Splunk Enterprise

Avantages

Nous a permis de faire des dashboards sur le suivi des patching de nos VM sur le Cloud et de l'installation de Crowdstrike. Mais aussi de traquer l'utilisation du NTLM V1 pour le désactiver sur nos serveurs

Inconvénients

Les query sont un peu long et prennent un peu de temps à etre apprise

Avantages

Splunk offers various features whether you need to setup monitoring on your server, application logs based on logs ingestion set alerts so that teams got notified on real time and take actions accordingly. In this way, it helps to monitor application which are mission critical. You can make dashboards in Splunk where you can configure various components such indexes, data inputs and schedule reports as well. To achieve additional functionalities we can install third party apps as well such as AWS Add on for cloud watch log ingestion.

Inconvénients

From Admin perspective, I found user access management a little difficult. The roles of access management becomes complicated because some time the config files for that didn't came very handy. Other then that I think all in all Splunk provides fulfill all of the requirements.

Avantages

Splunk is provides a single tool for log aggregation, log analysis, and visualizations. Threat hunting, applying threat intelligence, and incident response are easily repeatable; pushing organizations to proactive security processes.

Inconvénients

Splunk is expensive, especially when an organizations is exploring and building new security or data use cases. It also requires a lot of engineering maintenance, making the quality of the data highly-dependent on the skill(s) of those supporting it. Many organizations do not maximize its benefit because it is poorly managed or supported by low-skilled employees.

Alternatives envisagées 

Pourquoi passer à Splunk Enterprise

Avantages

Makes it easy to identify trends within your environment. Once everything is aggregated it makes it easy for example, to see the knock on events of a network outage throughout the environment.

Inconvénients

Web user interface is a bit clunky. Its very polished interface, but in many cases it's style over substance. When I'm debugging an issue I want to be able to drill down into the problem fast, and the shiny interface can be sluggish and slow you down.h

Avantages

Best tracking and data analysis tool which help to monitor and manage the server and system component in very effective way. Real time Visualization helps to take the quick decision so that desired action can be taken to avoid failure.Best data collection in the forms of log and which helps to define the best set of automation jobs to fix the issue.

Inconvénients

There are few components or observation like,1. most of the time observes the slowness in the performance.2. Sometime observe the delay in the issue or updated log reflection on the portal. 3. Need more storage to manage and maintain the lo g which impact organizational costing and budget.