I work in the pharma industry, and I use Splunk to aggregate all my reporting logs for my firewall and Active Directory logs. We have anti-spam, web application firewalls, and other solutions to secure our perimeter. We use Splunk for log management and have a stack to transpose a log from the firewall to a VM. When we directly feed the firewall logs to Splunk, they become intermittent and freeze.
We use Splunk to monitor unusual user behaviors. For example, if any user onboards from a different domain, it will trigger an alert. We also get alerts and high traffic when the ADI server is down. Splunk will monitor that behavior or when users make repeated wrong login attempts. My full-time job is managing the IAM product. Splunk is one of our security monitoring tools. Most of my work is on IAM tools like CyberArk and SailPoint, etc.
Director - Application Services, DevOps(Application Support, Build/Deployment), Environment Support at a financial services firm with 10,001+ employees
Real User
Top 20
2024-07-01T17:17:00Z
Jul 1, 2024
We use Splunk Enterprise Security to track threats and errors and receive alerts and notifications. We implemented Splunk Enterprise Security to improve our troubleshooting, mean time to detect and resolve issues, and our alerting system.
We usually use the solution for the same functionality, which includes setting up alerting and making notables. We also use it for the workflow from ingestion, alerting, and response.
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Offensive Cyber Security Analyst at a agriculture with 10,001+ employees
Real User
Top 20
2024-06-13T16:40:00Z
Jun 13, 2024
We use the solution to build correlation searches around insider threats and exultation of data. We also use it for DLP (data loss prevention) and to get more visibility on what's happening in our environment that could increase risk.
The solution is primarily for security incident investigation. Whenever a customer wants to monitor the environment for any security incident or events that are occurring, and they want to analyze the incident when virtual issues happen, that's when we propose Splunk. Otherwise, it's difficult to understand what kind of security event is arising in the environment.
My customers subscribe to many different tools, like CrowdStrike. They ingest all that into Splunk and use it as an aggregator to launch their investigations into any threats detected.
Cloud Architecture Associate Director, Infrastructure at Kyndryl
Real User
Top 20
2024-05-08T18:30:00Z
May 8, 2024
We're using the solution for log analysis and our internal infrastructure. We may use it for customer offering at some point, but currently, it's completely internal.
IT Developer/Architect at a government with 10,001+ employees
Real User
Top 20
2024-03-22T12:49:00Z
Mar 22, 2024
We use Splunk Enterprise Security for various security use cases, including writing correlation searches. This has significantly improved both our use cases and correlation searches. We can leverage existing resources, making modifications as needed, rather than starting from scratch each time. Splunk Enterprise Security provides diverse use cases across different environments, including AWS, Azure, and multi-cloud setups, while also integrating with Microsoft Sentinel. Additionally, we can integrate Splunk's service orchestration product for further automation. Overall, this allows us to automate tasks that security analysts previously performed manually, such as reviewing incident dashboards. We can fine-tune alerts based on analyst feedback. Splunk's research team ensures that use cases are updated with the latest security content, enabling us to understand and implement necessary steps while customizing them to fit our company's needs. This is what makes Splunk Enterprise Security so popular; it streamlines processes compared to legacy security products that often rely on manual scripts. Clients, including government agencies and banks, are transitioning to Splunk Enterprise Security due to its reduced training requirements and comprehensive features. Everything is consolidated, simplifying training and certification. Additionally, integrating Splunk's service orchestration product further automates tasks and improves response times. The substantial investment in Splunk indicates its staying power; no other product on the market currently offers comparable capabilities. Cisco's acquisition of Splunk reinforces its potential for success, combining APM, data logging, and security portfolios. In one financial project involving 600,000 users, we were able to monitor all incoming traffic, identify security activities, and distinguish between legitimate and malicious traffic, including phishing attacks and potential identity-based threats. Splunk enables tracking individual identities, crucial for detecting attacks where perpetrators hide behind compromised identities, often leading to data breaches and other security incidents. We implemented Splunk Enterprise Security to assist with AWS security, which includes GuardDuty, CloudTrail, CloudWatch, and Inspector. These AWS components generate compliance and security alerts, which we correlate and use to create dashboard reports and identify security events for various use cases. We then enable the out-of-the-box use cases and send notable events to the dashboard. The implementation is currently in its early stages.
We use Splunk daily to find the root cause of attacks and analyze users attempting to access our system. We create incidents and address 5 to 7 simultaneously. Once we analyze and record the activity, we can delete the incident. Our admin team will verify whether it originated externally or internally. We use Splunk to respond to security incidents and for data analytics. We conduct custom correlations for the customer and write reports on any attacks. We set alerts for user behavior to discover threats, like if someone is constantly attempting to access our internal domain. The admin will identify that threat and block it.
We typically suggest Splunk IT builds for customers with significant EPS requirements and large-scale data environments. While other solutions like Foundry and IBM QRadar may be popular, they often have limitations in handling big data effectively.
The primary focus of our work with Splunk is on security incident monitoring and security log monitoring. This involves utilizing it to analyze and respond to security events effectively. Additionally, compliance with regulatory requirements is another crucial aspect of your role. We also extend Splunk's functionality to custom applications by writing custom parsers and handling logs specific to those applications. This includes the development of unique dashboards tailored to the needs of each application.
Project manager at a computer software company with 10,001+ employees
Real User
Top 20
2023-12-28T12:57:00Z
Dec 28, 2023
We employed Splunk Enterprise Security for one of our projects. Integrating it into our environment involved opening network ports and making necessary connections.
I use Splunk Enterprise Security for monitoring, threat hunting, and quick response. By implementing Splunk Enterprise Security I aimed to address security challenges and threats for both myself and my clients.
Analyst, TSG Information Security Cyber Operations at a consultancy with 5,001-10,000 employees
Real User
Top 10
2023-11-13T16:46:00Z
Nov 13, 2023
We use the product mostly just to pull out the reports, medical investigations, et cetera. As a security analyst, we can look at and pull data. You can make a central hub for a lot of different sources, including servers and endpoints. It makes it easy to check logs for every device connected.
We use Splunk for log analytics, blocking dangerous files, etc. It helps to shape our security policies. Splunk is managed by our service provider, but we regularly get security insights from them.
We use the solution for tracking successful and unsuccessful logins. We track privileged account activities and also a variety of other things, like developing use cases for data exfiltration or integration with ETRs and other security tools for data analysis.
We use Splunk Enterprise Security to analyze log data for log monitoring, creating use cases, onboarding, and incident response. We wanted a single security tool that could immediately identify notable events that could be reported as security breaches, and then enable us to take intelligent action without having to purchase additional security tools. We have two customers with hybrid cloud solutions. Neither customer is fully cloud-based. Our implementation is based on the customer's requirements, such as compliance, data ownership, and administration. We plan the implementation of Splunk cloud or hybrid models based on these requirements. We discuss the benefits and solutions with the customer to ensure that we are not breaching any compliance policies and that we are selecting the right model for their needs. Because we have multiple customers, we must also consider how to manage this process effectively.
