Splunk Enterprise Security Reviews

The visibility that it provides is awesome. You can connect it to whatever you want and create whatever visibility you want. 

Its insider threat detection capabilities for helping our organization find unknown threats and anomalous user behavior are great. They have a lot of built-in capabilities for analytics, and they can provide a lot of visualizations and insights into whatever is being brought into it. The threat intelligence that is part of the platform itself is awesome.

In terms of actionable intelligence, it depends on what you bring to the table. The platform itself gives you the capability to make threat intelligence actionable, but if your feed is not good, it is of no use. There is a lot of noise within the SIEM. This is not on Splunk. This is on the SIEM, but Splunk does help to eliminate a bit of the noise and create a more cohesive view of the intelligence you digest.

Splunk is very good for analyzing malicious activities and detecting breaches. Its ability to connect things that are manually hard to connect is awesome. It is a bit lacking when you compare it to Microsoft Sentinel because Microsoft Sentinel already brought the SOAR solution, which in the case of Splunk comes at an additional cost. When I used it, they did have it quite expensive, but as a SIEM, if you compare Splunk to other SIEMs, it provides you with a great ability to detect and understand that you have something that is suspicious and anomalous within your network. Its ability to connect us to that otherwise cannot be connected by humans is very good.

It helps to detect threats faster, but I do not have the metrics. When it comes to reducing the alert volume, it is not Splunk. It is more of the analyst's work on top of Splunk.

Splunk definitely helps speed up our security investigations. It has the ability to connect and bring information with the click of a button. 

I have used Threat Topology and MITRE ATT&CK framework. It was very good for management but not so much for analysts' day-to-day work. It is a cool feature that helps you bring money from management, but it is not something that an analyst will use on a day-to-day basis.

The ability to digest any information and then correlate it in accordance with what you need is valuable. The ability to connect to pretty much everything and bring the information in the same format is also valuable. On top of that, we can use their language in order to create and customize the dashboards, correlations, or analytics that we want to incorporate. They also have a lot of out-of-the-box correlation that we can use, which is awesome.

They can incorporate the SOAR solution within the actual product so that we do not require two different products, two different installations, and two different pricing methods. In regards to UBA, I am familiar with the UBA that existed two years ago. I am not updated about it today, but two years ago, UBA required such an amount of data that from a cost perspective, it was not worth it. When you compare it to what you get out of the box with Microsoft Sentinel without additional costs, there is no match. 

I have been working with it for the past five or six years. 

It is very stable. I did not have any crashes or malfunctions. It does have a bit of a stretching point when you are doing a very large query or you are retrieving a lot of data. For example, when you are retrieving months of logs in order to conduct an investigation. However, that is at the edge of the product. On a day-to-day basis, it is very stable. It does everything that you need to do. We did not have any crashes in either of our implementations. We did not have anything major.

In the on-prem environment, it is scalable, but it requires work because you need to install indexes and forwarders. It requires more work from someone who is specialized in that domain, but in the cloud environment, it is super easy. It is very scalable. You can just grow as you need.

Their support is awesome. I would rate them a ten out of ten. It is not just the technical support. Their documentation is also good. The whole support system is awesome.

I used it in my last organization. In my current organization, we have adopted Microsoft Sentinel. I am creating a new managed service company, so it is going to provide service to multiple clients. We have multi-tenancy and full cloud environments and monitoring of on-prem solutions. When I implemented Splunk, it was not used for multi-tenancy. Their multi-tenancy was not that great. It was the old solution, but they now have the cloud environment that is more supportive of multi-tenancy, but with their on-prem solution, for multi-tenancy, we could just play with permissions. It was not the best. It was not proper multi-tenancy where you need different databases and different control planes. It was not the ideal solution, but now they have the cloud environment.

The experience that I had a few years ago was for on-prem, but now, I do have an implementation that is cloud-based. We are implementing it cloud-based for one of our customers. It is deployed on AWS.

The initial deployment is very fast. It is very quick. The on-prem can take a few days, and it is up and running. If it is on the cloud, it is already installed. You only need to connect all the source logs. The duration depends on the number of source logs. It differs. I had a project where I connected all my source logs in one week, and I had a project that took about four months, but the number of logs was different. The complexity was different. We had to create our own connectors and our own parsers.

