Staff Security Engineer at a engineering company with 10,001+ employees
Jul 20, 2023
The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it.
Sr. Principal Info Sec Analyst at Veritas Technologies LLC
Jun 9, 2023
When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved.
Director of Security Engineering and Operations at a legal firm with 1,001-5,000 employees
May 12, 2023
I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work.
The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable.
Cyber Security Analyst II at a retailer with 10,001+ employees
Jun 11, 2024
Surprisingly, the mobile app is valuable because it is very convenient for our on-call analysts to respond and get alerted to security alerts and events wherever they are. We are able to harness the power of Splunk SOAR and everything that we are doing, and we are also able to alert our on-call analysts 24/7. From their mobile phone, they can respond to those alerts.
Senior Principal Site Reliability Engineer at Dell Technologies
Jun 25, 2024
SOAR allows custom code to be written and integrates with various technologies through pre-built apps like Windows Remote Management or custom apps we can build ourselves like a secret retrieval app from our vault.
Security Manager at a financial services firm with 5,001-10,000 employees
Jan 30, 2023
Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task.
Principal Security Engineer at a tech company with 51-200 employees
Jul 4, 2023
The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools.
Providing Splunk app developers and playbook developers Python Stub files so that way when they create custom code through their IDE, they can have IntelliCode suggestions.
Staff Security Engineer at a engineering company with 10,001+ employees
Jul 20, 2023
SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks.
Sr. Principal Info Sec Analyst at Veritas Technologies LLC
Jun 9, 2023
Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch..
Director of Security Engineering and Operations at a legal firm with 1,001-5,000 employees
May 12, 2023
We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them.
have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning.
Cyber Security Analyst II at a retailer with 10,001+ employees
Jun 11, 2024
Unfortunately, not all of our analysts are iPhone users or iOS users. The mobile app is only supported on iOS. Our analysts who have Android do not have that benefit. That would be a nice thing to have so that we can have it across the board and not just for iOS.