We mainly use the Splunk Enterprise Security app to use Splunk as a SIEM. I have worked with Splunk on-premises, which is Splunk Enterprise, and I have worked with Splunk Cloud as well. We mostly use Splunk for the SOC environment. We use Splunk for security incident monitoring.
We provide comprehensive infrastructure support and ingest mine data in three ways. The first is Agent-based where the information is sent from client machines to an agent. The second is TCP port forwarding where data is sent to Splunk through an open port. The third is the HEC token. We then use the Splunk DB Connect app to ingest data as per the client's requirements.
Security Operation Centre (SOC) Analyst at Nera Philippines Inc.
Real User
Top 20
2023-09-20T10:41:00Z
Sep 20, 2023
We use Splunk Enterprise Security for monitoring. We've been using it for monitoring our network. We've created some rules and use cases and we get alerts based on rules.
We are using the solution for security. We can use it to track what has happened in our network. We can check via dashboards and alerts. We can use it for load balancing and high-performance tasks. We use it to analyze data and logs. It normalizes logs and we can detect attacks, such as brute-force attacks. We can receive information from our firewall, our Fortigate. Since we receive a lot of traffic, we have to investigate events using the solution. It provides updates on attacks. The solution helps us report on what happens in our network.
Security Analyst at a tech services company with 1-10 employees
Real User
Top 20
2023-08-29T09:06:00Z
Aug 29, 2023
I have worked in a couple of areas of Splunk. Initially, I was part of a monitoring team that used it for security information. I used to monitor security alerts which we used to get on Splunk, which was based on the use cases and we set up specific rules for it. Currently, I am part of the administration of Splunk. Now I onboard different log sources to Splunk. We pass over the logs so that it can be used for the security team.
CSO at a manufacturing company with 1,001-5,000 employees
Real User
Top 5
2023-08-11T14:06:00Z
Aug 11, 2023
We use Splunk Enterprise Security as the main SIEM system for our operation center. We use it for monitoring detection, and alert management. We implemented Splunk Enterprise Security to help detect attacks on our network.
Splunk Developer at a tech vendor with 11-50 employees
Real User
Top 20
2023-07-19T01:35:00Z
Jul 19, 2023
Our primary use case is for security but we also use it as a soft tool. It gives us an advantage over traditional SOC or security tools. We get to use the existing data in Splunk to make use of the security.
Sr. Cybersecurity Engineer Splunk Architect at Coalfire Federal
Real User
Top 10
2023-07-19T01:34:00Z
Jul 19, 2023
Being in an air-gapped environment, we pretty much look for insider threats and other notables related to improper configurations and against security best practices. We are 100% on-prem and in an air-gapped environment, so there is no Internet connection.
The use cases are mainly around monitoring for our clients' security operation centers and correlation of events and analytics for incidents that have been identified.
We use it to provide both operational and security dashboards based on our clients' equipment. We use it for infra monitoring and threat analysis. We have multiple rules for analyzing malicious activities and detecting breaches. We get the notable events from the logs and from there we drill down into the cause. We correlate that with the framework and get a score. Based on that, we proceed to the investigation.
Director of Security Engineering and Operations at a legal firm with 1,001-5,000 employees
Real User
Top 5
2023-05-11T19:40:00Z
May 11, 2023
We use Splunk Enterprise Security as our primary security event manager. We collect data from various log sources into our Splunk SIEM to build context around what is happening in our environment. We then use the capabilities of Splunk Enterprise Security and other tools to enrich this data and help us manage the data, events, and detections.
Principal Consulting - Cloud & Infrastructure Services at Fourth Dimension Technologies
Real User
Top 10
2023-05-05T09:45:00Z
May 5, 2023
Our technical teams are demoing various enterprise tools to develop experience and knowledge so we can better serve our clients. In addition to Splunk, we are evaluating IBM QRadar and one other solution. One of our customers is asking about the Splunk MSP model.
Security Compliance Program Manager at a educational organization with 5,001-10,000 employees
Real User
Top 10
2023-02-02T18:05:00Z
Feb 2, 2023
Splunk helps us to be proactive and it integrates with many devices. It offers visibility from many different levels, areas, zones, and devices rather than from a single system. We can use this intelligence to create correlations, system solutions, etc. Splunk reduces the risk factors and helps us in many ways beyond just collecting logs. Though Splunk is costly, it has many features like threat intelligence which is very useful. It helps us be proactive about reducing risks.
Information Security Manager at a retailer with 10,001+ employees
Real User
Top 10
2021-05-11T18:16:03Z
May 11, 2021
Business indicators (KPIs) for specific (and limited) purpose together IT area, some tests with security build-in "use-cases" and like a correlation tool using pre-defined SPL (Search Processing Language).
I use Splunk for testing purposes. It is used for school research and to learn how to use Splunk. Splunk is mainly used for collecting logs and dashboards.
Director General de España at a cloud solution provider with 51-200 employees
Real User
2022-02-20T17:18:00Z
Feb 20, 2022
We work with Splunk. We use it for our own services, and we also integrate and resell Splunk. It is used for cyber security. Different clients have different versions. They have Splunk Cloud and Splunk on-premises with different versions.
Splunk BDM in UA at a manufacturing company with 51-200 employees
Real User
2022-02-15T15:01:53Z
Feb 15, 2022
We are a solution provider and Splunk is one of the products that we distribute. The primary use case is for SIEM and we have approximately 35 customers.
Presales IT at a tech services company with 201-500 employees
MSP
2022-02-03T17:52:00Z
Feb 3, 2022
Our company is an IT service provider. We are resellers of Splunk. One of our clients that we monitor is a laboratory that uses this solution. Splunk is a change management solution. We use the solution as a log collector, and to analyze and provide alerts from the IT instructor.
I need the product for SIEM, Security Identity Event Management. I also need it for security operations, automated response, as well as mapping adjusting of security components as well. It helps us with how best to look at various events, and orchestrate between various different hyper-scalers.
Information Technology Specialist at a healthcare company with 10,001+ employees
Real User
2021-12-27T19:34:00Z
Dec 27, 2021
I went to a cybersecurity boot camp through Penn University, and we went over this topic for a decent amount of time. It was more of a testing environment where they gave us different file formats that we had to go through. We would upload those files to Splunk, and it would give us good examples of what it would look like under different circumstances, such as when an organization is getting hacked, when there is a DDOS attack, and so on.
Security Engineer at a recreational facilities/services company with 10,001+ employees
Real User
2021-12-22T17:40:00Z
Dec 22, 2021
We are using Splunk in the standard information security use case. We're also using it for various application use cases around identity management, windows active directory, and those types of use cases.