The pricing is very complicated, and it is very pricey. You do require a lot of different licenses in order to get a comprehensive solution that is not just the SIEM solution.

To someone who is evaluating SIEM solutions but wants to go with the cheapest solution, I would recommend QRadar.

Overall, I would rate Splunk Enterprise Security an eight out of ten. There are several reasons for not rating it a nine or a ten because the pricing is very complicated, and it does require someone who is knowledgeable in the platform. You need someone who is specialized in that. Fortunately, I have these people, but when I tried to look for one in the beginning, it was not an easy job to find someone who was very skilled in this platform. Once you have such a person, it is awesome. You can do whatever you want. The sky is the limit. In fact, not even the sky is the limit. It does provide a very comprehensive solution. It does provide tons of flexibility. It is the platform that you should go for when you need something that is not ordinary or not your typical SIEM solution for a typical organization. It is the platform when you need something that will provide more. For example, one of the projects that I worked on was related to a SOC that needed to digest information from multiple organizations that already digest information, and we had to create cohesive use of that. In such a case, this is the platform to work with because it provides the flexibility that no one else provides.

We primarily use the solution for SOC purposes.

The solution has made it possible to check and detect our traffic a bit better.

The incident review is great for working inside of a SOC if we want to see everything and we want to configure notables and have all notable features, it's useful. We're moving to SOAR right now for configuration for our work center. As far as ES in our work center, just detecting our notables and monitoring all our traffic, is the most important feature as far as what our day-to-day is concerned. 

Splunk has helped us with mean time to respond, although I don't have exact numbers.

Splunk has helped improve our company's resilience level.

Splunk is very good at predicting, identifying, and solving problems in real time. I've never used anything else, however, I'm impressed with the ease of it and the ability to find anything and everything we need. 

I do a lot of the maintenance. A lot of my workers are fresh into Linux and need to monitor, manage, and do maintenance on it. They should bring back the maintenance mode button. Splunk used to have it and they took that feature away.

The upgrading process could be smoother. 

I've used the solution for about a year.

The stability and availability of Splunk are great. It does get weird when we initially update items, however. That's the only time we see issues. It may try to input data in areas it doesn't need to. That said, we are aware of the quirks of the setup. 

Scaling is easy if you have done it a couple of times. 

The environment I have has multiple servers. We might have around 100 servers. 

Splunk support is very communicative about our concerns. That said, the answers I've gotten back don't make sense. I'm not sure if they communicated our issue in the right way or if they misunderstood, however, they did not correctly address our issue. In the end, we do have a good dialogue. I now expect that they will misunderstand the problem on the first round and we have to go back and forth. The effort is there to try to understand. 

Neutral

The company may have had QRadar for a while before Splunk. I wasn't around when they switched to Splunk so I cannot compare the two. 

I was not involved in the initial deployment of Splunk. 

The company has witnessed an ROI in terms of the amount of time saved via being able to tweak our searches. The docs are great. They help tremendously in filling knowledge gaps. The ROI is solid. 

I don't deal with pricing or licensing. 

I've only worked with Splunk as far as data ingestion. 

The solution does take a bit of understanding. It does need improvements in some areas. I'd rate the solution seven out of ten. 

I have worked in a couple of areas of Splunk. Initially, I was part of a monitoring team that used it for security information. I used to monitor security alerts which we used to get on Splunk, which was based on the use cases and we set up specific rules for it. Currently, I am part of the administration of Splunk. Now I onboard different log sources to Splunk. We pass over the logs so that it can be used for the security team.

It helps with security and making sure our infrastructure is compliant. It also allows reporting to be in one centralized location. We can monitor the security logs effectively. It really helps as a cybersecurity element for the company infrastructure to protect us from attacks.

It is quite reliable in terms of data. We have a good amount of licenses currently and find it to be very flexible. It can handle and pull up any amount of data.

Splunk is very fast and user-friendly as well. The UI and design is user friendly. It is easy to understand. 

We can do a lot of things on Splunk. We can integrate a lot of other applications on Splunk. And that can be used for day-to-day security operations. It is easy to use, easy to implement, and it is fast. It is reliable.

Our organization monitors multiple cloud environments. We monitor all the infrastructure and cloud environments of clients.

