Try our new research platform with insights from 80,000+ expert users

Splunk SOAR pros and cons

Vendor: Splunk

4.1 out of 5

43 reviews
87% willing to recommend

557 followers

Pros & Cons summary

Splunk SOAR enhances security management with risk-based access control and offers flexible integration and automation playbook development, saving time for analysts. Its extensive library of pre-built integrations streamlines workflows, though API connectivity needs improvement. While advanced searchability simplifies log management, the integration with Microsoft and identity solutions is lacking. The platform is costly for small customers, and better simulation tools and upgrade processes are needed, alongside improved training materials.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Splunk SOAR offers robust risk-based access control.

It features extensive and flexible integration capabilities with other tools and systems.

Automation and orchestration functionalities are highly praised, particularly the playbook automation.

The scalability of Splunk SOAR is considered its best feature, effectively streamlining workflows.

Splunk SOAR's pre-built integrations and ability to automate processes significantly enhance efficiency and productivity.

CONS

Splunk SOAR lacks robust API integration with various systems and data sources.

Integration with Microsoft products presents significant challenges.

The current pricing model is not feasible for smaller organizations and regions.

There is a notable absence of simulation tools and features.

Scaling and scalability need enhancement for better performance.

Splunk SOAR Pros review quotes

reviewer2499567

Software Automation Engineer at Zivaro

Jun 12, 2024

The most valuable features are the Splunk SOAR apps and playbooks.

Read full review

reviewer2239809

Staff Security Engineer at a engineering company with 10,001+ employees

Jul 20, 2023

The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it.

Read full review

SS

Sr. Principal Info Sec Analyst at Veritas Technologies LLC

Jun 9, 2023

When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved.

Read full review

Free Report: Splunk SOAR Reviews and More

Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.

823,875 professionals have used our research since 2012.

reviewer2182467

Director of Security Engineering and Operations at a legal firm with 1,001-5,000 employees

May 12, 2023

I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work.

Read full review

SB

Steven Bochniewicz

Security Architect at University of Maryland

Jul 20, 2023

The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable.

Read full review

reviewer2499171

Cyber Security Analyst II at a retailer with 10,001+ employees

Jun 11, 2024

Surprisingly, the mobile app is valuable because it is very convenient for our on-call analysts to respond and get alerted to security alerts and events wherever they are. We are able to harness the power of Splunk SOAR and everything that we are doing, and we are also able to alert our on-call analysts 24/7. From their mobile phone, they can respond to those alerts.

Read full review

Rodrigo Scorsatto

Senior Principal Site Reliability Engineer at Dell Technologies

Jun 25, 2024

SOAR allows custom code to be written and integrates with various technologies through pre-built apps like Windows Remote Management or custom apps we can build ourselves like a secret retrieval app from our vault.

Read full review

MD MASRURUL HODA

Security Manager at a financial services firm with 5,001-10,000 employees

Jan 30, 2023

Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task.

Read full review

MK

Principal Security Engineer at a tech company with 51-200 employees

Jul 4, 2023

The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools.

Read full review

Siddharth Matalia

Senior Technical Specialist at a manufacturing company with 10,001+ employees

Jan 27, 2023

The customizable playbook is the most valuable aspect of the solution.

Read full review

Show 10 more reviews (out of 43)

Splunk SOAR Cons review quotes

reviewer2499567

Software Automation Engineer at Zivaro

Jun 12, 2024

Providing Splunk app developers and playbook developers Python Stub files so that way when they create custom code through their IDE, they can have IntelliCode suggestions.

Read full review

reviewer2239809

Staff Security Engineer at a engineering company with 10,001+ employees

Jul 20, 2023

SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks.

Read full review

SS

Sr. Principal Info Sec Analyst at Veritas Technologies LLC

Jun 9, 2023

Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch..

Read full review

Free Report: Splunk SOAR Reviews and More

Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.

823,875 professionals have used our research since 2012.

reviewer2182467

Director of Security Engineering and Operations at a legal firm with 1,001-5,000 employees

May 12, 2023

We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them.

Read full review

SB

Steven Bochniewicz

Security Architect at University of Maryland

Jul 20, 2023

have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning.

Read full review

reviewer2499171

Cyber Security Analyst II at a retailer with 10,001+ employees

Jun 11, 2024

Unfortunately, not all of our analysts are iPhone users or iOS users. The mobile app is only supported on iOS. Our analysts who have Android do not have that benefit. That would be a nice thing to have so that we can have it across the board and not just for iOS.

Read full review

Rodrigo Scorsatto

Senior Principal Site Reliability Engineer at Dell Technologies

Jun 25, 2024

While there have been improvements to the investigation process, particularly with the playbook data, the current log review method is cumbersome.

Read full review

MD MASRURUL HODA

Security Manager at a financial services firm with 5,001-10,000 employees

Jan 30, 2023

The technical support for the Splunk SIEM solution was average.

Read full review

MK

Principal Security Engineer at a tech company with 51-200 employees

Jul 4, 2023

There is a lot of room for improvement with the UI.

Read full review

Siddharth Matalia

Senior Technical Specialist at a manufacturing company with 10,001+ employees

Jan 27, 2023

What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed.

Read full review

Show 10 more reviews (out of 43)

Product Categories

Product Categories

Security Orchestration Automation and Response (SOAR)

Popular Comparisons

Popular Comparisons

Microsoft Sentinel vs Splunk SOAR

AWS Security Hub vs Splunk SOAR

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Exabeam vs Splunk SOAR

ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR

ServiceNow Security Operations vs Splunk SOAR

Fortinet FortiSOAR vs Splunk SOAR

Tines vs Splunk SOAR

Logpoint vs Splunk SOAR

IBM Resilient vs Splunk SOAR

Swimlane vs Splunk SOAR

Torq vs Splunk SOAR

McAfee ePolicy Orchestrator vs Splunk SOAR

Google Security Operations vs Splunk SOAR

Cyware Cyber Fusion vs Splunk SOAR

See all alternatives

Product Categories

Product Categories

Security Orchestration Automation and Response (SOAR)

Popular Comparisons

Popular Comparisons

Microsoft Sentinel vs Splunk SOAR

AWS Security Hub vs Splunk SOAR

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Exabeam vs Splunk SOAR

ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR

ServiceNow Security Operations vs Splunk SOAR

Fortinet FortiSOAR vs Splunk SOAR

Tines vs Splunk SOAR

Logpoint vs Splunk SOAR

IBM Resilient vs Splunk SOAR

Swimlane vs Splunk SOAR

Torq vs Splunk SOAR

McAfee ePolicy Orchestrator vs Splunk SOAR

Google Security Operations vs Splunk SOAR

Cyware Cyber Fusion vs Splunk SOAR

See all alternatives

Related questions

54

Which Do You Recommend, Phantom or Demisto?

173

What are the Top 5 cybersecurity trends in 2022?

4,034

What is the difference between SIEM and SOAR platforms?

964

What is an incident response playbook and how is it used in SOAR?

300

What are the latest trends in Security Operations Center (SOC)?

62

What tools and solutions do you use for automated incident response in an enterprise in 2022?

360

How to evaluate SIEM detection rules?

315

Why a Security Operations Center (SOC) is important?

150

What types of Security Operations Center (SOC) deployment models do exist?

3

When evaluating Security Orchestration, Automation, and Response (SOAR), what aspect do you think is the most important to look for?