Senior security consultant at a comms service provider with 51-200 employees
Consultant
2021-11-29T08:09:05Z
Nov 29, 2021
Our initial use case was for security investigation, with the intention of creating some use cases. We ended up adding operational aspects, monitoring certain operational activities, such as high CPU utilization or any other applicational basis. This is obviously a cloud solution, but it does have some presence on-premises as well, so it's hybrid.
Assistant Manager ICT - Projects at I&M Bank Ltd
Real User
2021-11-19T03:26:52Z
Nov 19, 2021
We are currently using it with SIEM, and SOAR which is Security Orchestration, Automation, and Response. Splunk is primarily used for security, incident response, and security analytics.
We are resellers. We provide solutions to our clients. Splunk is primarily used for developing CM solutions that are based on the Splunk platform for future security operation center development. We are concentrating on assisting in the development of a security monitor as well as analysis. If I am not mistaken, it's a standard CM system for identification, security verification, and event monitoring.
Principal Enterprise Architect at Aurenav Sweden AB
Real User
Top 5
2021-11-05T19:14:00Z
Nov 5, 2021
In our organization, Splunk is used in our data centers. We have integration services and other types of systems in our new IoT architecture. We're using it to capture information. We use Splunk as an aggregator for monitoring information from different sources, however, for our protection suite, we're using Comodo. It's designed to collect data from different points. It has a lot of integrations built into it and that's why we're using it. We use it for our enterprise more - such as for messaging. There's a lot of stuff we do on our integration services layer that we use Splunk for. For security purposes, we're using Comodo. Therefore we're not using Splunk for security purposes. We're using it for monitoring what's happening at our integration services layer.
I have some experience with the solution, since I am working with customers who are interested in part time help monitoring their network and have been helping them fine-tune the rules in the solution's platform. The way the primary task works is to watch for and then respond to the threat. Should there be a need, I usually work with a team in fine-tuning the rules on this platform. We are providing the products. I recently started working primarily on the Playbooks of the Splunk Phantom, so I've been creating some of these to help the customer automate the process of responding to the threats.
Network Operations Center Engineer at a tech company with 51-200 employees
Real User
2021-10-18T20:29:35Z
Oct 18, 2021
We use the solution for monitoring systems. We also use it with servers and CG routers from the data center, as well as for collecting the ADL from all networks which are located in our regions of the country.
Senior Network Engineer at a tech services company with 51-200 employees
Real User
2021-08-30T22:50:57Z
Aug 30, 2021
We typically use Splunk to collect and check all the logs and events around the diverse network environment which includes, firewall, switches, and routers. For example, we have traffic that needs to go from one part of the network to another and if we think there is a firewall blocking it along the path, rather than log in to all the firewalls to see what is happening, we simply go into Splunk and the check traffic going across the parts of the network to see where it is being dropped and what is the likely reason it has been dropped.
Founder at a marketing services firm with 11-50 employees
Real User
2021-07-22T21:41:06Z
Jul 22, 2021
We're using the solution to try to build a virtual network and put Splunk inside it and do some kind of transcentralization with a log server. Our aim is to track connections, network traffic and some personal databases. I'm the founder of the company and we are customers of Splunk.
Security Professional at a tech services company with 51-200 employees
Real User
2021-04-26T07:36:34Z
Apr 26, 2021
We are using it for security information and event management (SIEM). We have started to use Splunk recently, and we are in the implementation phase as of now.
We primarily use the solution for monitoring and security. We can use the solution to try to find some correlational data. For example, in banks, there is usually a protocol whereby users cannot withdraw more than a certain amount of money from an ATM. However, we find that, when people are on holiday, they are trying to withdraw more than the allowed amount. It's a use case we can deploy in our country. You can set certain rules and watch the data in order to gain insights.
My reason for implementing it was just to learn more about the product. I wanted to learn about the Splunk programming language, how to pipe searches, add logs, verify the logs, create fields, extract data into fields, build dashboards, and to get hands-on experience with the product.
IT System Developer/Admin at a manufacturing company with 10,001+ employees
Real User
2020-12-27T09:14:00Z
Dec 27, 2020
The primary use case of this solution is to monitor Cyber Mission databases. I create the diagrams to create an architecture that is then implemented. However, creating these diagrams are for my own learnings since these implementations are usually already available in the cloud office logs.
We use Splunk for security and also PCI compliance. We have installed and implemented this solution for several clients in Bolivia with our team. We have received training from Splunk directly, and we have also provided training to our clients. We deploy two versions: one for on-premise and one for the cloud. Most of our customers purchase Splunk because they required a tool for gathering and collecting all of the logs from the infrastructure in order to make a correlation between data and to spot patterns surrounding security incidents.
Data Scientist at a tech vendor with 201-500 employees
Real User
2020-12-09T16:02:00Z
Dec 9, 2020
We use a lot of sales metrics. We use machine learning models to provide sales forecasting. We create database connections and run a query on the database. The next step is to place the data into Splunk. We create indexes to get the data into the Splunk dashboard.
Senior Informatica Administrator at a computer software company with 10,001+ employees
Real User
2020-12-02T19:50:00Z
Dec 2, 2020
We use Splunk on-premise. We mostly use it for log analysis and fraud detection. We are also testing using it in machine learning and other solutions. We have 10 people managing Splunk and we have approximately 150 people using the product in total.
Audit Remideation/Financial Manager at a tech services company with 1,001-5,000 employees
Real User
2020-11-27T18:12:28Z
Nov 27, 2020
The solution is primarily used to monitor the operating system for threats, specifically related to login threats. If someone trying to log-in, or somebody trying to break into the system, the idea is it will check that and catch things. It's mainly for external threats to the operating system.
System Administrator and DevOps Engineer at a tech services company with 10,001+ employees
Real User
2020-11-23T21:49:36Z
Nov 23, 2020
Our primary use case of Splunk is for log monitoring and infrastructure monitoring. If we want to diagnose any issue in our application, we just push our application logs. This is on any client server using the universal forwarder logs on the Splunk server. After indexing, we can create a base log, and create attractive dashboards that are simple to understand and use. I'm a system administrator and we are customers of Splunk.
We are a software development company and Splunk is one of the products that we have implemented for our clients. It is used for log analytics as well as the mobile SDK for checking the stability of mobile applications.
Since we have an IT services company, we have been using Splunk for the deployment to the customer locations as well. Sometimes the customer will come back to us and say that we need to have a SIEM tool, and when we do the benchmarking, we'll do a couple of deployments on the Splunk side and at the customer's locations as well. As an example use case, we deployed Splunk to a banking institution a few years ago. There the use case was basically this: the customer wanted to set up a security operation center, and they wanted to have a pretty large deployment in terms of the number of endpoints and number of switches and routers. There were many regional branch offices and they have data centers and therefore, many assets in terms of endpoints. They had 30% of their assets are running on the cloud and they needed a complete solution from an incident monitoring and management perspective. That's why we deployed Splunk. They wanted to reduce the MTTR, and meantime resolution, and maintain detection. They didn't want to add more SOC analysts into their SOC as the organization scaled up. They have a plan to scale from 5,000 endpoints into 15-20,000 endpoints. They're very particular about deploying the SOC operation center. Splunk has since acquired Phantom as a SOAR platform. Therefore, we have tried to manage the security automation using Phantom with the help of Splunk deployments. It helps us meet the customer's requirements.
