review »

Log search and alerting/reporting.

View full review »

Splunk has many good apps and has a contribution from all security vendors. That's where Splunk wins.

View full review »

The search function for splunk is like a google search. You just enter and it will quickly show you the results. 

View full review »

It's very flexible. If you look from the cloud implementation it is there. Reports are made quickly. Unlike other tools, it caters to all kinds of technical information on the front very easily. There's no need to put in any technical information. You can pull up the reports very easily, take action, and notify stakeholders.

View full review »

• In-depth logs
• Add-ons 
• The ability to ingest data from other tools
• The detailed log view
• It's easy to read

View full review »

It is quite extensible. It is a platform that we can build our use of each case instead of each case being limited or restricted to each capability. This is probably the best feature.

View full review »

The user can apply for all kinds of device systems, no matter whether he/she is using Windows or Linux. It can easily collect the logs. In addition, the user can have an index which can help us to collect and analyze all kinds of logs and find the outstanding issues.

View full review »

The dashboards are the most valuable feature. We like the ability to drill in and see what queries are under the dashboard, build new visualizations, edit the querying, and see the reports. The dashboards are very intuitive and similar to SQL. They are easy to set up and get running.

View full review »

The ability to create dashboards.

You can run reports against multiple devices at the same time. You are able to troubleshoot a single application on a thousand servers. You can do this with a single query, since it is very easy to do.

View full review »

Being able to search across all the different production environments at the same time, then being able to do search queries to scope out specific environments, specific components, or specific logs from different languages, such as Java or C++. Thus, being able to have really fine grain control on log searching is really good.

Out-of-the-box, it seems very powerful.

View full review »

We like the dashboard creation and the ease with which we can harness the APIs to create custom BI dashboards on the fly. This adds most value for us. The nature of some of our microservices that I have run on the cloud are mixed workloads, wherein with the flow of data, it can change over time. In order to adjust for this, and cater to the needs of some of our internal customers, BI dashboards need to be created, tweaked, and modified. Also, doing this by hand is next to impossible. Therefore, we have strung all of this through a programmatic pipeline, which s something which we like because it is easier for us to harness it utilizing the API.

View full review »

Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc.

View full review »

The most valuable feature is its centralized log analytics.

View full review »

It provides logs in one place, so they are easy to find. It collects the logs from multiple places, then you have just one place where you see the whole flow from the front-end to the back-end. This is the best thing.

View full review »

It has a big user base, so the community is useful.

View full review »

• Easy indexing.
• The solution is faster.

View full review »

• The product is adept at log mining.
• It has the flexibility to do multiple analyses.
• It works across heterogeneous environments in different ways. 

View full review »

There are a lot of plugins to integrate this. The client site login is pretty extensible and probably cost-effective. Plus, it is easy to configure.

View full review »

The most valuable features are understanding the visualization compass on the dashboard, as well as the reports on the dashboards.

View full review »

The auto-notification abilities are a huge benefit for us.

View full review »

The dashboard centralizes the daily routine. We used to do this by hand. Now, we go through daily checklists, using the dashboard and setting up the alarms. It helps us to cut down the time on this routine. 

I am a cybersecurity director. I manage five different business lines. Every morning, we used to have to go to different tools to get our daily routines done. With Splunk, centralized as it is, we can see everything in one place. We use it not only for monitoring events, but in case we need to do a group call. We can see what's going on, viewing all of the offenses and security events which are happening in our infrastructure.

View full review »

• Drill down
• Apps
• REST API
  
• Software development kits
• Architecture
• Replication capabilities
  

View full review »

• The easy automatic field parsing of logs. 
• Data model acceleration
  
• The ability to easily have access and install Splunk add-on plugins and custom apps. This greatly assists with using it to connect to various systems easily and use it as a centralized data sink.

View full review »

UBA, User Behavior Analytics.

View full review »

The following are top three features that I find quite valuable:

1. Capability to expand the functionality through custom code for data inputs, commands, visualization, alerts, and machine learning.
2. Quick turnaround time for setting up monitoring and alerting with built-in capabilities, plenty of enterprise grade apps available on Splunkbase, and custom coding based on Splunk development skill level.
3. Free Splunk license for PoCs on personal machines and the ability to scale the PoC to an enterprise level app.

View full review »

Search and Dashboarding: Allows us to quickly search for an error and plot the results on a chart.

View full review »

Splunk's ability to receive all types of data and identify it correctly. It obtains a correlation of the logs and identifies incidents.

View full review »

The search application has been the most useful. We have also liked the reporting features and dashboard capabilities.

