Try our new research platform with insights from 80,000+ expert users
Splunk SOAR Logo

Splunk SOAR pros and cons

Vendor: Splunk
4.1 out of 5
Badge Leader
555 followers
Post review

Pros & Cons summary

Splunk SOAR enhances security management with risk-based access control and offers flexible integration and automation playbook development, saving time for analysts. Its extensive library of pre-built integrations streamlines workflows, though API connectivity needs improvement. While advanced searchability simplifies log management, the integration with Microsoft and identity solutions is lacking. The platform is costly for small customers, and better simulation tools and upgrade processes are needed, alongside improved training materials.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Splunk SOAR offers robust risk-based access control.
It features extensive and flexible integration capabilities with other tools and systems.
Automation and orchestration functionalities are highly praised, particularly the playbook automation.
The scalability of Splunk SOAR is considered its best feature, effectively streamlining workflows.
Splunk SOAR's pre-built integrations and ability to automate processes significantly enhance efficiency and productivity.

CONS

Splunk SOAR lacks robust API integration with various systems and data sources.
Integration with Microsoft products presents significant challenges.
The current pricing model is not feasible for smaller organizations and regions.
There is a notable absence of simulation tools and features.
Scaling and scalability need enhancement for better performance.
 

Splunk SOAR Pros review quotes

reviewer2499567 - PeerSpot reviewer
Jun 12, 2024
The most valuable features are the Splunk SOAR apps and playbooks.
Read full review
reviewer2239809 - PeerSpot reviewer
Jul 20, 2023
The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it.
Read full review
Shubham Sinha. - PeerSpot reviewer
Jun 9, 2023
When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved.
Read full review
Buyer's Guide
Splunk SOAR
January 2025
Free Report: Splunk SOAR Reviews and More
Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
DOWNLOAD NOW
838,640 professionals have used our research since 2012.
reviewer2182467 - PeerSpot reviewer
May 12, 2023
I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work.
Read full review
SB
Jul 20, 2023
The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable.
Read full review
reviewer2499171 - PeerSpot reviewer
Jun 11, 2024
Surprisingly, the mobile app is valuable because it is very convenient for our on-call analysts to respond and get alerted to security alerts and events wherever they are. We are able to harness the power of Splunk SOAR and everything that we are doing, and we are also able to alert our on-call analysts 24/7. From their mobile phone, they can respond to those alerts.
Read full review
Rodrigo Scorsatto - PeerSpot reviewer
Jun 25, 2024
SOAR allows custom code to be written and integrates with various technologies through pre-built apps like Windows Remote Management or custom apps we can build ourselves like a secret retrieval app from our vault.
Read full review
MD MASRURUL HODA - PeerSpot reviewer
Jan 30, 2023
Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task.
Read full review
MK
Jul 4, 2023
The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools.
Read full review
Siddharth Matalia - PeerSpot reviewer
Jan 27, 2023
The customizable playbook is the most valuable aspect of the solution.
Read full review
Show 10 more reviews (out of 43)
 

Splunk SOAR Cons review quotes

reviewer2499567 - PeerSpot reviewer
Jun 12, 2024
Providing Splunk app developers and playbook developers Python Stub files so that way when they create custom code through their IDE, they can have IntelliCode suggestions.
Read full review
reviewer2239809 - PeerSpot reviewer
Jul 20, 2023
SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks.
Read full review
Shubham Sinha. - PeerSpot reviewer
Jun 9, 2023
Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch..
Read full review
Buyer's Guide
Splunk SOAR
January 2025
Free Report: Splunk SOAR Reviews and More
Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
DOWNLOAD NOW
838,640 professionals have used our research since 2012.
reviewer2182467 - PeerSpot reviewer
May 12, 2023
We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them.
Read full review
SB
Jul 20, 2023
have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning.
Read full review
reviewer2499171 - PeerSpot reviewer
Jun 11, 2024
Unfortunately, not all of our analysts are iPhone users or iOS users. The mobile app is only supported on iOS. Our analysts who have Android do not have that benefit. That would be a nice thing to have so that we can have it across the board and not just for iOS.
Read full review
Rodrigo Scorsatto - PeerSpot reviewer
Jun 25, 2024
While there have been improvements to the investigation process, particularly with the playbook data, the current log review method is cumbersome.
Read full review
MD MASRURUL HODA - PeerSpot reviewer
Jan 30, 2023
The technical support for the Splunk SIEM solution was average.
Read full review
MK
Jul 4, 2023
There is a lot of room for improvement with the UI.
Read full review
Siddharth Matalia - PeerSpot reviewer
Jan 27, 2023
What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed.
Read full review
Show 10 more reviews (out of 43)