Sales Engineer | Technical Sales | Pre-Sales at SUSE
Vendor
2020-03-18T11:56:44Z
Mar 18, 2020
Focused on log collection and analysis.
IT Operations - Predict and prevent problems with log (trap/syslog/Windows Events/ AD logs/etc.) monitoring experience
Security - Assists with threat detection, investigation and response
IoT - Minimize unplanned downtime and avoid high costs by centralising logs from a variety of IoT devices/appliances.
Business Analytics - Explore and visualize business processes for increased transparency
Architecture and Security Team Leader at CV Akbar Panjaya
Real User
2019-03-10T16:43:00Z
Mar 10, 2019
We were using Splunk for our networking to know exactly what kind of the traffic was going from one network to another network because we had a lot of the connections on other sites.
Our primary use case is reporting from the Windows administration. We have SCCM that configures the manager to update every PC workstation and server in the company. We have a lot of PCs and servers in our environment and we use Splunk for the gathering of the PCs and Windows service. We also use it to collect information from the security tools, for example, to provide the management information about how the everyday connection is.
Our primary use case was really as a client organization, like the government and the IT industries, we are in the telecoms sector. We analyze security reports. We use Splunk to order them and put them in a system and we use the various kinds of integration with Oracle Cloud which is helpful.
We use it for logging, essentially for auditing and troubleshooting errors in production and finding out what happened. I have used the product personally for five years and at my current company for a year and a half.
It is mostly centralized logging, a whole bunch of BI metrics, and an aggregation point, which we have adulterated for some PCI data. It does meet our use case for the most part.
We use it for application log monitoring. It is a logging product. Our application generates log files, then we upload them to Splunk. We run their agent on our EC2 instances in AWS, then we view the logs through their product, and it is all stored on their infrastructure.
The primary use case is for log analytics. Although, we have been using it as a hammer which hits all the nails. We have sort of overused it in some areas where it doesn't need to be used.
Enterprise Architect at a tech services company with 10,001+ employees
Real User
2018-12-11T08:31:00Z
Dec 11, 2018
We use it for log aggregation. If you have a large number of devices, you need to aggregate log data to make more sense of it for parsing, troubleshooting, and metrics. This is all we use it for. If I need to track logs for certain application, I will push all of those logs to Splunk so I can run reports on those logs. It is more about what you are trying to do with it and what you need from it.
We use it for log analysis and alerting, and our stock analysts use it. I have used the product for more than five years. Then, in the cloud, I have used it for probably a year. It scales better in the cloud than on-premise.
IT Analyst at a energy/utilities company with 1,001-5,000 employees
Real User
2018-12-10T08:57:00Z
Dec 10, 2018
In the beginning, we just wanted to collect the logs from the different devices, like the nano storage, Linux, Windows, and VMware. We tried to get the uniform solution to collect and analyze all of the system logs.
I work in the HIPAA industry. I work at a healthcare company in Puerto Rico. HIPAA requires us to go over security risks. Our use case right now is to be compliant. In our hierarchy, we have 1000 servers and 16,000 endpoints. We also have 100 entry points and 3000 VPN connections. It's huge.
We use Splunk for a few different use cases: * We package it as part of one of our on-premise software offerings which includes our in-house customized dashboards. * We use it for Application Monitoring of many of our back-end systems. Monitoring is done completely through Splunk by forwarding application and other logs to Splunk and many configured customized alerts and dashboards for the Ops, Dev, product, and management teams. * We created a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity.
Splunk is a SIEM, a Security Information and Event Management solution. It is used, for example, for monitoring security logs and security information in companies and organizations. It is also used for correlation, meaning making policies, for detecting/monitoring attacks, and the like; for monitoring security logs, security events, preventing hackers from attacking. It's really for business continuity.
With the use of Splunk, we were able to identify a brute force attack against a "switch" network device. An external attacker attempted to connect multiple times using multiple usernames. Splunk was able to detect these attempts and immediately blocked these attempts.
I work with Splunk, as a contractor, so I use it in many different areas. Most often it is used to get performance insights on applications or servers. Recently, I have used it in more of an endpoint security mindset.
Lead Systems Architect at a energy/utilities company with 10,001+ employees
Real User
2018-04-30T12:38:00Z
Apr 30, 2018
Splunk provided me a platform to analyze both infrastructure loads and application performance for quick troubleshooting saving a load of time. Versatile apps at Splunkbase helped me to better configure and enhance visualization of the KPIs in my application.
We started using Splunk to serve as a SIEM. In addition to correlating security information, we have begun to use it as a developer and customer advocate by analyzing user behaviors and system response times.
Security analysis to identify issues and for use in incident handling. Correlating logs across over 1000 servers with different operating systems and applications logs to provide security insights.
Business Intelligence Developer at Arizona State University
Real User
2018-04-21T03:20:00Z
Apr 21, 2018
* Monitoring IT and other processes for a large university. * Leveraging alerts and dashboards to detect and predict security breaches and other events.
consultant at a non-profit with 1,001-5,000 employees
User
2018-04-19T21:32:00Z
Apr 19, 2018
We use Splunk for both monitoring and SIEM. Our security operations group uses Splunk to track user accounts which may have been compromised as well as follow those accounts through the organization.
Sr. Production Support Analyst at Electric Reliability Council of Texas
User
2018-04-19T14:36:00Z
Apr 19, 2018
Operational intelligence monitoring for several different systems. We collect logs from applications and performance data from hardware, as well as information pulled from databases.
Splunk Architect at The Johns Hopkins University Applied Physics Laboratory
Real User
2018-04-19T13:05:00Z
Apr 19, 2018
Central repository for log collection and analysis in a complex environment. We have used it for a variety of use cases involving SIEM and operational support.
BS Systems Engineer at a tech services company with 501-1,000 employees
Real User
2018-03-29T12:02:00Z
Mar 29, 2018
We used it to create a full security operations center (SOC) for our IT department by adding all network and security devices, the AD, and mail servers to it. Then Splunk started to receive their logs, it analyzed them, and provided useful reports.
System Administrator at Abdullah Al-Othaim Markets
Real User
2018-03-26T05:49:00Z
Mar 26, 2018
* Searches the logs for all network devices and server. * Monitors clients' hardware, networking, and security operations. * It is good for the administrator to use it when maintaining the whole IT Infrastructure.
