The primary use case of this solution is for security management. We gather security logs from intrusion detection and prevention systems, such as firewalls, web application firewalls, and system logs from Linux and Windows servers, as well as anti-malware system logs.
We combine them with Splunk to analyze our security level for our company. We use this data to analyze our company security situation and to define security use cases, like attacks. When we find these attacks, we contain them and mitigate our security flaws in our business environment.
The Add data feature lets you gather any type of log and easily analyze it. This is easier than using other solutions like ArcSight or Elasticsearch for example.
We can use these logs with our data processes to explain our situation.
In the next release, I would like to see more integration with other solutions. For example, Juniper, ManageEngine, PAM (Privileged Access Monitoring), and Wallix.
We don't use technical support because we are under sanction. We use our own knowledge and team to implement and to develop Splunk.
We have used ArcSight and Elasticsearch.
The initial setup is easy.
Splunk has a good community. They have good opinions and suggestions for deployment.
It took one year to deploy and implement Splunk completely.
The implementation is easier than other solutions.
I implemented and deployed this solution by myself.
I am not certified with Splunk, but I am a system administrator. I passed the fundamentals one and two.
This is a very good solution.
I would rate this solution a nine out of ten.