Product Categories

Product Categories
Security Orchestration Automation and Response (SOAR)

Popular Comparisons

Popular Comparisons
Microsoft Sentinel vs Splunk SOAR Logo
Microsoft Sentinel vs Splunk SOAR
Elastic Security vs Splunk SOAR Logo
Elastic Security vs Splunk SOAR
AWS Security Hub vs Splunk SOAR Logo
AWS Security Hub vs Splunk SOAR
Palo Alto Networks Cortex XSOAR vs Splunk SOAR Logo
Palo Alto Networks Cortex XSOAR vs Splunk SOAR
Exabeam vs Splunk SOAR Logo
Exabeam vs Splunk SOAR
ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR
ServiceNow Security Operations vs Splunk SOAR Logo
ServiceNow Security Operations vs Splunk SOAR
Tines vs Splunk SOAR Logo
Tines vs Splunk SOAR
Fortinet FortiSOAR vs Splunk SOAR Logo
Fortinet FortiSOAR vs Splunk SOAR
Logpoint vs Splunk SOAR Logo
Logpoint vs Splunk SOAR
Torq vs Splunk SOAR Logo
Torq vs Splunk SOAR
Swimlane vs Splunk SOAR Logo
Swimlane vs Splunk SOAR
IBM Resilient vs Splunk SOAR Logo
IBM Resilient vs Splunk SOAR
McAfee ePolicy Orchestrator vs Splunk SOAR Logo
McAfee ePolicy Orchestrator vs Splunk SOAR
Google Security Operations vs Splunk SOAR Logo
Google Security Operations vs Splunk SOAR
See all alternatives

Product Categories

Product Categories
Security Orchestration Automation and Response (SOAR)

Popular Comparisons

Popular Comparisons
Microsoft Sentinel vs Splunk SOAR Logo
Microsoft Sentinel vs Splunk SOAR
Elastic Security vs Splunk SOAR Logo
Elastic Security vs Splunk SOAR
AWS Security Hub vs Splunk SOAR Logo
AWS Security Hub vs Splunk SOAR
Palo Alto Networks Cortex XSOAR vs Splunk SOAR Logo
Palo Alto Networks Cortex XSOAR vs Splunk SOAR
Exabeam vs Splunk SOAR Logo
Exabeam vs Splunk SOAR
ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR
ServiceNow Security Operations vs Splunk SOAR Logo
ServiceNow Security Operations vs Splunk SOAR
Tines vs Splunk SOAR Logo
Tines vs Splunk SOAR
Fortinet FortiSOAR vs Splunk SOAR Logo
Fortinet FortiSOAR vs Splunk SOAR
Logpoint vs Splunk SOAR Logo
Logpoint vs Splunk SOAR
Torq vs Splunk SOAR Logo
Torq vs Splunk SOAR
Swimlane vs Splunk SOAR Logo
Swimlane vs Splunk SOAR
IBM Resilient vs Splunk SOAR Logo
IBM Resilient vs Splunk SOAR
McAfee ePolicy Orchestrator vs Splunk SOAR Logo
McAfee ePolicy Orchestrator vs Splunk SOAR
Google Security Operations vs Splunk SOAR Logo
Google Security Operations vs Splunk SOAR
See all alternatives
Related questions
  • 47
Which Do You Recommend, Phantom or Demisto?
  • 146
What are the Top 5 cybersecurity trends in 2022?
  • 3,299
What is the difference between SIEM and SOAR platforms?
  • 746
What is an incident response playbook and how is it used in SOAR?
  • 234
What are the latest trends in Security Operations Center (SOC)?
  • 61
What tools and solutions do you use for automated incident response in an enterprise in 2022?
  • 292
How to evaluate SIEM detection rules?
  • 229
Why a Security Operations Center (SOC) is important?
  • 117
What types of Security Operations Center (SOC) deployment models do exist?
  • 16
Why is Security Orchestration Automation and Response (SOAR) important for companies?