It is easy to monitor multiple cloud environments with Splunk. You have to get clients onboarded to Splunk first, and then the monitoring part comes last. We have a couple of things that have to be done before the security team starts monitoring. For example, we install the agents and set up the hosting. We get the data from the host, we pass it. It is quite a lengthy process. It is easy, however, we have to do it very carefully and cautiously.

Splunk Enterprise Security provides visibility into different environments.

The solution's insider threat detection capabilities for helping our organization find unknown threats or anomalies in behavior are good. We have multiple security frameworks. For example, we have micro frameworks. There are different sets of rules. We set it. What Splunk does internally is just match the incoming logs. Based on the rules that we have set, it will match with the incoming logs. If it matches, then it will generate alerts for the security team. Based on that, we can identify if there is a potential threat trying to get into the company or internal infrastructure. 

The actionable intelligence provided in Splunk Enterprise Security is good. 

It will help us to automate things and can handle certain items on its own. It will just investigate, remediate, and close the necessary alert. If it is beyond Splunk's capability, then an investigation team will be involved in it. 

I have used the threat topology and attack framework feature, however, now I am more of an administrator.

Splunk Enterprise Security is good for analyzing malicious activities and detecting breaches. There are a couple of other tools as well, which do the same thing. However, with Splunk, it's very easy to work with the dashboard and do search queries. You can easily look through the logs via Splunk UI.

The solution helped reduce our alert volume. It will just minimize the false alerts, and just post positive alerts. It's likely reduced false alerts by 60%. A lot is automated now and that helps cut down on manual work.

The solution has helped to speed up our security investigations. Once again, the automation will speed up the process of investigation. It saves a lot of time for analysts as it allows them to see the initial data. If a team has multiple alerts, it will take them time to go through and check everything. However, Splunk does the initial investigation for analysts and will escalate to analysts as needed. It might have reduced security investigations by 80% compared to earlier versions. 

When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time. We wouldn't have to write anything. We would just like the raw log automation.

I've been using the solution for three years now. 

It is a stable product.

There are two types of users: the administrators and then the users where the logs are coming from. We have about ten to 15 administrators working directly with Splunk. Overall, there may be more than 1,000 end users we get logs from.

The solution is scalable. In terms of data, it's very flexible. 

Technical support is good.

Positive

I've used other solutions in the past. We previously used
ArcSight Enterprise Security Manager (ESM). It was older and very slow. Comparatively, Splunk is very fast and it has a better UI.

The initial setup was easy. It was not complex. I didn't do the implementation on my own. The deployment times vary. There are many moving parts, such as approvals that need to be taken into consideration. 

We get logs from various sources from various clients.

It does require a bit of maintenance. It requires, for example, server upgrades and patching. 

I can't comment on pricing. I don't take care of that aspect. 

I'm a customer and end-user.

I'd recommend the solution to others and invite them to test the service first on the infrastructure they have. It's a very valuable product to have.

I'd rate the solution nine out of ten.

I am the branch chief. I use Splunk Enterprise Security depending on how swamped the team is. I use it for anything from basic searches to DDoS attacks, which is a big thing right now. So, DDoS attacks and phishing emails are a lot of what I am using it for.

We had FireEye before and then we went to CrowdStrike. Splunk has definitely helped to have everything into the tool. It is a lot easier to complete the tickets. It saves, on average, a couple of hours a day. We just go to Splunk and then provide data and work with different people on the tickets, so it saves hours each day. We have been able to allocate these hours to other projects or things that are more of a priority. We are able to do different projects that were on the back burner. We can put those hours towards other things.

Splunk has improved our organization’s business resilience. We are able to give leadership updates through dashboards versus the actual metadata. It is easier for them to understand and provide leadership.

Splunk’s ability to predict, identify, and solve problems in real-time is very good. It is proven. Every couple of weeks, it catches some of the things that our SOC team did not catch and provides alerts, so its real-time capabilities are very good.

Our team has overall benefited from Splunk. We had FireEye before, which was not that good. We are able to benefit from Splunk not only in terms of instant response. We also have other teams doing vulnerability management using the Prisma systems. It is important that Splunk provides end-to-end visibility into our native environment. We use it for Prisma and instant response. Without Splunk, we would not be able to do some of the things that we need to do unless we went to individual tools, and we do not have the resources for that.

Exporting is a good feature. It helps me out when I have to do reports. I do a lot of exporting and crunching of the numbers. Dashboards are okay for showing to the leadership, but for doing statistics and updating tickets, the export feature is very beneficial for me.