View full review »

The best features would have to be the ability to ingest any data and display it in a way that anyone can understand.

View full review »

Its huge, versatile AppBase helped me to configure and bring data from different sources to a unified platform. 

View full review »

• Regex for fields creation is great.
• High availability
• Easy to use in any environment.

View full review »

There are too many features to list, but here are a few:

• Schema on the fly

• Ease of onboarding data

• Machine learning

• Apps or Splunkbase.
• Great list of apps to use and build upon once you learn more about how Splunk works.
• Ease of correlation, creating correlation searches (easy), and you can combine multiple sources with little effort.

• Data Models Acceleration for super fast searches across tens of millions of events.

• Common Information Model

• Security Essentials App

• Enterprise Security

• Splunk SPL (Search Processing Language) is easy to learn and has IDE like capabilities.

• Log storage or compression is great and retention is not an issue.

• Dashboards are simple to create and has input options, like time range and text.
• Drop-downs are simple to create.

• The integration with cloud solutions is great and keeps getting better.

View full review »

The correlation searches (properly configured) populate the Incident Management dashboard and provide me a quick birds-eye view of my most important concerns.

View full review »

Splunk's schema on demand is incredibly useful. I do not have to worry about what my users will need when we onboard their data. They can make connections that we could not have foreseen. They dig deeper when they are searching.

View full review »

Low barrier to start searching with the ability to normalize data on the fly.  

I have also been able to take advantage of some of the more complex statistical capabilities when analyzing logs.

View full review »

The ability to manipulate data in Splunk is unparalleled. Splunk’s powerful, flexible query language can morph difficult to understand log formats into usable data. 

Correlating data across different systems via one interface will allow you to know your environment or identify incident data in ways you never imagined.

View full review »

The most valuable features are:

• Risk analysis
• Machine Learning Toolkit
• dbConnect
• Cisco products
• eStreamer
• SIEM. 

Visualizations are the best way to understand deviation techniques from the norm.

View full review »

The search language is easy to understand and teach to new users. The SDK is comprehensive and has incredible levels of integration with the platform and data. 

View full review »

So many of Splunk's features are invaluable to us:  

• Machine and business data retention
• Solid HA and distribution
• Adaptability to custom data
• Search, Search, Search.

View full review »

It brings together all sorts of data. It has the ability to correlate data, analyze and review it. This makes weekly ops reviews and monthly executive management reporting much easier by saving hours of collecting data. Report automation has been a life saver.

View full review »

It is ease to integrate with other solutions, like Slack, JIRA, Remedy, etc. 

View full review »

Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations. The flexibility of Splunk as well as the resources available for learning and support are the best in the business. 

View full review »

Aggregation searches, allowing for conditions to be automatically found in the data, have reduced time and difficulty of identifying trends and conditions which need to reviewed.

View full review »

• Unstructured data
• Linking things together
• Building out stuff which is actionable.

Once you learn SPL and what data you need to obtain and merge together, it is really useful. 

View full review »

Personally, I like the capability of removing sensitive data before it goes into Splunk. I also like the ease with which dashboards can be created.

View full review »

It has a low barrier to entry, but it is extremely extensible, allowing it to be tailored to highly specific use cases. It makes searching through a wider variety of logs much quicker and enables you to correlate events from one log to another.

View full review »

Integrity with many vendors: This simplifies the implementation and integration with different devices. 

View full review »

Searches logs from all devices and gives valuable information to the organisation, so it can drill down on all reports and security threats. 

View full review »

The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time. The added security has proven effective as well, but given that we have not yet created the perfect model, we still find ourselves striving to develop a more efficient and predictive security analysis and action plan within Splunk.

View full review »

Deployment server for deploying changes in one go.

View full review »

There are too many features to list, but here are a few:

• Schema on the fly

• Ease of on-boarding data

• Machine learning

• Apps or Splunk base.
• Great list of apps to use and also build upon once you learn more about how Splunk works.
• We build many of our own apps by leveraging the logic in the others.

• Ease of correlation, creating correlation searches are easy and you can combine multiple sources with little effort

• Data Models Acceleration for super fast searches across tens of millions of events

• Common Information Model

• Security Essentials App

• Enterprise Security

• Splunk SPL (Search Processing Language) is easy to learn and has IDE like capabilities

• Log storage or compression is great and retention is not an issue

• Dashboards are simple to create and the input options like Time Range, Text
• Drop-downs are simple to create.

• Integration with cloud solutions is great and keeps getting better.
• Can get info from rest API’s easily and there are apps for services like ServiceNow, Azure, Office365, etc.

