I have used Splunk Enterprise Platform for advanced threat detection.

What I appreciate most about Splunk Enterprise Platform is its strong capability in detecting anomalies and preventing system outages. Since I have been working with Splunk Enterprise Platform extensively, I can confirm that it performs exceptionally well in these areas.

There are areas where Splunk Enterprise Platform could improve.

[Full sentence answer to 'For how long have I used the solution?' from the text.]

I believe the scalability of Splunk Enterprise Platform is sufficient.

I would rate Splunk Enterprise Platform's support at eight out of ten.

The initial deployment of Splunk Enterprise Platform was not difficult in my opinion.

The most notable differences between Splunk Enterprise Platform and other solutions are the improved application management features.

Splunk Enterprise Platform serves as our SIEM solution from Splunk, which is a market leader. It is a SIEM solution for log management and correlations. We have multiple logs from most of our infrastructure tools and security products. We obtain these rules and logs through many protocols including syslog and API. We then normalize and correlate this data and create incidents based on the activity running on our infrastructure.

I appreciate the API, the protocols, and the workflows as it functions as a SIEM solution. The main function is correlation.

The best features I value about Splunk Enterprise Platform include a great correlation rule that allows me to edit and generate alerts based on any event in an easy and fast way. I can accomplish this in a short period of time, and afterward, I can see incidents based on the correlation rule in a very professional and effective way.

I value the incident management and the correlations.

Splunk Enterprise Platform helps in detecting anomalies and preventing outages. The main core function for any SIEM is to have correlation. For example, if you receive user activity on a VPN logging in from Egypt, then after a while you receive logs from the firewall showing the same user logging in with a VPN from Ukraine, it is not logical that the user would move from Egypt to Ukraine in just five minutes. Splunk Enterprise Platform will create an incident and detect this as a credential compromise because we have a successful login from another location. This is the magic of correlation. We receive many events, we correlate these events, and then we can create an incident. After that, we have Splunk SOAR to take actions in an automation process to stop this incident without any management or any actions from the team.

The end-user experience is enhanced by the security product, as we have a return on investment on lower security incidents. After we implemented it with the SOC and Splunk SOAR, we can stop phishing and spam. The end-user experience will not see many phishing domains; they will be reduced. Security incidents will be reduced. Network performance will be very good after we implement it because we can detect who is scanning our network and creating a bottleneck on the network. We can stop and detect this with Splunk, whether it is SIEM from Splunk or SIEM with SOAR.

I use the machine learning toolkit with Splunk Enterprise Platform. The machine learning is very good on Splunk, but it sometimes makes searching for events become slow, so we have stopped using it. I think this needs improvement on Splunk.

The machine learning has room for improvement.

I think threat management needs improvement when compared to other vendors.

I compare Splunk Enterprise Platform with other solutions and vendors and see a very good point on pricing. We have Splunk at a very high cost, but I can say that other vendors working with mid-size customers can compete against Splunk. However, compared to Splunk, it is very expensive compared to other vendors. I think after the acquisition from Cisco, we can get discounts for licensing, and I believe Cisco will reconsider the pricing for Splunk Enterprise Platform.

I would prefer to see improved pricing for Splunk Enterprise Platform.

My thoughts on the pricing are that it is not cheap.

I have thoughts on the advanced threat detection, and I see that it is integrating with threat intelligence, and I believe this needs improvement.

I have been using this solution for about two years. We have deployed many services from Splunk here in Egypt. Most of it is a SIEM solution from Splunk. We also have SOAR from Splunk, and we are running it on the largest bank here in Egypt. Most of the portfolio from Splunk that I have worked with was over approximately two years.

Regarding scalability, Splunk Enterprise Platform, like any SIEM solution, provides scalability. Whenever we receive more logs, we can easily scale. I rate this aspect as a ten.

I rate the technical support as very good.

The deployment was not easy, nor was it complex. It requires a professional and certified engineer to deploy the product, as many SIEM solutions do. One cannot easily deploy a SIEM solution. You have to work on correlations and personalize the dashboard. There is a lot of configuration for any SIEM solution, not only Splunk Enterprise Platform.

I would advise others looking to implement this product to totally recommend it. I recommend this both before and after the acquisition. I totally recommend acquiring Splunk Enterprise Platform portfolio, whether it is Splunk SOAR, Splunk Cloud, or Splunk Enterprise Platform. I rate this solution a ten overall.

I still work with Splunk Enterprise. I want to clarify that I am only working with Splunk Enterprise, not with Splunk AppDynamics, Splunk Cloud Platform, or Splunk Enterprise Platform. I am solely focused on Splunk Enterprise for my current work.