They offer training. That is a big part of it. If you do not understand the tool, they are able to provide everything that you need, which helps the business. When you have learned a tool, you are able to speed up the process meantime, so you are not wasting a lot of man-hours trying to figure things out. 

I do not have any areas that can be improved. It works as intended for us, and we are getting everything that we need out of it. If anything, its initial setup can be improved a bit. 

In terms of additional features, I am still learning SOAR and everything else, so I do not have any feature requirements at this time, but as we do these SOAR operations, there might be some additional features that we will need.

I have been using Splunk Enterprise Security since 2016.

It is very good as long as you have the scope of how many servers, processors, and other things you need. There was a learning curve of making sure our servers were beefy enough to handle the data. We had four terabytes of data coming in every day. We were maxing out our systems a little bit, so we beefed that up, and we have had no issues since. 

Its scalability is easy. On-prem was very easy, and on the cloud, you have to learn and adapt a little bit, but scalability is perfect. 

I only reached out to our Splunk contacts, but my team reached out to Splunk's support team. I have not had any issues where they told me that they did not get the support they needed. They might take time to figure out what the issue is, but overall, I would rate their support a ten out of ten. 

Positive

We used FireEye, which was our primary one, and then we had CrowdStrike. Splunk has definitely been wonderful for us. The biggest reason for switching was integration. It is very easy to get all the tools fed into Splunk. They also had a cloud version, which was another reason. We are doing a hybrid setup, so cost savings was also a big factor.

I was involved in its deployment. I am the system owner of it. I am in charge of it, so I oversaw the project deployment. There is a learning curve with the hybrid setup with the cloud and on-prem, but overall, I am pretty satisfied with it.

We have an on-prem and a cloud environment depending on the platforms we are using in the system, so we have both environments. The challenging part was getting everything set up and fed into Splunk, but once it is set up, there is no difference in using it on-prem or on the cloud. We do not notice any real difference in it. 

The initial setup could be improved a little bit. It depends on your local team, firewalls, and other things like that, so there was a learning curve for the teams to learn how to set it up. That part could be improved, but once you go through it, it is not an issue. 

We had the Splunk team, and they did wherever they needed to get everything deployed. Our experience with them was good. We have worked with Splunk for years now. Their support has been very beneficial. If I have a question, they jump right on and let me know. They walk me through it and give me updates, so I am pretty happy with Splunk.

We have seen an ROI in terms of the mean time to resolution and man-hours. We are able to allocate those hours to other things. We have not got there yet in terms of the upfront costs, but we will get there over time.

When it comes to the time to value, we are getting there. We have not got there yet, but over time, we will get to the time to value.

Its price is fair. Like with anything else, if you go into the cloud, different providers cost more, and you are able to throttle back or throttle up. The cost is comparable with anything else.

We evaluated other options. We had to evaluate the pros and cons in terms of the cost and the capabilities of each tool. A lot of that went into the proof of concept. We did our due diligence and determined that Splunk was the best fit for us.

I would rate Splunk Enterprise Security a ten out of ten. It gives us everything we need, and its capabilities keep on improving, so it is getting better. 

We use it to provide both operational and security dashboards based on our clients' equipment. We use it for infra monitoring and threat analysis.

We have multiple rules for analyzing malicious activities and detecting breaches. We get the notable events from the logs and from there we drill down into the cause. We correlate that with the framework and get a score. Based on that, we proceed to the investigation.

It gives us a complete correlation between data processes and security threats. It has threat analysis and the MITRE ATT&CK framework. From a SOC perspective, it uses multiple components or frameworks and, in that way, is very useful, providing us with a lot of information for our clients. They don't want multiple teams dealing with security and malware, et cetera. Splunk Enterprise Security gives us everything in one place.

We get all the real-time logs and, based on the configuration, it's pretty easy to use to find threats. It has helped to speed up our security investigations. Before we went with Splunk Enterprise Security we had limited information but now we have threat intelligence to enhance things.

We are now handling multiple customers globally. We are able to build custom rules based on customer requirements and the applications and data they are using. It is enhancing the security of each customer's infrastructure. We are able to provide weekly and monthly reports and, based on that, our customers are honing their firewalls and other security infrastructure. Splunk Enterprise Security is very helpful in improving the security of our clients.

