Try our new research platform with insights from 80,000+ expert users

Splunk SOAR pros and cons

Vendor: Splunk

4.0 out of 5

44 reviews
85% willing to recommend

558 followers

Pros & Cons summary

Splunk SOAR offers robust automation and orchestration, saving analysts' time by reducing manual actions. Its praised integration flexibility with security and IT applications includes a library of pre-built and customizable playbooks to enhance productivity. API and REST integrations improve workflow management. However, API connectivity needs enhancements, documentation improvements are necessary, integration with identity solutions is insufficient, playbook development is complex, and costs can be prohibitive for smaller organizations.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Splunk SOAR provides extensive automation capabilities through customizable playbooks that significantly improve efficiency and productivity.

Splunk SOAR offers extensive integration capabilities with other tools and systems, enhancing its versatility and adaptability in diverse environments.

The playbook automation feature in Splunk SOAR reduces manual actions, allowing Security Operations Centers to handle threats more efficiently.

Splunk SOAR includes a comprehensive library of pre-built integrations, fostering connectivity across various security and IT applications.

The robust API and REST API features in Splunk SOAR enable seamless interaction with multiple systems, enhancing workflow management through automation and integration.

CONS

There are challenges with API connectivity to various systems and data sources.

Documentation and support could use improvement to ease implementation and troubleshooting.

Integration with external Identity and Access Management solutions is lacking, affecting visibility and management capabilities.

Simulation tools and features are missing, affecting playbook creation and testing processes.

Cost remains a significant barrier for smaller organizations, with pricing considered steep and not accommodating diverse customer sizes.

Splunk SOAR Pros review quotes

reviewer2499567

Software Automation Engineer at Zivaro

Jun 12, 2024

The most valuable features are the Splunk SOAR apps and playbooks.

Read full review

reviewer2239809

Staff Security Engineer at a engineering company with 10,001+ employees

Jul 20, 2023

The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it.

Read full review

Senior Principal Information Security Analyst at Veritas Technologies LLC

Jun 9, 2023

When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved.

Read full review

Free Report: Splunk SOAR Reviews and More

Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.

842,592 professionals have used our research since 2012.

reviewer2182467

Director of Security Engineering and Operations at a legal firm with 1,001-5,000 employees

May 12, 2023

I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work.

Read full review

SB

Steven Bochniewicz

Security Architect at University of Maryland

Jul 20, 2023

The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable.

Read full review

reviewer2499171

Cyber Security Analyst II at a retailer with 10,001+ employees

Jun 11, 2024

Surprisingly, the mobile app is valuable because it is very convenient for our on-call analysts to respond and get alerted to security alerts and events wherever they are. We are able to harness the power of Splunk SOAR and everything that we are doing, and we are also able to alert our on-call analysts 24/7. From their mobile phone, they can respond to those alerts.

Read full review

Rodrigo Scorsatto

Senior Principal Site Reliability Engineer at Dell Technologies

Jun 25, 2024

SOAR allows custom code to be written and integrates with various technologies through pre-built apps like Windows Remote Management or custom apps we can build ourselves like a secret retrieval app from our vault.

Read full review

MD MASRURUL HODA

Security Manager at a financial services firm with 5,001-10,000 employees

Jan 30, 2023

Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task.

Read full review

MK

Principal Security Engineer at a tech company with 51-200 employees

Jul 4, 2023

The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools.

Read full review

Siddharth Matalia

Senior Technical Specialist at a manufacturing company with 10,001+ employees

Jan 27, 2023

The customizable playbook is the most valuable aspect of the solution.

Read full review

Show 10 more reviews (out of 44)

Splunk SOAR Cons review quotes

reviewer2499567

Software Automation Engineer at Zivaro

Jun 12, 2024

Providing Splunk app developers and playbook developers Python Stub files so that way when they create custom code through their IDE, they can have IntelliCode suggestions.

Read full review

reviewer2239809

Staff Security Engineer at a engineering company with 10,001+ employees

Jul 20, 2023

SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks.

Read full review

Senior Principal Information Security Analyst at Veritas Technologies LLC

Jun 9, 2023

Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch..

Read full review

Free Report: Splunk SOAR Reviews and More

Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.

842,592 professionals have used our research since 2012.

reviewer2182467

Director of Security Engineering and Operations at a legal firm with 1,001-5,000 employees

May 12, 2023

We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them.

Read full review

SB

Steven Bochniewicz

Security Architect at University of Maryland

Jul 20, 2023

have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning.

Read full review

reviewer2499171

Cyber Security Analyst II at a retailer with 10,001+ employees

Jun 11, 2024

Unfortunately, not all of our analysts are iPhone users or iOS users. The mobile app is only supported on iOS. Our analysts who have Android do not have that benefit. That would be a nice thing to have so that we can have it across the board and not just for iOS.

Read full review

Rodrigo Scorsatto

Senior Principal Site Reliability Engineer at Dell Technologies

Jun 25, 2024

While there have been improvements to the investigation process, particularly with the playbook data, the current log review method is cumbersome.

Read full review

MD MASRURUL HODA

Security Manager at a financial services firm with 5,001-10,000 employees

Jan 30, 2023

The technical support for the Splunk SIEM solution was average.

Read full review

MK

Principal Security Engineer at a tech company with 51-200 employees

Jul 4, 2023

There is a lot of room for improvement with the UI.

Read full review

Siddharth Matalia

Senior Technical Specialist at a manufacturing company with 10,001+ employees

Jan 27, 2023

What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed.

Read full review

Show 10 more reviews (out of 44)

Product Categories

Product Categories

Security Orchestration Automation and Response (SOAR)

Popular Comparisons

Popular Comparisons

Microsoft Sentinel vs Splunk SOAR

Elastic Security vs Splunk SOAR

AWS Security Hub vs Splunk SOAR

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Exabeam vs Splunk SOAR

ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR

Tines vs Splunk SOAR

ServiceNow Security Operations vs Splunk SOAR

Fortinet FortiSOAR vs Splunk SOAR

Torq vs Splunk SOAR

Logpoint vs Splunk SOAR

Swimlane vs Splunk SOAR

IBM Resilient vs Splunk SOAR

Google Security Operations vs Splunk SOAR

McAfee ePolicy Orchestrator vs Splunk SOAR

See all alternatives

Product Categories

Product Categories

Security Orchestration Automation and Response (SOAR)

Popular Comparisons

Popular Comparisons

Microsoft Sentinel vs Splunk SOAR

Elastic Security vs Splunk SOAR

AWS Security Hub vs Splunk SOAR

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Exabeam vs Splunk SOAR

ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR

Tines vs Splunk SOAR

ServiceNow Security Operations vs Splunk SOAR

Fortinet FortiSOAR vs Splunk SOAR

Torq vs Splunk SOAR

Logpoint vs Splunk SOAR

Swimlane vs Splunk SOAR

IBM Resilient vs Splunk SOAR

Google Security Operations vs Splunk SOAR

McAfee ePolicy Orchestrator vs Splunk SOAR

See all alternatives

Related questions

44

Which Do You Recommend, Phantom or Demisto?

125

What are the Top 5 cybersecurity trends in 2022?

2,920

What is the difference between SIEM and SOAR platforms?

632

What is an incident response playbook and how is it used in SOAR?

186

What are the latest trends in Security Operations Center (SOC)?

54

What tools and solutions do you use for automated incident response in an enterprise in 2022?

257

How to evaluate SIEM detection rules?

184

Why a Security Operations Center (SOC) is important?

84

What types of Security Operations Center (SOC) deployment models do exist?

31

Why is Security Orchestration Automation and Response (SOAR) important for companies?