I have been working with this platform for almost the last five years, even more than that. Overall, it has been around 17 years that I have been working in IT and with software in general, not only Splunk but other software as well. That was really good. The primary use for us was anomaly detection and system outage prevention, and Splunk was definitely helpful to us in those areas. The personalized dashboards in Splunk have helped me significantly with my overall workflow.

We are using Splunk Enterprise Platform for advanced threat detection. The Splunk feeds go through different systems for SIEM audits, and we utilize them from there. Overall, Splunk Enterprise Platform impacts my organization positively, and I can see the benefit from using the product.

For improvement, I do see a lot of issues with Splunk support, particularly with response times. When there is an issue, finding the root cause is taking too long. The system shows some error infrastructure-wise, but that error is not directly linked with the problems. There are some delays with the response time from their technical support, and I am not very satisfied with their work in this regard.

I have been working with this platform for almost the last five years, even more than that.

There was no complexity with implementation. It was straightforward for me and my team, with no complexities involved.

I do not see any challenges with scalability right now. Integration with third-party tools is quite easy, and I have not noticed any difficulties in this area.

Regarding the technical support of Splunk, there are some delays with the response time, and I am not very satisfied with their work in this regard.

Before Splunk, I worked with Dynatrace and AppDynamics. Splunk is the one directly used for log analytics and anomaly detection. I have not worked with any competitors such as Datadog.

We were moved from AppDynamics to Dynatrace. We used AppDynamics more for transaction tracing. From there, we were strategically moved into Dynatrace. For the entire log monitoring, we still recommend Splunk Enterprise Platform. We still use Dynatrace for the other transaction trace and other services. The reason for switching from AppDynamics to Splunk Enterprise Platform was that we needed a dedicated solution specifically for log monitoring and anomaly detection.

I cannot say directly about cost reduction, but it is returning on our platform in terms of detections. In terms of finance, I do benefit from Splunk Enterprise Platform, and it provides a return on investment.

Right now, the Enterprise version is reasonable. When we go for Splunk Cloud or something similar, we recently had negotiations, and that is acceptable. When it comes to Enterprise, it is definitely reasonable in terms of pricing.

We are not using Splunk's Machine Learning Toolkit directly, but the Splunk feeds are still going back to the originating machine learning systems.

The most valuable feature I have found so far is the correlation rule. That seems to be very valuable for us. I can create any alert using the correlation rule, which seems to be interesting for me.

I use Splunk Enterprise Platform for advanced threat detection with the correlation rules, nothing else. We have only very few customers, just two customers. They are not interested in those higher versions of Splunk Enterprise Platform. We rely completely on the correlation rule. We highly rely on this correlation rule.

The personalized dashboards in Splunk Enterprise Platform are a good feature. We have created multiple dashboards. It is easy and understandable, and whatever we need, we can get it. It is not only with Splunk Enterprise Platform but with all the other products. I would say we can go ahead and create a customized dashboard. Since I am working for SOC, I do have an internal dashboard that I have for myself where I have all the service metrics dashboard available. I make use of that rather than going directly into Splunk Enterprise Platform creating there.

I think the machine learning toolkit is fine, but when I talk about threat intelligence, it is not that effective. Since recently, I think Splunk Enterprise Platform has acquired Cisco, which has acquired VirusTotal if I am not wrong. I think VirusTotal. Initially, what used to happen was that the threat intelligence source I used for Splunk Enterprise Platform was not regularly updated. I faced challenges there, and then finally, when I went ahead and researched, I found that VirusTotal is readily available to be used in Splunk Enterprise Platform. So I integrated it, and as of now, I am making better use of it.

The effectiveness of Splunk Enterprise Platform in detecting anomalies and preventing system outages completely depends upon the correlation rule, but when it comes to threat intelligence, I have not explored much of the source side. I am mostly on the SIEM side. Though I have some features that I have integrated, I am mainly working on the SIEM side rather than the source side.

The application management feature, which I believe refers to the interface, is not that attractive, I would say. It is a simplified version, and I am using the cloud platform of Splunk Enterprise Platform instance. It is simple, but it is okay. It is manageable.

I definitely find it problematic, and I think they could need to have more nuances and more features when it comes to the interface. It should be more extended.