It gives us good visibility into multiple environments, including cloud, on-premises, and hybrid; irrespective of platform.

The UI is also very friendly. You don't have to work very hard to find things.

One issue is that we are getting a lot of false positives. We are trying to reduce them by customizing the default rules, changing thresholds, and using white-listing and black-listing. It's getting better and better as a result. But they need to build components that would reduce the false positives. 

Also, we have a lot of security feed providers. If there was some kind of management tool for that, it would be a great tool to have.

I have been working with Splunk for about four and a half years.

I started working with Splunk Enterprise Security at version 6 and now we are up to 9 and it needs more resources. But it's okay because we have a lot of functionality now. It's better than it was earlier. I would rate the stability at nine out of 10.

Splunk on the cloud is scalable, a 10 out of 10.

If someone is doing the deployment for the first time, it will be a little complex. The installation is straightforward, but for the configuration, you need to follow the documentation and understand it. That is a little difficult the first time if you are doing it on your own. If you have anyone with experience who can explain the configuration, the second time it will be straightforward.

The solution requires maintenance but not much, mostly when there are upgrades 

Most of the companies we work with are keen on budgeting. They can't spend much on security. Their problem is with the cost. They would like to have it but the problem is the budget. If they got a taste of Splunk Enterprise Security and its benefits, they might be able to cope better. A 15-day trial doesn't give them much hands-on or benefit from the tool. From a security perspective, they would need to have it for six months or a year to get a sense of it.

We try to explain, to someone who is concerned about the cost, the functionality and how powerful the application is. Security people know it's better to have a better solution, but management has to look at the budget.

We tried some other solutions, but they didn't work like Splunk. We found that Splunk is the best one.

We work on multiple cloud environments including AWS, Azure, GCP, and most of the popular clouds. We have built our own combined app to monitor most of the cloud service providers. We have our own solution for cloud security monitoring.

My advice is that for big firms, because it has better detection and security, Splunk Enterprise Security is a very good tool. For big companies, good security is important, especially if they have a global market.

I don't see any other software having as much functionality and different ways to investigate security.

Our technical teams are demoing various enterprise tools to develop experience and knowledge so we can better serve our clients. In addition to Splunk, we are evaluating IBM QRadar and one other solution. One of our customers is asking about the Splunk MSP model.

Splunk allows us to customize processing and dashboards, which helps us take care of our customers' needs. Splunk is costly, but it's better than other products. It speeds up security investigations. It helps us detect threats faster. Everything is faster. The only part that's lagging is the management. Otherwise, Splunk is good. It took about a month to realize the solution's benefits. 

We get few alerts except for the other solutions we have integrated with Splunk. We'll monitor those alerts and support their customers, but we don't have any other mechanisms for databases or something outside of the infrastructure. 

Splunk enables us to customize dashboards and queries, and we can add multiple admin users. We only use the essential parts, including the MITRE ATT&CK framework capabilities. Organizations share threat information under the MITRE ATT&CK framework. We do threat hunting and marketing based on that.

We do manual threat hunting. We get all the IP addresses and check the threat databases to determine if it's malicious. 

The algorithms and alerts could be improved. I would also like to pre-build use cases. We need to create the algorithm based on our use cases. 

The threat management part is still lagging. There are some gaps in threat management. Other vendors have built-in threat management systems, but Splunk lacks the threat management component in its portal. The UEBA and everything else is perfect, but it lacks a unified threat intelligence and management feature. 

We've also had problems integrating the solution. We get multiple errors, like search log errors, UI errors, etc., and performance issues. It's fine with basic content, but if we're dealing with multiple data sources and 30 GB of data, it cannot handle the load. Our customer is indexing around 10 GB of data daily, and I can't search the log without getting errors. 

Splunk Enterprise is stable. 

Splunk Enterprise is highly scalable. 

We haven't had to contact Splunk support because we can find all the answers we need online. 

We also use IBM QRadar.

Deploying Splunk is straightforward. We had no issues. 

Splunk is more expensive than most solutions, but it offers lots of value. If a customer wants the cheapest solution, we'll use that.

I rate Splunk Enterprise Security an eight out of ten. I would give it a ten if it had built-in threat management. 

I use Splunk Enterprise Security for threat hunting.

The end-to-end visibility provided in the dashboards is great for our needs.

