Splunk Security Essentials Reviews

My main use case for Splunk Security Essentials is for Enterprise Security, specifically the ES app.

Splunk Security Essentials is my primary tool for threat detection and monitoring because as a SOC team, we primarily believe in Splunk Security Essentials and use it as the main tool.

When I open Splunk Security Essentials at the start of a shift, the first thing I do is work on data engineering, where I onboard the log sources for Splunk Security Essentials and create use cases for them, so I am mostly focused on admin side work. I also need to connect with the SOC team for use case detections and fine-tuning the use cases.

When I first implemented Splunk Security Essentials in this environment, it took a week for each log source to onboard and to create use cases and implement the data model, CIM, etc., for production readiness.

Training is mandatory, and we need at least the Splunk Security Essentials User certification because it is a very critical resource in the organization, as we are handling security logs.

In my organization, Splunk Security Essentials is used not only by the SOC but also for monitoring logs across different teams, as it is important for handling both security and application logs, given its capability to manage unstructured logs.

Splunk Security Essentials has dramatically impacted my organization, as without it, we were blind to what is happening from both a security and application perspective, and it provides vital visibility into the organization's operations.

The biggest friction points I have with Splunk Security Essentials are the high license costs and user behavior that causes performance issues due to inappropriate wildcard searches. Additionally, we experience scaling issues with CPU load that impact indexes negatively, leading us to consider transitioning to Databricks for long-running searches.

The licensing costs could be lower to better support organizations.

I have been familiar with Splunk Security Essentials for seven years.

We experience scaling issues with CPU load that impact indexes negatively, leading us to consider transitioning to Databricks for long-running searches.

Before I joined this organization, I am not sure what tools were being used instead or what they were handling manually before Splunk Security Essentials was introduced, but I believe they were using some other SOC tools like QRadar and ArcSight.

When the team chose Splunk Security Essentials over those alternatives, the deciding factors included its flexibility, search power, app ecosystem, CIM, scalability, and dashboarding. I observed that Splunk Security Essentials is faster compared to others, has a better UI, and features a dedicated search language called SPL that makes it easy to query without needing to know structured languages.

My team needed formal training to work with Splunk Security Essentials.

When I first implemented Splunk Security Essentials in this environment, it took a week for each log source to onboard and to create use cases and implement the data model, CIM, etc., for production readiness.

Regarding numbers, we focus on real-time alerts that operate mostly below five, ten, and fifteen minutes, which helps us reduce MTTR, MTTD, and dwell time, although I find it challenging to quantify comparisons from different areas.

Before I joined this organization, I am not sure what tools were being used instead or what they were handling manually before Splunk Security Essentials was introduced, but I believe they were using some other SOC tools like QRadar and ArcSight.

Splunk Security Essentials has dramatically impacted my organization, as without it, we were blind to what is happening from both a security and application perspective, and it provides vital visibility into the organization's operations.

Currently, I am utilizing all the features during implementation without any missing modules. We are actively doing observability, ITSM, Phantom, and everything else required in our workflow, with only the limitation that we are focused on Splunk Security Essentials Enterprise rather than Splunk Security Essentials Cloud.

On a scale of one to ten, I rate Splunk Security Essentials nine out of ten for real-time detection, five for long-term reporting, four for licensing, nine for ecosystem level, nine for tool usage, and nine for usability compared to other platforms. On the enterprise side, I give Splunk Security Essentials a nine.

My advice for someone with a similar workflow to mine considering Splunk Security Essentials is to segregate their indexer clusters for logs and to ensure compliance with CIM to facilitate seamless administration and use. Additionally, utilizing Splunk Security Essentials App for Security Detections can provide comprehensive insights into the environment and its security frameworks.

I rate this product nine out of ten overall.

The advanced detection content is something I like the most about it.

SPL queries to detect, predict, and forecast future network attacks are examples of what I would like to see.

The benefits of this app were immediately apparent after installation.

It has many advanced SPL queries that allow us to identify advanced malicious activity or suspicious activity within our IT environment.

The advanced detection content is something I like the most about it.

They could add more AI content or AI and machine learning.

It took about 10 minutes.

Positive

It took about 10 minutes.

I'm using Splunk Enterprise.

We do use SOAR Mission Control, but not AppDynamics or Phantom.

We have another freemium app for infrastructure monitoring called ITSI, IT Essentials Work. We also have the ITSI module for virtualization.

I would have to rate Splunk Security Essentials a 10 out of 10 because it's free and there's tons of usable content.

My main use case for Splunk Security Essentials is that we have been working in an environment where we have to collect all the security logs from all the devices, perform the correlation, and finally provide output which matches the requirements of the organization.

When I open Splunk Security Essentials, our team continues to do monitoring through the SOC portal that we have. Splunk Security Essentials is an important feed for that SOC portal. Every day monitoring is happening and every time the team is checking the logs.

The best features of Splunk Security Essentials are the scalability and the way it can handle the events, which shows the width and the depth of the product. These features get used the most.

Splunk Security Essentials has impacted my organization in that we have been getting the results that we wanted. Earlier, the organization used to take hours to find that. Now the calls are available to us in a quick manner.

Regarding efficiency gains, the team is much more efficient now. The time that we are saving, we can easily consider a 30% time reduction is happening.

There are features I wish Splunk Security Essentials had that it does not have today, in terms of the data sources that can increase. A simple example is images. If we can add something like images and videos also, and add a data source and then do a search accordingly, that will be a great help to us.

If I could change one thing about Splunk Security Essentials, it would be pricing. I believe they are still very costly as compared to the competition. Pricing is definitely something that I wish can change.