From my perspective, Splunk Enterprise Platform can be improved by first making the GUI, the interface, more attractive. The second improvement should try to include all the threat intelligence into that platform, integrating all threat intelligence. The behavior monitoring is a bit of a concern because I do not see much detection. Maybe that is because I am using only the correlation ID, but still, the behavior monitoring should automatically detect. Even if it is a SIEM solution, if I create some rule, that is what I have customized it for. I am not sure if SOAR has that capability, but in case SOAR does have that capability, if not, then they have to improve their machine learning and behavior analytics. I have been in touch with different technicians from different organizations, and they have mentioned these challenges. There are a few drawbacks when it comes to Splunk Enterprise Platform.

I find the price a bit high, I would say. A bit high.

I have been working with this product for one and a half years.

I have no problem with the technical support provided by Splunk Enterprise Platform at all. I do get support whenever needed. I would rank them at an eight, with ten being the highest.

As for the initial setup and configuration for Splunk Enterprise Platform, I will not say it is easy. It is a bit complicated. But since I have support, that makes my life easier. It is a bit complicated compared to Trend Micro, compared to CrowdStrike, and compared to Microsoft Sentinel or Defender for Cloud, Defender for Endpoint. Splunk Enterprise Platform is on the complicated side.

As of now, I am pitching in for Microsoft Sentinel. I am also pitching in for CrowdStrike, which is also a bit expensive, but the only product that I pitch in is Microsoft's product, which is Microsoft Defender for Cloud for Servers, and Defender for Endpoint, Defender for Cloud Apps, Defender for Office, all those products. Defender is one of the cheaper ones. In case a customer is not okay with Microsoft, I pitch in CrowdStrike. First, I pitch in Trend Micro, and then I pitch in CrowdStrike, with CrowdStrike being at the higher price range.

One advantage these competitors have over Splunk Enterprise Platform besides lower pricing is that with one of my customers, they can fetch logs from all sources and bring them into Splunk Enterprise Platform. They can control the logs that are not required. My continuous monitoring allows me to ensure that in case there are certain logs that are no longer required, along with the architect, I can discuss that and bring down the overall log size to around 40 GB per day. I am talking about a log source that is more than 20 as of now for this customer.

The products that have this feature are CrowdStrike and Trend Micro, which have to be configured using the API. Even Microsoft has it, but Microsoft faces a lot of challenges when it comes to pulling a log from a log source that does not have an inbuilt connector. There is a challenge there. However, when it comes to Trend Micro and CrowdStrike, it is a bit easier there using APIs.

I would recommend Splunk Enterprise Platform for bigger companies.

In the future, I expect additional features such as threat intelligence, behavior analytics, log searching, and machine learning capabilities.

As for any other functionalities I would like to see from them in the future, I do not have anything to add right now. I have something in my mind, and in case I remember, I will go ahead and add it.

Splunk Enterprise Platform is very popular in my region. My overall review rating for this product is seven out of ten.

I am working with Splunk Enterprise Platform, and I have worked with Enterprise and ITSI, both. Sometimes I have worked with ES also, Enterprise Security.

I use Splunk Enterprise Platform mostly for log monitoring. In our company and our projects, we are monitoring for log monitoring, we are using Splunk. After that, we have created some dashboards according to our requirement and alerts and reports. Sometimes for historical data, we have created summary indexing. We are managing our Splunk Enterprise Platform infrastructure like search head, indexers, deployment server, and license master. We have 1,000, you could say 10,000+ UF. Some of them we are using with apps like Splunk DB Connect. For Kafka, we are using different add-ons for sending our data to Splunk Enterprise Platform from different log paths and log sources. That is the main use for Splunk Enterprise Platform. Mostly we are using it for log monitoring.

When I talk about Splunk Enterprise Platform, I can say that Splunk Enterprise Platform is, whatever the tool I have worked from my last eight, nine years of experience in my overall corporate journey, a very powerful tool where I can customize everything as per my requirement. There is no hesitation and there is no limitation for my customization. Whatever I want, I can do that from Splunk Enterprise Platform. If I am talking about tools other than Splunk Enterprise Platform, they are not very vast, or not good enough to customize. Here I can customize. If I need to customize from backend side, I can do whatever using Python, Java. If I want to create some things, that is a different thing. In every project, the requirements differ. If I need JavaScript in my platform, in my dashboard, where I want to customize and play with the dashboard according to my requirement, I can use JavaScript. I send the data, I can use Python script to send the data to Splunk Enterprise Platform. There are very different things. Mostly the SPL, which I am using, has already covered most of the things. But for what is not covered, I can use some different things also.

In my opinion, the effectiveness of Splunk Enterprise Platform in detecting anomalies for preventing system outages is very good. It is improving day by day.

When I talk about the personalization dashboard in Splunk Enterprise Platform, I can easily customize my dashboard.