Our primary use case of Splunk has been on the implementation side for clients. Splunk has proven, on multiple occasions, to be extremely useful in the proactive monitoring of clients' hardware, networking, and security operations. Some use cases that we have implemented include, but are not limited to, proactive account lockouts based on machine learning of a typical person's average number of failed login attempts, aggregation of a servers logs in order to predict downtime/maintenance/hardware failures quite accurately, as well as helping administrators of all sorts to gain a full picture of their environments under a single screen.
Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.
Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and...
I work in the pharma industry, and I use Splunk to aggregate all my reporting logs for my firewall and Active Directory logs. We have anti-spam, web application firewalls, and other solutions to secure our perimeter. We use Splunk for log management and have a stack to transpose a log from the firewall to a VM. When we directly feed the firewall logs to Splunk, they become intermittent and freeze.
I use Splunk Enterprise Security for threat hunting.
We use Splunk to monitor unusual user behaviors. For example, if any user onboards from a different domain, it will trigger an alert. We also get alerts and high traffic when the ADI server is down. Splunk will monitor that behavior or when users make repeated wrong login attempts. My full-time job is managing the IAM product. Splunk is one of our security monitoring tools. Most of my work is on IAM tools like CyberArk and SailPoint, etc.
We use Splunk Enterprise Security to track threats and errors and receive alerts and notifications. We implemented Splunk Enterprise Security to improve our troubleshooting, mean time to detect and resolve issues, and our alerting system.
We usually use the solution for the same functionality, which includes setting up alerting and making notables. We also use it for the workflow from ingestion, alerting, and response.
We use Splunk Enterprise Security for insider risk and security operations centers.
We use the solution to build correlation searches around insider threats and exultation of data. We also use it for DLP (data loss prevention) and to get more visibility on what's happening in our environment that could increase risk.
We use the solution for monitoring and detection and for threat hunting.
We wanted the solution to enhance the SOC ability. We were having trouble with some of our data being SIEM-compliant.
We develop use cases for Splunk Enterprise Security all the time. I mostly work with the SOAR platform to ingest those use cases.
Generally, we leverage it to correlate all of our threat intelligence data with all of our log events to make researching them simpler.
We use the solution to find systems acting strange or having strange services and security attacks.
The solution is primarily for security incident investigation. Whenever a customer wants to monitor the environment for any security incident or events that are occurring, and they want to analyze the incident when virtual issues happen, that's when we propose Splunk. Otherwise, it's difficult to understand what kind of security event is arising in the environment.
My customers subscribe to many different tools, like CrowdStrike. They ingest all that into Splunk and use it as an aggregator to launch their investigations into any threats detected.
We use Splunk Enterprise Security to monitor the network. We use the solution wherever there's a problem with the cell phone tower.
We're using the solution for log analysis and our internal infrastructure. We may use it for customer offering at some point, but currently, it's completely internal.
We are using Splunk Enterprise Security for collecting and analyzing logs. We are keeping up with the SLAs with Splunk Enterprise Security.
The solution is used to detect and protect against threats using a hypervisor infrastructure that works with artificial intelligence.
We use Splunk Enterprise Security for various security use cases, including writing correlation searches. This has significantly improved both our use cases and correlation searches. We can leverage existing resources, making modifications as needed, rather than starting from scratch each time. Splunk Enterprise Security provides diverse use cases across different environments, including AWS, Azure, and multi-cloud setups, while also integrating with Microsoft Sentinel. Additionally, we can integrate Splunk's service orchestration product for further automation. Overall, this allows us to automate tasks that security analysts previously performed manually, such as reviewing incident dashboards. We can fine-tune alerts based on analyst feedback. Splunk's research team ensures that use cases are updated with the latest security content, enabling us to understand and implement necessary steps while customizing them to fit our company's needs. This is what makes Splunk Enterprise Security so popular; it streamlines processes compared to legacy security products that often rely on manual scripts. Clients, including government agencies and banks, are transitioning to Splunk Enterprise Security due to its reduced training requirements and comprehensive features. Everything is consolidated, simplifying training and certification. Additionally, integrating Splunk's service orchestration product further automates tasks and improves response times. The substantial investment in Splunk indicates its staying power; no other product on the market currently offers comparable capabilities. Cisco's acquisition of Splunk reinforces its potential for success, combining APM, data logging, and security portfolios. In one financial project involving 600,000 users, we were able to monitor all incoming traffic, identify security activities, and distinguish between legitimate and malicious traffic, including phishing attacks and potential identity-based threats. Splunk enables tracking individual identities, crucial for detecting attacks where perpetrators hide behind compromised identities, often leading to data breaches and other security incidents. We implemented Splunk Enterprise Security to assist with AWS security, which includes GuardDuty, CloudTrail, CloudWatch, and Inspector. These AWS components generate compliance and security alerts, which we correlate and use to create dashboard reports and identify security events for various use cases. We then enable the out-of-the-box use cases and send notable events to the dashboard. The implementation is currently in its early stages.
We use Splunk daily to find the root cause of attacks and analyze users attempting to access our system. We create incidents and address 5 to 7 simultaneously. Once we analyze and record the activity, we can delete the incident. Our admin team will verify whether it originated externally or internally. We use Splunk to respond to security incidents and for data analytics. We conduct custom correlations for the customer and write reports on any attacks. We set alerts for user behavior to discover threats, like if someone is constantly attempting to access our internal domain. The admin will identify that threat and block it.
There are many use cases. Most of the use cases are related to security, data integration, and data sources.
We use Splunk Enterprise Security to monitor our network environment for abnormal activities and threats.
We typically suggest Splunk IT builds for customers with significant EPS requirements and large-scale data environments. While other solutions like Foundry and IBM QRadar may be popular, they often have limitations in handling big data effectively.
The primary focus of our work with Splunk is on security incident monitoring and security log monitoring. This involves utilizing it to analyze and respond to security events effectively. Additionally, compliance with regulatory requirements is another crucial aspect of your role. We also extend Splunk's functionality to custom applications by writing custom parsers and handling logs specific to those applications. This includes the development of unique dashboards tailored to the needs of each application.
We employed Splunk Enterprise Security for one of our projects. Integrating it into our environment involved opening network ports and making necessary connections.
I use Splunk Enterprise Security for monitoring, threat hunting, and quick response. By implementing Splunk Enterprise Security I aimed to address security challenges and threats for both myself and my clients.
We use the product mostly just to pull out the reports, medical investigations, et cetera. As a security analyst, we can look at and pull data. You can make a central hub for a lot of different sources, including servers and endpoints. It makes it easy to check logs for every device connected.
We use Splunk for log analytics, blocking dangerous files, etc. It helps to shape our security policies. Splunk is managed by our service provider, but we regularly get security insights from them.
We use the solution for tracking successful and unsuccessful logins. We track privileged account activities and also a variety of other things, like developing use cases for data exfiltration or integration with ETRs and other security tools for data analysis.