Splunk Enterprise Security allows monitoring across multi-cloud, on-prem, and hybrid environments.

Splunk does a good job of ingesting and correlating data.

Splunk provides real-time monitoring.

 The framework's features, such as the MITRE ATT&CK framework, are great.

Our MTTR has improved with Splunk. It has improved our investigation time.

The most valuable features of Splunk Enterprise Security are the enterprise search bar and the dashboards.

The threat intelligence management feature would benefit from a broader range of APIs for enhanced integration. This would facilitate seamless connection with various threat intelligence platforms, as some currently are missing APIs, making integration difficult.

The high cost of Splunk Enterprise Security prevented us from using its full capabilities. 

I have been using Splunk Enterprise Security for one year.

Splunk Enterprise Security has been largely stable, experiencing only a few brief periods of downtime.

We use Splunk and Sentinel for different purposes mainly due to cost factors not because one is better. For example, we use Splunk more for network traffic.

The price of Splunk Enterprise Security fluctuates based on the customer, but I believe it's quite costly, especially for our clientele. Furthermore, to access the full range of features, it's exceedingly expensive to have comprehensive log data.

When evaluating SIM tools and considering the cheapest option, Splunk Enterprise Security might be worth considering, especially for larger organizations. While cost is a factor, Splunk offers significant value, and I recommend it over focusing solely on price.

I would rate Splunk Enterprise Security seven out of ten.

We use Splunk Enterprise Security for insider risk and security operations centers.

Splunk Enterprise Security primarily reduces our lead time for identifying risks and threats. Since a lot of the work is being outsourced or we depend on those new threat intelligence feeds, we're able to identify and triage them quicker. So, it leads to a quicker incident response.

The solution's most valuable feature is threat intelligence correlations. It's too hard to stay up-to-date on all the different data feeds yourself. So, having a tool that does it for you is very beneficial.

Splunk Enterprise Security has increased our alert volume because we now have new data to work with, and we're writing more alerts. We don't use the solution a lot for observability. Usually, our primary use case for Splunk Enterprise Security is cybersecurity.

It is extremely important to our organization that Splunk Enterprise Security provides end-to-end visibility into our environment. That's the primary reason we use it. We want the ability to do everything from one tool without having to trash back and forth and take that precious time.

Splunk Enterprise Security has helped reduce our mean time to resolve. We're at least twice as efficient with Splunk Enterprise Security at identifying risk, following up, tracing it throughout the chain, and resolving it. We still have various toolings, but over time, the goal is to nest everything into Splunk Enterprise Security to make it cohesive from end to end.

I'd love to see more integrations, which is one of the primary points of the key node with Splunk Enterprise Security. I would also like to see more admin capability to enable the health of Splunk Enterprise Security because, a lot of times, it's difficult to know when and why things are failing, especially for on-premises customers.

Splunk Cloud is a little clearer because it has more integrated support. For on-premises, it feels like sometimes you have to guess and then hope for the best. Troubleshooting some things related to Splunk Enterprise Security takes a lot of time.

I have been using Splunk Enterprise Security for five years.

The solution's clustering is great, but it could have easier containerization where it's more dynamic, and you can spin up and scale down as needed. Right now, Splunk is a very large expense for us as far as our cloud environment is concerned. Anything we can do to cut costs would be great.

Right now, we run the servers 24/7 and never change the size unless they're underpowered. We're spending a lot of money on off-hours to keep it alive, which is not ideal.

We've got a lot of experience on our team solving Splunk, but the few times we used Splunk's technical support, we found them to be very effective and efficient. Occasionally, we'll forget to respond to them, and they'll follow up with us, which is usually the opposite of what you see. So, I've got nothing but good things to say about Splunk support.

The solution's deployment was difficult because we were going through admin changes right as we were installing it. It took three admins over the course of five years to get it set up. I think if we had one dedicated admin from the start and kept them on the job until the job was done, we wouldn't have had nearly as much trouble.

We used a reseller to implement the solution.

We have seen a return on investment with the solution.

Splunk Enterprise Security is really strong, capable, and great at what it does. There are obvious areas of improvement, but it looks like Splunk has already identified them and is working on road maps to enhance SOAR integration and AI digital assistance for Splunk Enterprise Security. Once those are fully implemented, the product will further improve.

Overall, I rate the solution an eight out of ten.