I have been familiar with Splunk Security Essentials for almost two years.

Splunk Security Essentials is pretty good regarding the biggest friction point or frustration I have hit so far.

Before I landed on Splunk Security Essentials, we were using just the Syslog open-source software, as we were trying to do it manually.

When I first implemented Splunk Security Essentials, it took one month to get up and running.

We have already received professional training for that, so my team did not need any formal training on Splunk Security Essentials, as it was pretty intuitive to pick up.

These are not the power users. The entire team is using it as a normal operator, rather than just one department or a pilot, and not the whole company.

The other tool I considered besides Splunk Security Essentials was Elastic.

I decided on Splunk Security Essentials specifically over those alternatives because of the number of connectors, the compatibility with the ecosystem software, and the system is quite stable, so that made us go for that.

Splunk Security Essentials has changed how our team works together at all and how we collaborate. The team is much more aligned. They do not have to do the troubleshooting all the time. They are doing monitoring and now we can focus on the important things that are more important. I would rate this solution highly based on the value it has provided to our organization.

I use Splunk Security Essentials for monitoring as part of my organization. We use it for our security processes and to gather reports on performance, security, and bottlenecks. It's primarily utilized for automation capabilities, performance monitoring, and reporting within the bank where I work.

Splunk Security Essentials helps us manage performance and automate various tasks. It plays a significant role in performance testing, identifying bottlenecks, and managing the number of hits on our systems. It has streamlined our reporting processes and integrated well with other tools, enhancing our overall infrastructure efficiency.

The network monitoring feature is particularly valuable for gathering information about users, login times, and other statistics. It enables proper validation. Furthermore, it seamlessly integrates with our internal tools like Ab Initio and the database management systems. It also helps in gathering information from AWS, providing broad support for identifying threats and enhancing security.

The reporting feature needs to be more user-friendly. It would help if it were easier to generate reports similar to other cybersecurity tools. 

Additionally, more automation in alert systems would be beneficial. Improvement in AI-driven work could help accomplish tasks faster.

I have been using Splunk Security Essentials for two to three years.

I rate the stability of Splunk Security Essentials at around seven out of ten. It works well in our current setup.

Scalability is rated at about seven out of ten. While it is quite good, there is still room for more scalability to integrate with other tools.

The technical support from Splunk is commendable. They respond quickly, often within 24 hours, and provide necessary fixes and suggestions.

Neutral

In my testing background, I primarily used Power BI for reporting. However, due to licensing issues, I switched to using Tableau alongside Splunk for reporting purposes.

We have a dedicated tools team managing Splunk Security Essentials and other tools within the organization.

There is a return on investment for utilizing Splunk Security Essentials, as it helps manage our performance and automate various processes.

Pricing and licensing are managed by our vendor management team and are not under my purview.

Before Splunk Security Essentials, we were using Power BI for reporting until licensing changes moved us to Tableau.

I recommend Splunk Security Essentials as integration and monitoring are seamless and it has been a great tool for performance. 

Overall, I rate the solution at eight out of ten.

We use Splunk Security Essentials to monitor alerts. We implement correlation in the Splunk solution. Once we encounter a event, we assess its severity based on our preferences and send out notifications accordingly. Additionally, we perform health monitoring, checking the status of masters, heads, and shutdowns every 24 and 48 hours. If any issues arise, we document them and notify the relevant server owners for resolution. We also set up clusters every week and monitor the indexing rate provided by the engineering team. We analyze the data regularly based on standard procedures to ensure everything functions properly.

Once we've configured our logs, for example, if we need to monitor processes and IP addresses, we ensure these logs are being ingested into our Splunk instance. The logs gathered from various endpoints are then consolidated into our Splunk platform. Once the data is collected, we can create searches and dashboards to analyze it. With these searches and dashboards, we gain insights into events and can make informed decisions based on them. We'll examine the parameters of these events and take appropriate actions as necessary.

We are focusing on security to ensure incidents are reported efficiently. In addition to that, for reporting purposes, we are utilizing our dashboards or creating new ones. We will be using free visualization tools for this purpose.

The price could be improved.

I have been using Splunk Security Essentials as a customer for five years.

I rate the solution’s stability a seven out of ten.

We have a team that we are handling the solution.

I rate the solution’s scalability a nine-point five out of ten.

Technical support is not up to the mark.

Neutral

Deploying Splunk Security Essentials has been a challenge due to client approval issues. Despite multiple attempts, the client has not approved our deployments. We need to generate a pattern for testing purposes. VPN deployment only takes a few minutes once we gain hands-on experience with this client. 

We'll deploy within 15 days if we get approval. If we don't get approval, it will take much longer.

The solution is expensive.

Overall, I rate the solution an eight out of ten.

We use Splunk Security Essentials. We have projects, though not many projects per year.

The solution is used to resist cyber attacks.

They have a good catalog of plans to use to resist the attacks.

We improved the way we use the Splunk platform.

The main challenge is to distinguish between the important attacks and the very small attacks.

I have not used Splunk Security Essentials' customizable dashboards.

I have not taken advantage of the pre-built security use cases in Splunk.

I have been working with Splunk Security Essentials for a few years.

We have good support, rating it seven or eight out of ten.

Positive

It takes a lot of time to install Splunk Security Essentials. It's not very difficult, but it requires time.

I spend more time on the installation of Splunk Security Essentials.

The installation takes around one month or more.

We also have to enter all the data and so on, which takes additional time.

Two engineers from our side took part in the installation.

I participated in this process as well.

It's easy to assess the integration of Splunk Security Essentials with other tools. On a scale of one to ten, I rate Splunk Security Essentials a seven.