Splunk Review

Looks for incidents which could cause damage to a company's infrastructure

What is our primary use case?

With the use of Splunk, we were able to identify a brute force attack against a "switch" network device. An external attacker attempted to connect multiple times using multiple usernames. Splunk was able to detect these attempts and immediately blocked these attempts.

How has it helped my organization?

Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks.

What is most valuable?

Splunk's ability to receive all types of data and identify it correctly. It obtains a correlation of the logs and identifies incidents.

What needs improvement?

Splunk can improve regex/asset analysis as we do not want to crawl until it is done. I could not find a timestamp for when the log was processed and generated.

For how long have I used the solution?

One to three years.

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Splunk reviews from users
...who work at a Financial Services Firm
...who compared it with LogRhythm NextGen SIEM
Learn what your peers think about Splunk. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
512,711 professionals have used our research since 2012.
Add a Comment
ITCS user