View full review »

Splunk has great interoperability with other applications through their SplunkBase app store. The apps can quickly provide visibility and streamline complex data mining tasks.

View full review »

Splunk Enterprise Security is most valuable, my clients use it as a SIEM solution. Splunk gives them the ability to bring multiple, disparate types of data together, then correlate and report on them.

View full review »

Splunk's capability to receive any types of logs and index them is a very good feature. To get visibility from your network devices, servers, and security devices is a great feature.

View full review »

Splunk can be seen as a huge box that allows the storage of all sorts of logs. This allows the centralization of data and makes possible new sorts of correlations that were previously impossible using traditional SIEMs such as ArcSight or QRadar. Splunk allow schema on the fly and therefore simplifies all the data onboarding process. All that leads to flexibility when it comes to defining the metadata since it is not necessary to have all the fields defined and extracted to be able to use Splunk.

Another great feature is the field extractor that allows persons with little or no experience with Regex to define fields and extract valuable information from the data.

Finally, the ability to connect with various sorts of databases, NoSQL solutions, makes it a very powerful tool, not only as a SIEM but also as a datalake for machine learning and data analysis.

View full review »

Splunk has a single purpose in life: ingest machine data and help analyze and visualize that data. The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data. It does a great job at handling unstructured data. Breaking data into key/value pairs so that it can be searched is relatively painless.

View full review »

The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature.

View full review »

• The speed of the search engine

• All the types of data sources that you configure can be forwarded to Splunk.
• The ease-of-use

View full review »

• Event matching between several appliances
• Correlating data from different sources
• Report viewer

View full review »

• Splunk delivers a holistic view of an application (the big picture).
• Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value.
• Significant reduction in mean-time-to-investigate (MTTI) and mean-time-to-resolve (MTTR) production incidents from days to hours.
• Splunk visualization capabilities help pinpoint problem areas, spikes, and anomalies easier and faster.
• Ability to monitor and resolve integration problems before they impact the business user area.
• Splunk is being used as part of the development life cycle, resulting in better quality and more efficient applications.
• Provides additional insights into a 360 degree view of the customer.

View full review »

The analytics and querying the indices is super easy.

The data representation options in the dashboards are excellent.

Multiple datasource/filetypes are supported and each can be customized in a few clicks.

View full review »

• Flexibility when creating dashboards
• Automated cron searches
• Real-time and scheduled searches with alternate functionalities
• User-base integration with LDAP

View full review »

They provide excellent predefined user cases.

View full review »

• Collects data from any source
• Powerful search, analysis, and visualization
• Easy to build system on any platform
• API and easily integrated search
• Action script

View full review »

Rapid search is a valuable feature. Performance and incident response were the top priorities for most MSSPs. Breaches of SLAs will have a negative impact on customer trust, which eventually leads to losing customer confidence on services to which they’re subscribing. Hence, the proactive approaches will be the main differentiator from one MSSP to the others.

View full review »

• Can ingest data from various data sources.
• Is very useful for organizations who are attempting to meet compliance requirements.
• Is able to fully configure and integrate various solutions into one tool and provide actionable results.

View full review »

Splunk's schema-on-read technology is one of the most valuable characteristics of this solution. It allows us to store raw data and use it repeatedly for different domains. You don't need to prepare the data upfront.

Splunk's Search Processing Language (SPL) is another beneficial feature. It is a very powerful tool that gives you the ability to do almost anything with your data.

View full review »

What Splunk calls operational intelligence: fast availability of operational data spread across several servers to prevent or react faster to outages or performance decreases.

View full review »

Its performance, scalability and most importantly the innovative way of collecting and presenting data.

Fast search! Imagine a scenario with an application environment where a couple of modules are based at a different servers. There is a system issue and a check needs to be completed in a timely manner. Traditionally engineers would have to login to the servers, navigate to different folders and load the log files to check for errors. Splunk can give this at a glance for all of the systems at once! Furthermore a “trap” of known errors could be saved and a real time alert setup to send an email in a meaningful way with relevant details (e.g. priority, affected systems) and instructions what needs to be done next.

View full review »

Great Log management capabilities with flexible and comprehensive search capabilities. Scalable and Easy to use.

View full review »

Splunk – ease of searching large amounts of data.  View full review »

The Splunk user community and forum are most valuable.

View full review »

I am just a user, and from a user's perspective, it does the job.

It has quite extensive support in terms of integration. If you want to do anything, there are tools for that.

View full review »

The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good.

View full review »