We use Splunk Enterprise Security to analyze log data for log monitoring, creating use cases, onboarding, and incident response. We wanted a single security tool that could immediately identify notable events that could be reported as security breaches, and then enable us to take intelligent action without having to purchase additional security tools. We have two customers with hybrid cloud solutions. Neither customer is fully cloud-based. Our implementation is based on the customer's requirements, such as compliance, data ownership, and administration. We plan the implementation of Splunk cloud or hybrid models based on these requirements. We discuss the benefits and solutions with the customer to ensure that we are not breaching any compliance policies and that we are selecting the right model for their needs. Because we have multiple customers, we must also consider how to manage this process effectively.
We mainly use the Splunk Enterprise Security app to use Splunk as a SIEM. I have worked with Splunk on-premises, which is Splunk Enterprise, and I have worked with Splunk Cloud as well. We mostly use Splunk for the SOC environment. We use Splunk for security incident monitoring.
We provide comprehensive infrastructure support and ingest mine data in three ways. The first is Agent-based where the information is sent from client machines to an agent. The second is TCP port forwarding where data is sent to Splunk through an open port. The third is the HEC token. We then use the Splunk DB Connect app to ingest data as per the client's requirements.
We use Splunk Enterprise Security for monitoring. We've been using it for monitoring our network. We've created some rules and use cases and we get alerts based on rules.
We are using the solution for security. We can use it to track what has happened in our network. We can check via dashboards and alerts. We can use it for load balancing and high-performance tasks. We use it to analyze data and logs. It normalizes logs and we can detect attacks, such as brute-force attacks. We can receive information from our firewall, our Fortigate. Since we receive a lot of traffic, we have to investigate events using the solution. It provides updates on attacks. The solution helps us report on what happens in our network.
I have worked in a couple of areas of Splunk. Initially, I was part of a monitoring team that used it for security information. I used to monitor security alerts which we used to get on Splunk, which was based on the use cases and we set up specific rules for it. Currently, I am part of the administration of Splunk. Now I onboard different log sources to Splunk. We pass over the logs so that it can be used for the security team.
We use Splunk Enterprise Security as the main SIEM system for our operation center. We use it for monitoring detection, and alert management. We implemented Splunk Enterprise Security to help detect attacks on our network.
Our SOC uses the solution to monitor our corporate and franchise environments.
At a high level, its use cases are related to security monitoring, log aggregation, and a little bit of analysis related to incidents or fraud.
Our primary use case is for security but we also use it as a soft tool. It gives us an advantage over traditional SOC or security tools. We get to use the existing data in Splunk to make use of the security.
Being in an air-gapped environment, we pretty much look for insider threats and other notables related to improper configurations and against security best practices. We are 100% on-prem and in an air-gapped environment, so there is no Internet connection.
Our primary use case is for cyber security, tracking logs, and incident response.
Our customers utilize Splunk Enterprise Security for either their cybersecurity program or their data warehouse program.
The use cases are mainly around monitoring for our clients' security operation centers and correlation of events and analytics for incidents that have been identified.
We use it to provide both operational and security dashboards based on our clients' equipment. We use it for infra monitoring and threat analysis. We have multiple rules for analyzing malicious activities and detecting breaches. We get the notable events from the logs and from there we drill down into the cause. We correlate that with the framework and get a score. Based on that, we proceed to the investigation.
We use Splunk Enterprise Security as our primary security event manager. We collect data from various log sources into our Splunk SIEM to build context around what is happening in our environment. We then use the capabilities of Splunk Enterprise Security and other tools to enrich this data and help us manage the data, events, and detections.
Our technical teams are demoing various enterprise tools to develop experience and knowledge so we can better serve our clients. In addition to Splunk, we are evaluating IBM QRadar and one other solution. One of our customers is asking about the Splunk MSP model.
Splunk helps us to be proactive and it integrates with many devices. It offers visibility from many different levels, areas, zones, and devices rather than from a single system. We can use this intelligence to create correlations, system solutions, etc. Splunk reduces the risk factors and helps us in many ways beyond just collecting logs. Though Splunk is costly, it has many features like threat intelligence which is very useful. It helps us be proactive about reducing risks.
Business indicators (KPIs) for specific (and limited) purpose together IT area, some tests with security build-in "use-cases" and like a correlation tool using pre-defined SPL (Search Processing Language).
#1 is InfoSec
#2 is BI
#3 is IoT
I used it in the SOC environment to get logs, create dashboards, and filter out data.
Splunk just acts as an extra presentation layer, and we tried it because of the plugins they have to try and get more logs into the environment.
We use Splunk to monitor our private cloud, data center, and other applications.
I use Splunk for testing purposes. It is used for school research and to learn how to use Splunk. Splunk is mainly used for collecting logs and dashboards.
We are using Splunk for querying data from different sources.
We work with Splunk. We use it for our own services, and we also integrate and resell Splunk. It is used for cyber security. Different clients have different versions. They have Splunk Cloud and Splunk on-premises with different versions.
We primarily use the solution for log management and security purposes.
There are many use cases for Splunk, we commonly use it for log management and analytics.
We are a solution provider and Splunk is one of the products that we distribute. The primary use case is for SIEM and we have approximately 35 customers.
I work for a government agency and we use Splunk to monitor our Cisco equipment. I'm a senior network engineer and we are customers of Splunk.
Our company is an IT service provider. We are resellers of Splunk. One of our clients that we monitor is a laboratory that uses this solution. Splunk is a change management solution. We use the solution as a log collector, and to analyze and provide alerts from the IT instructor.
I need the product for SIEM, Security Identity Event Management. I also need it for security operations, automated response, as well as mapping adjusting of security components as well. It helps us with how best to look at various events, and orchestrate between various different hyper-scalers.
I went to a cybersecurity boot camp through Penn University, and we went over this topic for a decent amount of time. It was more of a testing environment where they gave us different file formats that we had to go through. We would upload those files to Splunk, and it would give us good examples of what it would look like under different circumstances, such as when an organization is getting hacked, when there is a DDOS attack, and so on.
The project we are working on with Splunk is short as the customer has given us two months to implement. My company is a Splunk partner.
We are using Splunk in the standard information security use case. We're also using it for various application use cases around identity management, windows active directory, and those types of use cases.
We use it for security operations and management.
We are using it for information assurance, system alerting, and compliance. We are using its latest version.
The solution is primarily a SIEM tool and it basically helps companies with security.
Our initial use case was for security investigation, with the intention of creating some use cases. We ended up adding operational aspects, monitoring certain operational activities, such as high CPU utilization or any other applicational basis. This is obviously a cloud solution, but it does have some presence on-premises as well, so it's hybrid.
My primary use case is for log management. It's mostly deployed on-premises, but it can be cloud-based as well.
We are currently using it with SIEM, and SOAR which is Security Orchestration, Automation, and Response. Splunk is primarily used for security, incident response, and security analytics.
