Splunk Enterprise Security
By Splunk
An enterprise SIEM built on the Splunk platform and its SPL search language, with broad support for correlation, investigation, dashboards, and user behavior analytics. Cisco completed its acquisition of Splunk in March 2024, and the product continues under the Splunk brand.
Verified Source: 1
- Product type
- Software
- Deployment
- SaaSOn-premHybrid
- Organization size
- Mid-marketEnterprise
- Pricing tier
- $$$
Capability checklist
SIEMHow Splunk Enterprise Security measures up against the full Security Information & Event Management taxonomy.
- Broad log ingestion — supported
- Collects and normalizes logs from network, endpoint, cloud, and SaaS sources.
- Correlation & detection rules — supported
- Turns raw events into alerts via built-in and custom detection logic.
- Fast historical search — supported
- Query months of data quickly during investigations.
- Behavior analytics (UEBA) — supported
- Baselines user and entity behavior to flag anomalies.
- Dashboards & reporting — supported
- Compliance and operational reporting out of the box.
- Detection-as-code — not supported
- Manage detection rules in version control with CI.
Alternatives
Other Security Information & Event Management tools with overlapping capabilities, sized for similar teams.
Appears in stacks
Real-world stacks that include Splunk Enterprise Security.