Splunk Enterprise Security (ES)
Overview
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
TrustRadius Insights
Splunk Enterprise Security: My Review
Highly Recommended!
Splunk ES Review
Splunk ES, a great tool to use with some caveats!
excellent platform for the collection and management of logs from multiple sources
Splunk ES Review
Secure with Splunk Enterprise Security (ES)
a good tool for threat hunting and response
Splunk Enterprise Security is a must!
Splunk ES Alert Reduction
Splunk Enterprise Security (ES) - Clear Market Leader
Best siem on the market
Automated Reporting and monitoring tool
Securing Your Environment with Splunk Enterprise Security.
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (100)9.494%
- Custom dashboards and workspaces (102)9.191%
- Incident indexing/searching (101)8.989%
- Deployment flexibility (101)8.383%
Reviewer Pros & Cons
Pricing
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (SIEM) is the company's flagship SIEM product, offered as a premium service to subscribers of Splunk Cloud or Splunk Enterprise.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
67 people also want pricing
Alternatives Pricing
What is Microsoft Sentinel?
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 9.4Centralized event and log data collection(100) Ratings
Effectiveness of real-time centralized event and log data collection
- 8.8Correlation(99) Ratings
Correlation of logs and events to pinpoint significant threats
- 8.6Event and log normalization/management(100) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 8.3Deployment flexibility(101) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 8Integration with Identity and Access Management Tools(96) Ratings
Integration with access control tools like Active Directory and LDAP
- 9.1Custom dashboards and workspaces(102) Ratings
dashboards that can be customized to meet the needs of specific groups
- 8.2Host and network-based intrusion detection(96) Ratings
Ability to detect both endpoint intrusion and network ingress detection
- 8.5Data integration/API management(98) Ratings
Ease and quality of data integrations between SIEM and other systems
- 7.9Behavioral analytics and baselining(95) Ratings
How effectively activity and behavior baselines are established and maintained
- 8.7Rules-based and algorithmic detection thresholds(96) Ratings
Effectiveness of manually-established rules and algorithmically-determined detection thresholds
- 7.3Response orchestration and automation(87) Ratings
Quality of built-in response orchestration and automation in Next-Gen SIEM
- 9Reporting and compliance management(95) Ratings
Ease and quality of reporting and compliance functions
- 8.9Incident indexing/searching(101) Ratings
Effectiveness of searching across structured and unstructured events and incidents within SIEM
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Splunk Enterprise Security (ES)?
Splunk Enterprise Security (ES) Video
Splunk Enterprise Security (ES) Competitors
Splunk Enterprise Security (ES) Technical Details
Operating Systems | Unspecified |
---|---|
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(249)Community Insights
- Pros
- Cons
- Recommendations
Intuitive User Interface: Users have consistently found the user interface of the product intuitive and easy to use, allowing for quick completion of tasks. Many reviewers praised its simplicity and user-friendly design.
Efficient Log Correlation: The automation capabilities in XDR were highly appreciated by users as they enable efficient log correlation and turning data into meaningful insights. Several reviewers mentioned that this feature saves them time and enhances their overall productivity.
Comprehensive Security Monitoring: Users highlighted the product's ability to monitor firewall traffic, mail systems, and AWS infrastructure, providing comprehensive security monitoring. This feature was commended for its effectiveness in identifying potential threats from various sources.
User Interface: Users have found the user interface of Splunk Enterprise Security to be confusing and not user-friendly, with a steep learning curve. Some users suggest improving the UI by reducing the number of clicks required.
Troubleshooting and Integration: Several users have experienced difficulty troubleshooting and integrating Splunk with other products. They mention that customizations often require technical support which may not always be on point. There is a need for optimization when it comes to handling multiple data sources.
Default Searches and Alerts: Many users find the default searches and alerts provided by Splunk Enterprise Security to be not valuable and in need of customization. They suggest better alert suppression, improved permissions, and more support for certain tools. Furthermore, users desire a more polished version of the miter coverage dashboard.
Users commonly recommend the following for Splunk Enterprise:
-
Invest in proper training for personnel to avoid misuse and low performance. Users suggest that investing in training for staff is crucial to ensure effective use of the software and prevent any potential issues or underutilization.
-
Consider other products in the market and evaluate compatibility with your business needs. While users recommend Splunk Enterprise, they also suggest exploring alternative solutions to determine which one best suits their specific requirements and environment.
-
Try Splunk Enterprise for free and explore its documentation. Users advise others to take advantage of the free trial offered by Splunk Enterprise and thoroughly explore the product documentation. This will help users evaluate whether the software meets their needs and understand its features before making a purchase decision.