We are resellers. We provide solutions to our clients. Splunk is primarily used for developing CM solutions that are based on the Splunk platform for future security operation center development. We are concentrating on assisting in the development of a security monitor as well as analysis. If I am not mistaken, it's a standard CM system for identification, security verification, and event monitoring.
In our organization, Splunk is used in our data centers. We have integration services and other types of systems in our new IoT architecture. We're using it to capture information. We use Splunk as an aggregator for monitoring information from different sources, however, for our protection suite, we're using Comodo. It's designed to collect data from different points. It has a lot of integrations built into it and that's why we're using it. We use it for our enterprise more - such as for messaging. There's a lot of stuff we do on our integration services layer that we use Splunk for. For security purposes, we're using Comodo. Therefore we're not using Splunk for security purposes. We're using it for monitoring what's happening at our integration services layer.
I have some experience with the solution, since I am working with customers who are interested in part time help monitoring their network and have been helping them fine-tune the rules in the solution's platform. The way the primary task works is to watch for and then respond to the threat. Should there be a need, I usually work with a team in fine-tuning the rules on this platform. We are providing the products. I recently started working primarily on the Playbooks of the Splunk Phantom, so I've been creating some of these to help the customer automate the process of responding to the threats.
We typically use it for centralized log management and SIEM functionality. I am using the most recent version of it.
We use the solution for monitoring systems. We also use it with servers and CG routers from the data center, as well as for collecting the ADL from all networks which are located in our regions of the country.
It's the mainstay of our monitoring solutions that we have for auto-logging, et cetera, for our enterprise solution.
We primarily use the solution for security and operations monitoring.
We typically use Splunk to collect and check all the logs and events around the diverse network environment which includes, firewall, switches, and routers. For example, we have traffic that needs to go from one part of the network to another and if we think there is a firewall blocking it along the path, rather than log in to all the firewalls to see what is happening, we simply go into Splunk and the check traffic going across the parts of the network to see where it is being dropped and what is the likely reason it has been dropped.
We use Splunk for analyzing data.
Typically, we use the solution for critical infrastructure companies.
We're using the solution to try to build a virtual network and put Splunk inside it and do some kind of transcentralization with a log server. Our aim is to track connections, network traffic and some personal databases. I'm the founder of the company and we are customers of Splunk.
I use this solution for data visualization.
We are using it for security information and event management (SIEM). We have started to use Splunk recently, and we are in the implementation phase as of now.
We are using Splunk for cybersecurity operations.
We primarily use the solution for monitoring and security. We can use the solution to try to find some correlational data. For example, in banks, there is usually a protocol whereby users cannot withdraw more than a certain amount of money from an ATM. However, we find that, when people are on holiday, they are trying to withdraw more than the allowed amount. It's a use case we can deploy in our country. You can set certain rules and watch the data in order to gain insights.
We are a solution provider and Splunk is something that we provide as a service to our customers.
We are using Splunk as a SIEM tool. We're using it for monitoring.
We have multiple use cases, almost 200 plus use cases. An example, travel activities where you log in.
My reason for implementing it was just to learn more about the product. I wanted to learn about the Splunk programming language, how to pipe searches, add logs, verify the logs, create fields, extract data into fields, build dashboards, and to get hands-on experience with the product.
The primary use case of this solution is to monitor Cyber Mission databases. I create the diagrams to create an architecture that is then implemented. However, creating these diagrams are for my own learnings since these implementations are usually already available in the cloud office logs.
We primarily use the solution for monitoring our infrastructure.
I'm the CSSP manager and we are customers of Splunk.
We use Splunk for security and also PCI compliance. We have installed and implemented this solution for several clients in Bolivia with our team. We have received training from Splunk directly, and we have also provided training to our clients. We deploy two versions: one for on-premise and one for the cloud. Most of our customers purchase Splunk because they required a tool for gathering and collecting all of the logs from the infrastructure in order to make a correlation between data and to spot patterns surrounding security incidents.
We are using Splunk to look at the logs, and see what is happening.
We use a lot of sales metrics. We use machine learning models to provide sales forecasting. We create database connections and run a query on the database. The next step is to place the data into Splunk. We create indexes to get the data into the Splunk dashboard.
We use Splunk for log analysis and security monitoring.
I use Splunk on-and-off — I started with in-house projects, then moved up to commercial projects.
We use Splunk on-premise. We mostly use it for log analysis and fraud detection. We are also testing using it in machine learning and other solutions. We have 10 people managing Splunk and we have approximately 150 people using the product in total.
The solution is primarily used to monitor the operating system for threats, specifically related to login threats. If someone trying to log-in, or somebody trying to break into the system, the idea is it will check that and catch things. It's mainly for external threats to the operating system.
Our primary use case of Splunk is for log monitoring and infrastructure monitoring. If we want to diagnose any issue in our application, we just push our application logs. This is on any client server using the universal forwarder logs on the Splunk server. After indexing, we can create a base log, and create attractive dashboards that are simple to understand and use. I'm a system administrator and we are customers of Splunk.
It's the primary place where I'd go to do an investigation if I want to see what's going on within an endpoint, or on a network, or with a user.
We are a software development company and Splunk is one of the products that we have implemented for our clients. It is used for log analytics as well as the mobile SDK for checking the stability of mobile applications.
Since we have an IT services company, we have been using Splunk for the deployment to the customer locations as well. Sometimes the customer will come back to us and say that we need to have a SIEM tool, and when we do the benchmarking, we'll do a couple of deployments on the Splunk side and at the customer's locations as well. As an example use case, we deployed Splunk to a banking institution a few years ago. There the use case was basically this: the customer wanted to set up a security operation center, and they wanted to have a pretty large deployment in terms of the number of endpoints and number of switches and routers. There were many regional branch offices and they have data centers and therefore, many assets in terms of endpoints. They had 30% of their assets are running on the cloud and they needed a complete solution from an incident monitoring and management perspective. That's why we deployed Splunk. They wanted to reduce the MTTR, and meantime resolution, and maintain detection. They didn't want to add more SOC analysts into their SOC as the organization scaled up. They have a plan to scale from 5,000 endpoints into 15-20,000 endpoints. They're very particular about deploying the SOC operation center. Splunk has since acquired Phantom as a SOAR platform. Therefore, we have tried to manage the security automation using Phantom with the help of Splunk deployments. It helps us meet the customer's requirements.
We are using the mobile SDK to check the stability of mobile applications.
Focused on log collection and analysis.
IT Operations - Predict and prevent problems with log (trap/syslog/Windows Events/ AD logs/etc.) monitoring experience
Security - Assists with threat detection, investigation and response
IoT - Minimize unplanned downtime and avoid high costs by centralising logs from a variety of IoT devices/appliances.
Business Analytics - Explore and visualize business processes for increased transparency
Information Security Solution with Log management (Primary)
Analytics (Secondary)
Log collection and search.
Testing for insider threat behavior.
Our primary use case is for monitoring and cybersecurity.
