We use the solution to search the logs, check the threat indicators, threat tasks, etc. It helps us check any alerts that we get in the alert report. Based on that, we react to that particular alert.
Manager Product Security and Operations at a computer software company with 10,001+ employees
Helps to save time and offers details into alerts
Pros and Cons
- "The tool's most valuable feature is its searchability and ease of action on the logs. I can easily search within the logs and take action on them, and I can trace them back to my environment because the way the logs are written is very helpful for us."
- "The tool's response is slower because it has to search through a huge dataset, which can be improved for latency."
What is our primary use case?
What is most valuable?
The tool's most valuable feature is its searchability and ease of action on the logs. I can easily search within the logs and take action on them, and I can trace them back to my environment because the way the logs are written is very helpful for us.
Overall, if any incident or anything happens in terms of security, then Splunk SOAR is the tool we look at first.We have a nice dashboarding and alerting system when we see an alert. It gives us direct access to the specific alert, detailing what happened when it occurred and where it originated. It helps us to identify the affected site faster.
Splunk SOAR helps us to save a lot of time. We have integrated it with some SIEM tools.
What needs improvement?
The tool's response is slower because it has to search through a huge dataset, which can be improved for latency.
For how long have I used the solution?
I have been using the product for three years.
Buyer's Guide
Splunk SOAR
October 2024
Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
824,145 professionals have used our research since 2012.
What do I think about the stability of the solution?
The only issue I've noticed is the latency when accessing data for longer periods. Sometimes, fetching data from the API can take a lot of time. However, apart from that, everything else seems stable.
What do I think about the scalability of the solution?
The tool is scalable. We have scaled it to about thousands of assets.
How are customer service and support?
I haven't had much direct interaction with customer service and technical support. Our central Splunk team manages those aspects for us. I have heard that the response time is good.
What about the implementation team?
The tool's deployment is done in-house.
What other advice do I have?
I rate the overall solution an eight to nine out of ten. It's helpful from both an operations and product security perspective.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: May 21, 2024
Flag as inappropriateCybersecurity Analyst at a energy/utilities company with 10,001+ employees
An affordable and easy-to-deploy solution that has an extremely helpful technical support team
Pros and Cons
- "The product’s integration with other Splunk products is valuable."
- "Some of the training materials are on a basic level."
What is our primary use case?
We use the solution to automate some of our legacy processes. We review items like phishing and emails.
What is most valuable?
The product’s integration with other Splunk products is valuable. It's easier to collect and enrich all the data to give our incident response teams better access to the information to make their decisions.
What needs improvement?
Some of the training materials are on a basic level. They don't feel like they're really in-depth. I would like to have more advanced and in-depth training.
For how long have I used the solution?
My organization has been using the solution for two months.
What do I think about the stability of the solution?
There have been no issues whatsoever with stability. I wouldn't expect there to be any downtime.
What do I think about the scalability of the solution?
We have a large environment. We have more than 10,000 devices in our organization. It's a complex environment, depending on which areas we're working with. We have different types of regulations.
How are customer service and support?
The team we're working with right now is extremely helpful, and it's easy to coordinate with them and get them involved. They're very welcoming and open to helping us. They are going out of their way to set up meetings to answer questions and help us with the process.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
There's a lot of overlap of concepts between our current SOAR solution and Splunk SOAR. The dashboard's functionality in Splunk SOAR has great value compared to our current platform. It was not easy to make dashboards or reports at a high level in our current solution. It was a bit tedious and difficult. It’s a lot easier to facilitate with Splunk SOAR. Splunk SOAR integrates nicely with all the other Splunk products. We can enrich the data.
How was the initial setup?
We are still going through the initial deployment of the product. The deployment is easy since it is a SaaS solution. There's not much for us to configure right out of the box.
What's my experience with pricing, setup cost, and licensing?
One of the biggest factors that helped the management to decide to switch to Splunk SOAR was its cost. The solution's cost model, Mission Control, and other features make it cost-effective.
What other advice do I have?
We are fairly new to the solution. We are still adjusting Splunk SOAR. As I use the platform more, it'll become more intuitive. My core focus is on the SOAR platform. We're still beginning to get the tool fully customized for us. We are going through the basics to get all the way to fully leveraging the tool. We are still considering how to go from our current setup and expand it.
Our organization monitors multiple cloud environments with Splunk SOAR. It is important for our organization that the product has end-to-end visibility into our cloud-native environment. It allows us to have better incident response. Having visibility on where the attacks or different issues are coming from allows us to better respond to them.
The workshops are the biggest value I get from attending Splunk conferences. I'm getting a lot of real-world examples from different companies. It helps with networking and meeting other individuals who are going through the same type of process or are already leveraging Splunk SOAR. I can get feedback on how they're leveraging the platform. It gives us a lot of insight into things we should consider as we start to set up and build environments.
Overall, I rate the product a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Splunk SOAR
October 2024
Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
824,145 professionals have used our research since 2012.
SOAR PS Consultant at a tech vendor with 11-50 employees
Offers great visibility, and we can customize the playbook use cases and integrate it with other solutions
Pros and Cons
- "The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me."
- "The UI can be more customizable for the clients."
What is our primary use case?
Splunk SOAR is primarily used for automating security use cases for clients who want to reduce human intervention and personnel involvement. It facilitates end-to-end security workflows and helps to decrease the time spent on manual investigations.
