Splunk Enterprise Security Reviews

We used it to create a full security operations center (SOC) for our IT department by adding all network and security devices, the AD, and mail servers to it. Then Splunk started to receive their logs, it analyzed them, and provided useful reports.  

It helps the IT staff to monitor the full structure. It also makes use of all logs and takes proactive actions.

Integrity with many vendors: This simplifies the implementation and integration with different devices. 

Enterprise security: Splunk must work on clarifying the solution to customers and explain how to gain more from it.

We are using it for operational intelligence. We are using Splunk as a data lake for machine data. We gather all our machine data from the IT infrastructure and monitor its health.

Splunk's schema-on-read technology is one of the most valuable characteristics of this solution. It allows us to store raw data and use it repeatedly for different domains. You don't need to prepare the data upfront.

Splunk's Search Processing Language (SPL) is another beneficial feature. It is a very powerful tool that gives you the ability to do almost anything with your data.

Visualizations can improve. There are some performance and stability issues with the visualization layer.

There were stability issues, but only with the visualization layer.

There were no scalability issues.

The technical support is quite good.

Previously, we worked with different vendors and solutions.

The setup was very straightforward.

The price is pretty high for our region.

We did a SIEM solutions review with this and other systems for one of our customers.

This is the right choice if you are looking for a platform that can combine all machine-generated data and use it for various use cases from different domains.

We use it for security operations and management.

The Splunk user community and forum are most valuable.

Its interface could be improved. 

We have been a reseller for three years.

It is stable. It is very powerful.

Their support is good.

Its initial setup is complex. You're going to need deployment services from somebody who is an expert in the product. You would need at least two users. 

It is hard to integrate because it can do so many things. A lot of people think it is a set-it-and-forget-it solution, but it is a full-time job for somebody. I would advise others to plan and prepare for ongoing management. It requires a dedicated person for management. 

Compared to other SIEMs, it is a 10 out of 10.

Our primary use case is for monitoring and cybersecurity.

The clusters are hard. It has too many moving parts. 

They should make data onboarding easier.

Its ability to scale nicely is one of Splunk's strengths. You just horizontally add another machine and you get your scalability.

Our clients switch from Nagios or other monitoring solutions because the other solutions were not as flexible as Splunk. With Splunk, you can do things very programmatically. With a help of a developer and included SDK you can add needed functionality.

The initial setup is really straightforward. It's one of the easiest installations. 

This product doesn't have any kind of dependencies, it just worked from one package. Install it and boom, you have a working solution.

Splunk is on expensive side.

There are some premium add-ons like Splunk Enterprise Security or ITSI which makes it more expensive.

I would advise to get Splunk professional services from Splunk.

• Event matching between several appliances
• Correlating data from different sources
• Report viewer

It helps us to detect viruses and security events from our network.

It needs documentation, and "how-to-do" information. It's complicated to build reports and views.

I have used Splunk for about two years.

There were no stability issues. It was running on a VM over Hyper-V.

There were no scalability issues. It was running on a VM over Hyper-V.

I used support a little bit for some templates for formatting data from Cisco and Fortinet logs. They were very fast with their response. I didn't have any support contract, but only entry level support.

This was our first try for log analysis.

The setup was easy.

There is nothing to say. At that time, it was for GBs of data received.

We did not look at alternatives. It was a consulting provider recommendation. It was a rapid implementation to accomplish legal requirements. After we used it for a while, we decided to keep it.

Check for the plugin to format data of already completed templates for the appliance to which you want to keep logs and events.

There is improvement needed when importing from some types of data sources. Most of the time you have to do some customization for the data because not everything is working the way it should. Additionally, in other solutions, it is easier to build use cases.

I have been using this solution for approximately three years.

I have previously used Curator and it was much easier to use than this solution.

I have found the installation can be of medium difficulty to very complex depending on the use case. It is not easy for new customers. You need to have the experience to be able to do it.

When using this solution for Security Information Management(SIM), I highly recommend importing data sources from the whole cycle for the service security chain. Some people only use main inputs and not all of the data sources they have. They might not have some data sources, in this case, you can purchase one or there are free open-source ones available. You will then have this data source that can enrich your life because many correlations are done with this data. 

I rate Splunk an eight out of ten.

The solution is very fast and succinct. 

When it comes to out of the box use cases, I feel the solution to be too slow. 

I have not been working with Splunk for long. 

The initial setup was simple. 

It took an hour. 

Curator is more scalable than certain other solutions. 

We are partners of Splunk and provide the solution to customers. 

I feel Splunk is easy to utilize. 

My company has an app. on which the solution is deployed on-premises on a single server. 

There is another team in my company that works with Splunk products. 

I rate Splunk as a seven-point-five out of ten. 

My primary use case for Splunk is for log file visualization and monitoring alert management.

The way this solution has improved our organization is by its ability to do a quick search and immediately stop an incident from happening.

The auto-notification abilities are a huge benefit for us.

After a crash, the product takes a while to recover.

Sometimes we have had instances when it will not run for a couple of days. There is room for improvement here.

There are lots of use cases and features that make Splunk a good choice for us.

I have no opinion on the pricing of the product. 

We considered Datadog and Zabbix. In comparison to those options, Splunk has virtual visualization. Furthermore, it can be a host on our environment. Typically, we cannot deploy SaaS on our environment, but with Splunk, we can. 

When Splunk failed, it took time to recover. We had to recover it from a snapshot. It took a couple of days, and it was as if it had crashed.  But, the instance was resolved.