Cyber Tool Stack
All tools

Splunk Enterprise Security

By Splunk

An enterprise SIEM built on the Splunk platform and its SPL search language, with broad support for correlation, investigation, dashboards, and user behavior analytics. Cisco completed its acquisition of Splunk in March 2024, and the product continues under the Splunk brand.

Verified Source: 1

Product type
Software
Deployment
SaaSOn-premHybrid
Organization size
Mid-marketEnterprise
Pricing tier
$$$

Capability checklist

SIEM

How Splunk Enterprise Security measures up against the full Security Information & Event Management taxonomy.

Broad log ingestion — supported
Collects and normalizes logs from network, endpoint, cloud, and SaaS sources.
Correlation & detection rules — supported
Turns raw events into alerts via built-in and custom detection logic.
Fast historical search — supported
Query months of data quickly during investigations.
Behavior analytics (UEBA) — supported
Baselines user and entity behavior to flag anomalies.
Dashboards & reporting — supported
Compliance and operational reporting out of the box.
Detection-as-code — not supported
Manage detection rules in version control with CI.

Alternatives

Other Security Information & Event Management tools with overlapping capabilities, sized for similar teams.

Appears in stacks

Real-world stacks that include Splunk Enterprise Security.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.