Splunk SOAR Reviews

Name: Splunk SOAR
Brand: Splunk
Rating: 4.1 (43 reviews)

Vendor: Splunk

4.1 out of 5

43 reviews
87% willing to recommend

557 followers

Post review

What is Splunk SOAR?

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.

Get the Splunk SOAR Buyer's Guide and find out what your peers are saying about Splunk SOAR, Microsoft Sentinel, AWS Security Hub and more!

Splunk SOAR is the #3 ranked solution in SOAR tools. PeerSpot users give Splunk SOAR an average rating of 8.2 out of 10. Based on the analysis of the 43 most recent Splunk SOAR reviews, the overall sentiment is positive, with a sentiment score of 7.4. Splunk SOAR is most commonly compared to Microsoft Sentinel: Splunk SOAR vs Microsoft Sentinel. Splunk SOAR is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 15% of all views.

Helped 816,660 peers since 2012

Featured reviews

Ryan Plas

SOAR Engineer at Accenture Federal Services

When it comes to Splunk SOAR's ability to provide end-to-end visibility into our company's cloud-native environment, I would say that we are not using the cloud portions of it. I don't know if that's super relevant to what we are doing in our organization. I am 100 percent sure that Splunk SOAR helped reduce your mean time to resolve, but I don't have any metrics on hand but I know it has dramatically decreased. The tool has helped with the business resilience part. I think having it as a platform has been a solid portion of the product that we offer to people. Spunk SOAR has definitely saved my time in alert triage. When some of the tedious enrichment and lookup stuff happens, the analyst doesn't have to deal with such areas, and they can just jump in and see relevant data all in one pane of glass, which has been super helpful for speeding things up. The unified platform helps consolidate networking, security, and IT observability tools. The consolidation of tools impacts our organization as it just helps focus the SOC analyst on a single unified place to find information. It helps keep things streamlined and regular so they know where to look for certain stuff they want. It really helps people with training. It is a really easy tool to onboard people into because everything is right there in the product itself. The product is really great. I would love to see more SOAR innovation going into the tool, especially the on-premises version since it is what we use in our company. I feel the tool needs to encourage continuous improvements, but as a product itself, my company is really happy with the solution. I rate the tool an eight out of ten.

Read full review

Rodrigo Scorsatto

Senior Principal Site Reliability Engineer at Dell Technologies

Splunk SOAR has a user-friendly interface that simplifies playbook creation. While some initial training is helpful, the drag-and-drop functionality and pre-built code generation features make it accessible even for those without extensive coding experience. This ease of use allows teams to quickly automate incident response tasks, reducing the business impact. Splunk SOAR helps us improve our data collection and automate operational tasks. While it enriches data, some actions require approval or additional information. For application outages, immediate action is crucial to avoid business impact, and time to respond is key to be able to identify the root cause of issues. For example, if a database server goes down, if the analyst doesn't check the issue right after it occurs, they may end up losing precious logs, which would help them identify the issue and avoid reoccurrence. Additionally, manual database tasks like service restarts or log checks are time-consuming. Splunk SOAR automates these tasks, enriching our log collection, running health checks, and generating reports for the database team. This allows for faster issue identification and resolution, ultimately contributing to high system availability and minimal customer impact. It provides a comprehensive solution for our environment's health. Splunk offers two key products: Splunk as an observability tool that detects critical issues, and Splunk SOAR, an automation platform that enriches data and even automates remediation actions. SOAR offers easy integration with various tools. We can leverage pre-built apps for common integrations or create custom ones. While Splunk integrations are automatic, SOAR's API allows us to send data from any observability tool using the SOAR API. This API offers different options to manage the platform, and one of the options is to create a container in SOAR, which can trigger the appropriate playbook based on a label name, simplifying integration with new tools and accelerating proof-of-concept deployments. Implementing a SOAR platform significantly improved our IT operations. Previously, frequent application downtime overwhelmed our busy operations team, forcing them to prioritize and leave some issues unresolved. SOAR automation relieved this pressure by allowing us to create playbooks that automatically detect and fix recurring problems. While the initial setup required developing playbooks and standards, the resulting reduction in alerts and faster issue resolution freed up the operations team's time and had a major positive impact on our overall IT environment. Our mean time to detect is within seconds. Before SOAR, manually detecting and resolving server issues was slow and unreliable. It could take hours for an overloaded team to identify a problem, and even longer to fix it, potentially impacting customers. SOAR automates this process, triggering immediate responses that take seconds, minimizing downtime, and ensuring a smooth customer experience. Our mean time to resolution is improved. SOAR helps resolve issues quickly by automating tasks through playbooks. When an issue is detected, SOAR can run a playbook to fix it or provide more information to analysts, expediting resolution. SOAR has significantly improved our efficiency by automating manual tasks. This frees our IT staff to focus on resolving issues faster and tackling more complex projects.

Read full review

Nagendra Nekkala.

Senior Manager ICT & at Bangalore International Airport Limited

The playbooks are great. They are very useful. We can define rules, including what the remediation should be. Everything gets clearly defined. You can set up different types of automation. It helps increase efficiency and productivity. The solution provides us with end-to-end visibility. It's easy to visualize and troubleshoot our cloud-native environment using Splunk. There's simple product management and quick detection and response that helps minimize risks. I can handle continuous monitoring from an operation control center. We can integrate with other systems. It's helped minimize incident tickets and my overall response time has been lowered. We began to realize benefits within three to four months of deployment. Splunk is very easy to use during an investigation. It's very straightforward. We've been able to reduce our security event volume by 50%. We've also been able to reduce our mean time to detect by about 25%. It's helped us save time and consolidate tools in our environment so that we can minimize staff appropriately. The automation makes all of this possible.

Read full review

Splunk SOAR mindshare

As of November 2024, the mindshare of Splunk SOAR in the Security Orchestration Automation and Response (SOAR) category stands at 8.8%, down from 9.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Orchestration Automation and Response (SOAR)

Key learnings from peers

Last updated Nov 21, 2024

Valuable Features

"Splunk has many features that make work easier, and it's simple to implement in a large production environment. Splunk collects a massive amount of data from cloud servers and handles it perfectly."
"Splunk integrates with so many products. It provides us with good information for us to be able to do our jobs."
"Its ability to integrate with other systems and applications in our environment is pretty easy. Sometimes if we see any complexity we try to involve a consultant to help us. Everything is through the built-in app. Splunk can connect to any assets through the built-in app. It could be in a platform, firewalls, or endpoints. It's easy if it's an app integration."

Room for Improvement

"The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginners to learn. It's hard for a new user to figure out how to visualize old threat data. It took two to three months to learn with hands-on experience how to use the dashboard, visualize events, and analyze threats."
"I haven't had any issues with the solution so far."
"The font used in the interface could be changed and made easier to read."

Pricing

"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."
"I found the price of Splunk SOAR to be good."
"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."

Stability

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Splunk SOAR Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

13%

Manufacturing Company

12%

Government

Energy/Utilities Company

University

Educational Organization

Retailer

Real Estate/Law Firm

Insurance Company

Construction Company

Healthcare Company

Comms Service Provider

Non Profit

Media Company

Outsourcing Company

Transportation Company

Hospitality Company

Legal Firm

Aerospace/Defense Firm

Wholesaler/Distributor

Mining And Metals Company

Recreational Facilities/Services Company

International Affairs Institute

Consumer Goods Company

Logistics Company

Performing Arts

Compare Splunk SOAR with alternative products

Learn more about Splunk SOAR

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Splunk SOAR was previously known as Phantom.