We were using Splunk for our networking to know exactly what kind of the traffic was going from one network to another network because we had a lot of the connections on other sites.
We need something to collect all our logs in a centralized solution. We have several servers but we don't have any log collection system.
* Log collection and analysis * Reporting for the whole enterprise environment.
Our primary use case is reporting from the Windows administration. We have SCCM that configures the manager to update every PC workstation and server in the company. We have a lot of PCs and servers in our environment and we use Splunk for the gathering of the PCs and Windows service. We also use it to collect information from the security tools, for example, to provide the management information about how the everyday connection is.
We use it to do SIEM.
* SIEM * Security information * Event management
We use it for security incident event management and for IT service intermediates.
Our primary use case was really as a client organization, like the government and the IT industries, we are in the telecoms sector. We analyze security reports. We use Splunk to order them and put them in a system and we use the various kinds of integration with Oracle Cloud which is helpful.
Our primary use case of this solution is as a centralized lab collection.
Splunk is our central locale for cybersecurity and protection.
We primarily use it for SIEM.
We use it for logging, essentially for auditing and troubleshooting errors in production and finding out what happened. I have used the product personally for five years and at my current company for a year and a half.
It is mostly centralized logging, a whole bunch of BI metrics, and an aggregation point, which we have adulterated for some PCI data. It does meet our use case for the most part.
We use it mostly for log monitoring, and also for trying to raise alarms.
We use it for application log monitoring. It is a logging product. Our application generates log files, then we upload them to Splunk. We run their agent on our EC2 instances in AWS, then we view the logs through their product, and it is all stored on their infrastructure.
The primary use case is for log analytics. Although, we have been using it as a hammer which hits all the nails. We have sort of overused it in some areas where it doesn't need to be used.
We use it for logging and troubleshooting.
We use it for log aggregation. If you have a large number of devices, you need to aggregate log data to make more sense of it for parsing, troubleshooting, and metrics. This is all we use it for. If I need to track logs for certain application, I will push all of those logs to Splunk so I can run reports on those logs. It is more about what you are trying to do with it and what you need from it.
* Log mining * Log analysis
We use it for log analysis and alerting, and our stock analysts use it. I have used the product for more than five years. Then, in the cloud, I have used it for probably a year. It scales better in the cloud than on-premise.
We use it for searching logs in a production environment.
In the beginning, we just wanted to collect the logs from the different devices, like the nano storage, Linux, Windows, and VMware. We tried to get the uniform solution to collect and analyze all of the system logs.
It helps increase our productivity.
My primary use case for Splunk is for log file visualization and monitoring alert management.
I work in the HIPAA industry. I work at a healthcare company in Puerto Rico. HIPAA requires us to go over security risks. Our use case right now is to be compliant. In our hierarchy, we have 1000 servers and 16,000 endpoints. We also have 100 entry points and 3000 VPN connections. It's huge.
* Cybersecurity defense * Web app monitoring * VMware monitoring
We use Splunk for a few different use cases: * We package it as part of one of our on-premise software offerings which includes our in-house customized dashboards. * We use it for Application Monitoring of many of our back-end systems. Monitoring is done completely through Splunk by forwarding application and other logs to Splunk and many configured customized alerts and dashboards for the Ops, Dev, product, and management teams. * We created a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity.
Splunk is a SIEM, a Security Information and Event Management solution. It is used, for example, for monitoring security logs and security information in companies and organizations. It is also used for correlation, meaning making policies, for detecting/monitoring attacks, and the like; for monitoring security logs, security events, preventing hackers from attacking. It's really for business continuity.
We use Splunk for infrastructure monitoring, application monitoring and in the security space for our organization as well as for our customers.
* IT Ops * Security * Compliance Many IT groups and non-IT groups use the product to gain insights into their environments.
With the use of Splunk, we were able to identify a brute force attack against a "switch" network device. An external attacker attempted to connect multiple times using multiple usernames. Splunk was able to detect these attempts and immediately blocked these attempts.
We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations.
I work with Splunk, as a contractor, so I use it in many different areas. Most often it is used to get performance insights on applications or servers. Recently, I have used it in more of an endpoint security mindset.
Splunk provided me a platform to analyze both infrastructure loads and application performance for quick troubleshooting saving a load of time. Versatile apps at Splunkbase helped me to better configure and enhance visualization of the KPIs in my application.
* Log monitoring and alerts * Looking up information * Dashboards for nice, fast information about various application servers.
Although my company uses Splunk extensively, my use case is primarily the Enterprise Security add-on.
Primary use is business intelligence.
We started using Splunk to serve as a SIEM. In addition to correlating security information, we have begun to use it as a developer and customer advocate by analyzing user behaviors and system response times.
Security analysis to identify issues and for use in incident handling. Correlating logs across over 1000 servers with different operating systems and applications logs to provide security insights.
The primary use case is to analyse and monitor big data, creating various dashboards, alerts, etc.
* Monitoring IT and other processes for a large university. * Leveraging alerts and dashboards to detect and predict security breaches and other events.
Security and incident management, which is helpful when organizing the data from different systems and running analysis on all the data together.
Security. We have built SIEM solutions three times from the ground up (not ES) using Splunk for some of the largest companies in the world.
We primary use Splunk for log aggregation and search across multiple systems with Splunk Enterprise Security layered on top.
We use Splunk for both monitoring and SIEM. Our security operations group uses Splunk to track user accounts which may have been compromised as well as follow those accounts through the organization.
We use Splunk primarily to provide our security and ops groups with important insights to more efficiently make decisions and take action.
IT service analytics: * Server machine data * Monitoring data * Alerting data * ITSI KPIs * Real-time reporting * Month-over-month reporting.
We use Splunk for operations, application monitoring, and security. We are both cloud and on-premise based, so it has been very versatile for us.
Operational intelligence monitoring for several different systems. We collect logs from applications and performance data from hardware, as well as information pulled from databases.
Splunk is our monitoring and investigating Swiss Army knife for key applications and systems. If we run it, we Splunk it.
Central repository for log collection and analysis in a complex environment. We have used it for a variety of use cases involving SIEM and operational support.
We used it to create a full security operations center (SOC) for our IT department by adding all network and security devices, the AD, and mail servers to it. Then Splunk started to receive their logs, it analyzed them, and provided useful reports.
* Searches the logs for all network devices and server. * Monitors clients' hardware, networking, and security operations. * It is good for the administrator to use it when maintaining the whole IT Infrastructure.
Our primary use case of Splunk has been on the implementation side for clients. Splunk has proven, on multiple occasions, to be extremely useful in the proactive monitoring of clients' hardware, networking, and security operations. Some use cases that we have implemented include, but are not limited to, proactive account lockouts based on machine learning of a typical person's average number of failed login attempts, aggregation of a servers logs in order to predict downtime/maintenance/hardware failures quite accurately, as well as helping administrators of all sorts to gain a full picture of their environments under a single screen.