What is our primary use case?
The primary use case of this solution is for security management. We gather security logs from intrusion detection and prevention systems, such as firewalls, web application firewalls, and system logs from Linux and Windows servers, as well as anti-malware system logs.
We combine them with Splunk to analyze our security level for our company. We use this data to analyze our company security situation and to define security use cases, like attacks. When we find these attacks, we contain them and mitigate our security flaws in our business environment.
What is most valuable?
The Add data feature lets you gather any type of log and easily analyze it. This is easier than using other solutions like ArcSight or Elasticsearch for example.
We can use these logs with our data processes to explain our situation.
What needs improvement?
In the next release, I would like to see more integration with other solutions. For example, Juniper, ManageEngine, PAM (Privileged Access Monitoring), and Wallix.
For how long have I used the solution?
I have been using this solution for approximately three years.
How are customer service and technical support?
We don't use technical support because we are under sanction. We use our own knowledge and team to implement and to develop Splunk.
Which solution did I use previously and why did I switch?
We have used ArcSight and Elasticsearch.
How was the initial setup?
The initial setup is easy.
Splunk has a good community. They have good opinions and suggestions for deployment.
It took one year to deploy and implement Splunk completely.
What about the implementation team?
The implementation is easier than other solutions.
I implemented and deployed this solution by myself.
What other advice do I have?
I am not certified with Splunk, but I am a system administrator. I passed the fundamentals one and two.
This is a very good solution.
I would rate this solution a nine out of ten.