Splunk Enterprise Security Reviews

• Log collection and analysis
• Reporting for the whole enterprise environment.

Improved visibility.

Log search and alerting/reporting.

Code understanding requirement is complicated for most users.

• Cybersecurity defense
• Web app monitoring
• VMware monitoring
  

• Troubleshooting
• Cyber defense
  

• Drill down
• Apps
• REST API
  
• Software development kits
• Architecture
• Replication capabilities
  

• Multi-tenancy support
• Improved user interface
• Non-proprietary search language
• Different licensing model

• Log monitoring and alerts
• Looking up information 
• Dashboards for nice, fast information about various application servers.

• It is easier to find problems and exceptions.
• It is used by any factor in the firm.
• Easy dashboards creation.
• The visibility is amazing.  

• Regex for fields creation is great.
• High availability
• Easy to use in any environment.

Make it easier to include roles and user controls, as it is horrible now.

Not even Splunk's support guy, who came to our firm, could help with defining proper role management.

It is a pretty high cost solution, but if your organization has the funds, it can bring many benefits.

• Collects data from any source
• Powerful search, analysis, and visualization
• Easy to build system on any platform
• API and easily integrated search
• Action script

We have over 7000 devices in our network infrastructure for monitoring, maintenance, and performance assessment.

We achieve this by collecting data and applying the analysis.

I have used this solution for one year.

We did not encounter any issues with scalability. Everything is normal with no bugs.

It’s easy to obtain support from Splunk for technical issues. We also have enough knowledge ourselves to apply fixes.

We used to deploy Elastic Stack. The search language of Splunk is easier and friendlier than Elastic Stack. It has helped me to search quickly and easily. Based on the results, it’s easy to visualize and add results to a previously built, personal dashboard.

Licensing is free. Pricing is based on usage.

We evaluated Elastic Stack and Sumo Logic.

If you are an enterprise and you need the best service for critical business analysis, Splunk would be one of the best choices.

• Can ingest data from various data sources.
• Is very useful for organizations who are attempting to meet compliance requirements.
• Is able to fully configure and integrate various solutions into one tool and provide actionable results.

My use of Splunk at my previous place of employment improved how we functioned.

I have used Splunk for three years.

We didn’t have any stability issues.

We didn’t have any scalability issues.

During our use of Splunk, we had professional services assisting and not actual technical support. However, the professional services team was great.

Our organization did not have an established SIEM tool.

The initial setup is straightforward, depending on the level of implementation of the tool.

Take into consideration the labor costs for a dedicated Splunk developer who can craft the required queries needed for each organization. Organizations usually have their own form of implementation of each tool.

We didn’t evaluate any alternatives.

We enjoy the whole solution. It is meeting our requirements, especially the SIM solution. 

The alerts are very user-friendly.

We can easily configure things as required in relation to our use cases.

The search functionality is good. It works like Google. 

Onboarding is quite easy.

The scalability is good.

Product-wise, the performance is good. 

From the commercial point of view, they have to bring down their costs. It's a bit pricey right now. The license is quite expensive. 

Much like the SOAR platform, which has security, orchestration, and automation response, all of that should be part of the SIM solution itself. Currently, it is actually separated.  We understand that we have to integrate a SIM with a SOAR platform, however, if they could combine these two products together, that would be ideal. It would make things easy to implement and make more automation possible to avoid false-positive alerts.

We've been using the solution for the last four years. It's been a while. 

The performance is good. It's stable. There are no bugs or glitches. It doesn't crash or freeze. 

The scalability of the solution is very good. If a company needs to expand, it can do so. It's easy.

The solution can be expensive. It's not cheap.

We are customers and end-users. 

I'd rate the solution at a nine out of ten. 

We use it to do SIEM. 

It can log more logs than other solutions. It's a good way to troubleshoot problems.

Splunk is a good solution to collect more events than other solutions. It's a good solution, for me, for this reason.

Cybersecurity and infrastructure monitoring have room for improvement. 

On a scale from one to ten I would rate the initial setup a seven for its complexity. 

We also looked at AlienVault.

I would rate it an eight out of ten. 

Splunk is more efficient than other solutions but it's also more expensive.