Splunk Review

In the event of an incident, it has a rapid response search environment


What is our primary use case?

Although my company uses Splunk extensively, my use case is primarily the Enterprise Security add-on.

How has it helped my organization?

Splunk has enabled us to utilize many different data sources and is easy-to-use. It has a rapid response search environment in the event of an incident.

What is most valuable?

The correlation searches (properly configured) populate the Incident Management dashboard and provide me a quick birds-eye view of my most important concerns.

What needs improvement?

ES is very powerful, but it requires a mature security posture at the company to take advantage of it currently. The use cases provided by Splunk are a good starting point, but could cover many additional topics to ensure that a smaller or less experienced shop might maximize the value of an ES deployment.

For how long have I used the solution?

Less than one year.

Which solutions did we use previously?

We were using a different SIEM, which was old-fashioned and very structured.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email