Splunk is one of the most popular and time-tested SIEM solutions on the market at the time of writing. It is trusted by more than 15,000 customers worldwide for the protection of CIs. In this section, we will review some of the features Splunk supports for security monitoring and alerting.
A high-level overview of the Splunk platform is depicted in the following visual:
Splunk as a platform provides a range of sub-products which cater to specific organizational needs. In the context of this chapter, let us review the high-level features of Splunk Enterprise Security and Splunk Light.