Attribute Ratings
- 8.9Likelihood to Renew3 ratings
- 9.1Availability1 rating
- 8.2Performance1 rating
- 7.6Usability2 ratings
- 6.6Support Rating6 ratings
- 8.2Online Training1 rating
- 9.1In-Person Training1 rating
- 9.1Implementation Rating1 rating
- 7.3Configurability1 rating
- 9.4Product Scalability100 ratings
- 6.4Ease of integration1 rating
- 8.2Vendor pre-sale1 rating
- 8.2Vendor post-sale1 rating
- 9.1Professional Services1 rating
- 7.3Contract Terms and Pricing Model1 rating
Reviews
(1-2 of 2)- Search and analyze cyber Security Threats
- cyber risk quantification of customer assents and identities
- manage notable events and security incidents
- investigate alerts from Splunk
- create always new security Use Cases
- reporting for board
- support company compliance functions in their activities
- we hard-worked to customize ES for multitenancy because this feature isn't present in ES
- Investigations aren't so easy to customize
- integration of ES with external Asset Management system isn't so easy to implement
- I should be very useful an integration with an external Vulnerability Management system (e.g. Tenable) to highlight dangerous areas and asset risk quantification
- Centralized event and log data collection
- 100%10.0
- Correlation
- 100%10.0
- Event and log normalization/management
- 100%10.0
- Deployment flexibility
- 100%10.0
- Integration with Identity and Access Management Tools
- 30%3.0
- Custom dashboards and workspaces
- 30%3.0
- Host and network-based intrusion detection
- 30%3.0
- Log retention
- 100%10.0
- Data integration/API management
- 80%8.0
- Behavioral analytics and baselining
- 80%8.0
- Rules-based and algorithmic detection thresholds
- 60%6.0
- Response orchestration and automation
- 60%6.0
- Reporting and compliance management
- 80%8.0
- Incident indexing/searching
- 70%7.0
- We're a Splunk Partner and we implemented many ES infrastructures for our customers
- We're too small and less structured 8especially in infrastructures) for use in our company
- Our customers are all satisfied by ES
- all SIEM features Implementation
- Threat intelligence
- Cyber Risk Quantification
- Support for Asset Inventory
- Support for Asset Inventory
- Cyber Risk Quantification
- Integration with our DSS platform for Cyber Risk Quantification (platform developed using Splunk Enterprise)
- Price
- Product Features
- Product Usability
ES feature and usability are winning points over all the other solutions, I think that only with a few reduction of ES price, there will not be any opportunity for other products.
- Third-party professional services
In addition, we used Splunk Profesisonal Services consultancy in one of our projects for the dimensions of the customers, because it needed a multi tenant installation (and ES isn't so) and for a final certification of the ES infrastructure developed.
- architectural Design and infrastructure dimensioning,
- ES configuration and tuning (installation was done by the custem by itself),
- log ingestion configuration (check of the ingestion already done by the customer),
- correlation searches migration (all custom correlation searches),
- threat intelligence configuration (all custom sources),
- final check and certification.
- ES isn't multi tenant but we had to implement multi tenancy to manage the customers of that SOC maintaining separation between them
- Online training
So I'd like to have multitenancy out of the box in ES features.
In addition I'd like to have an easier configurability for investigations and notable and security incidents management.
Then ES isn't a platform for improvisations: it need a knowledge of Splunk and a specific knowledge on ES itself.
I found some customer that tried to do all by itself, the result was only muck lost time.
In addition, out customer had two Threat Intelligence sources (MISP and Crowdstrike) and we had to customize the information update process taking data from that sources.
They are very expensive (probably too much and out of market) but I hada all the answers that me and the customer needed.
The support gave us a workaround to immediately solve the problem waiting if in the next release it will be solved.
It could be better in Notable and Security Incident management.
- Threat Intelligence
- Correlation Searches
- I know that ES isn't Multi Tenant, but it's very difficoult to configure and use it on many customers
- Investigations could be more easy to use
I had situation with a very performant infrastructure and I didn't notized that it was a distributed architecture, it seemed that there ware few data on my PC, othewise I experienced less performant infrastructures with less performaces.
- our DSS platform
- Vulnerability Management
- Asset Management
- Anti Fraud Management System
- File import/export
- Single Signon
- API (e.g. SOAP or REST)
The Splunk Enterprise smart integration featutes is the reason why we choosed this environment to develop out DSS solution that integrates information from many external systema.
In addition I'd like to also have some feature to easily export data to external systems.
In other words, I'd like to have the possibility to integrate many different asset managent sources from different final customers.
In addition, it's available the Oxygene 2 environment to have a demo environment.
Sometimes, the discount process should be less rigid and hear the indication from the partners and from the Splunk sales, because each customer has its own story, it's different from the others and requires a different approach.
It could be useful to have the possbility to give to the final customer a development period license: in few words, if I need a month to install and customize the solution for the final customer, the licesnse should start from the final acceptance test and not from the order date, because in this way the customer cannot have the license for the use or the full period they paid.
they worked with us in our last SON project (a SOC migration for a very large customer) and helped to build a multi tenent environment even if ES isn't a multi tenant platform.
Th Splunk PS was a very professional and competent people, he is italian and was able to speak with our italian customers.
usually they are ready and available to find the best approach for the customer.
I experienced only one negative situation: when a big price redution is needed to take the customer, Splunk sales need approvation from their management that sometimes isn't so flexible to understand the situation.
If it's possible to divide in separated packages the full installation package, probably the upgrade process could be easier.
I say this because I experienced an installation and an upgrade of ES in a customer with a slow connection and usually the process was aborted for timeout, so I needed to upload the package using SSH and instaling it via CLI, to avoid installation timeouts.
- bug solving
- new Correlation searches available
- multi tenancy (but I know that there isn't!)
SIEM is a word not even used when you realize what Splunk Enterprise Security can do for your Security Teams!
- Correlation searches
- Notable events
- Security use cases
- Console administration
- Log management
- Integration with more security vendors
- Centralized event and log data collection
- 100%10.0
- Correlation
- 100%10.0
- Event and log normalization/management
- 100%10.0
- Deployment flexibility
- 90%9.0
- Integration with Identity and Access Management Tools
- 90%9.0
- Custom dashboards and workspaces
- 90%9.0
- Host and network-based intrusion detection
- 90%9.0
- Log retention
- 100%10.0
- Data integration/API management
- 90%9.0
- Behavioral analytics and baselining
- 100%10.0
- Rules-based and algorithmic detection thresholds
- 100%10.0
- Response orchestration and automation
- 100%10.0
- Reporting and compliance management
- 100%10.0
- Incident indexing/searching
- 90%9.0
- Less time to remediate for security incidents
- Reduction of noisy alerts for security teams
- Integration with many sources to gain visibility