Even if people do not know about Splunk Enterprise Platform, they want to create the dashboard, they can just drag and drop. They can add a widget and choose some visualization like a bar chart. If they do not know about the XML or the backend of their dashboards, they can still do it from the UI only.

The Application Management feature in Splunk Enterprise Platform may help enhance the end-user experience, but I need to check that.

Advanced threat detection in Splunk Enterprise Platform is very good enough to detect anomalies and detect vulnerabilities. Splunk Enterprise Platform has a different product called Splunk ES, which is a very good product in cybersecurity. I can easily detect some problems, and it automatically sends alerts. The anomaly detection is very good for live production data. Whenever an anomaly comes in an application, it automatically resolves and just gives the notification. It creates incidents or whatever is needed, where I can integrate with different tools like PagerDuty, Moogsoft, or even send my data into Slack if I am not using ServiceNow.

For a potential area of improvement in Splunk Enterprise Platform, I can say to try to make it easy for the user and user-friendly.

Simplifying the UI would help, because not everybody has it in their knowledge. If you want to sell your product, you will go with the company CIO, Chief Information Technology Officer. I do not think he will be working on that project; he will be working on your tool. Their resources, their employees will be working on Splunk Enterprise Platform. If you will show them the UI where they can understand, even if they do not know about any coding, they can just play, drop, and drag. If you satisfy them, then anyone will work on their tool in their company. I just want to give you the business perspective, because if you talk to any CIO, they are looking first at the UI part. They will not look into the coding part; they will just check the UI. If the UI is user-friendly, it will attract every person.

There is very much improvement needed from Splunk vendor support side because they need to check what people are raising in the requests. They do not understand the concerns people are raising. I do not think Splunk is working on their application support, I believe they hire third-party people who do not know as much about Splunk Enterprise Platform.

Regarding deep knowledge of the product, I am talking about the technical aspects. If anyone says something is not working, it seems many cases I have raised where they do not reply to my request adequately. That is why I say there is a requirement for improvement.

I have been working with Splunk Enterprise Platform for the last six years.

From one to ten, I would rate the stability for Splunk Enterprise Platform as a nine.

I would rate the scalability as an eight.

For technical support from Splunk, I can say it is a two only.

The setup process for Splunk Enterprise Platform is very simple.

In my opinion, the main competitors for Splunk Enterprise Platform in the Enterprise Platform market are Dynatrace and DataDog. Recently, at a Dynatrace conference, they mentioned their goal to beat Splunk Enterprise Platform in the future.

DataDog is also relevant. For open-source options, ELK is available for those who need a more budget-friendly solution since Splunk Enterprise Platform is not open source and is quite costly.

I am working with Splunk Enterprise Platform and Dynatrace, and my feedback was really valuable for us.

I am using Splunk Enterprise Platform, and I am combining it with a Cloud platform, AppDynamics, and SOAR.

I worked with Splunk Machine Learning Toolkit, but that is a different thing. I have not worked so much on the MLTK side, so I cannot say anything, I cannot give more of an idea or feedback on that.

The ability to manage applications through Splunk Enterprise Platform is something I need to check.

I am talking about Splunk Enterprise Platform, and there is a lot it provides to the end user. The first thing for Splunk Enterprise Platform is that I can organize my data, like the Common Information Model, CIM, where there are different departments in my company and different application owners. Accordingly, they can set their data, which they do not want, they can just skip that. Whenever they need, they just use the simple one, and that data will be present. In one umbrella, they can see different locations and different data. In any organization, I have to organize my data. If I do not organize my data, then it would be very difficult to find it.

Directly, if I just check my application, I can enter my application, like in Linux. I just enter index equal to Linux, and it gives me all the details. Even in the dashboard, I select Linux, and it shows all the data, including vulnerabilities, CPU usage, and memory usage.

This is a really good point. Because people are not working on their tool. If I tell any technical problem in Splunk Enterprise Platform to the CIO, I do not think he will understand. He has not worked on it; he does not know what I am talking about. But if you present to him that our UI is very helpful to everyone in your organization, no matter if they are on the leadership team, application team, development team, testing team, or application support team, they can all use our tool easily without any hesitation. Even if they need help, Splunk Enterprise Platform has introduced AI, which helps answer any questions regarding SPL.

I purchased Splunk Enterprise Platform directly from the vendor.

I rate the price for Splunk Enterprise Platform as a five because it is very high. If the price were lower, there would be no tools in the market capable of competing with Splunk Enterprise Platform. The only reason people think about moving from Splunk Enterprise Platform to another tool is the price. I would rate this Splunk Enterprise Platform solution with an overall rating of eight.