Splunk SOAR can be deployed both in the cloud and on-premises. The cloud deployment comes pre-installed, so if we want to connect to any on-premises applications, we may need an additional server.
How has it helped my organization?
Building playbooks using Splunk SOAR is an easy process.
Splunk SOAR's playbook viewer is excellent. The viewer underwent an update a couple of years ago, making it much more streamlined and easier to use.
Splunk SOAR offers end-to-end visibility throughout our environment. The solution provides us with information about the actions being executed, the flow of the playbooks, where failures occur, and everything in between. It also collects logs of the actions in the backend.
Splunk SOAR simplifies the visualization and troubleshooting of our cloud-native environment. We only need to set up an additional server to connect to our cloud-based applications. Once that is done, the process becomes very straightforward.
Splunk SOAR has the ability to integrate with other system applications in our environment. Currently, SOAR is integrated with nearly 300 applications through APIs.
Splunk SOAR, as a whole, has helped numerous clients automate processes, reduce investigation time, and free up personnel to focus on other tasks. It is a highly effective tool for security automation.
Using Splunk SOAR in an investigation is extremely easy.
Splunk SOAR has significantly reduced our mean time to detect in a relatively short period.
Splunk SOAR has helped reduce our mean time to resolve.
Splunk SOAR has helped free up our IT staff's time to work on other projects.
Splunk SOAR has saved our organization a good amount of time overall.
With Splunk SOAR, we have been able to consolidate tools in our environment, such as Radius and CrowdStrike.
What is most valuable?
The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me.
What needs improvement?
The UI can be more customizable for the clients.
For how long have I used the solution?
I have been using Splunk SOAR for almost five years.
What do I think about the stability of the solution?
Splunk SOAR is highly stable. The benefits that Resilience offers to SIEM are crucial at the moment, given the vast amount of data and other factors. It aids us in efficiently handling that data, and, with these additional tools, it helps to manage the data with minimal human intervention. As a result, we can reduce the mean time to resolve, the mean time to detect, and save money as well.
What do I think about the scalability of the solution?
Splunk SOAR's scalability is great. I have never had a client complain about the solution's ability to scale.
How are customer service and support?
The technical support team prioritizes all the tickets based on their criticality. They genuinely provide end-to-end support and contact us via email before scheduling calls. If it's a cloud instance, they simply attempt to push changes over the stack, making them extremely helpful.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial deployment is straightforward. It can be completed by a single person, who handles the installation and setup.
What was our ROI?
I've heard from clients that they are receiving more value from the fit than they initially expected. They are also pleased with how much Splunk SOAR has been assisting them with various tasks. Additionally, a couple of companies have reduced the number of personnel in their security team due to the implementation of SOAR.
For completely new users, it may take some time to perceive the benefits. However, for those who are already familiar with the solution and hold certifications, they can quickly recognize the advantages.
What's my experience with pricing, setup cost, and licensing?
The licensing cost is reasonable.
What other advice do I have?
I give Splunk SOAR a ten out of ten.
I started looking into security automation at that time. Initially, it was Phantom, which was quite popular five years ago. Splunk bought it and changed it to SOAR, so it became pretty easy to use. It's a relatively new concept, which is why we wanted to see how it works.
Once Splunk SOAR is deployed, it takes a couple of weeks to train the SOC team of our clients to use the playbooks.
Splunk SOAR requires maintenance if we plan to scale up the database, increase the number of users involved, and expand our development efforts. Additionally, the amount of data processed and other factors should be considered. For a premium user who actively uses it daily and is heavily involved in development, the solution may need regular maintenance. However, apart from such cases, I believe it doesn't require significant maintenance.
For those considering using Splunk SOAR, there is ample documentation available on the Splunk website. Additionally, they can download a free trial version, which can be installed on their server for experimentation.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Assistant Director - Lead IT Security Engineer at a financial services firm with 501-1,000 employees
Helps to reduce security event volume and mean time to detection , but the UI has room for improvement
Pros and Cons
- "Scalability is the best feature of the solution."
- "The algorithm and machine learning have room for improvement and can be more user-friendly."
What is our primary use case?
We have around 95 different use cases for Splunk SOAR that help secure our environment.
How has it helped my organization?
The solution has helped us automate and customize some of our servers.
I give an eight out of ten for the ease of creating a playbook. The visibility of the solutions playbook viewer is user-friendly.
We have integrated 15 plus services with Splunk SOAR. Splunk SOAR is easy to use for investigations as long as they have experience with the solution.
Splunk has helped us reduce our security event volume. The solution has also helped us reduce our mean detection time by 80 percent and has helped our security IT staff save time to work on other projects.
Splunk SOAR has as well helped us consolidate tools in our environment.
What is most valuable?
Scalability is the best feature of the solution.
What needs improvement?
The algorithm and machine learning have room for improvement and can be more user-friendly.
The integration with the phone system, price, UI, and performance have room for improvement.
For how long have I used the solution?
I have been using the solution for one year.
What do I think about the stability of the solution?
I give the stability a seven out of ten.
What do I think about the scalability of the solution?
I give the scalability an eight out of ten.
Which solution did I use previously and why did I switch?
I previously used Swimlane which has a better GI than Splunk SOAR.
How was the initial setup?
I give the initial setup an eight out of ten. There is a lot of documentation available online to help with deployment and as long as we know how to configure it, it is straightforward. For basic deployment, we do not require much time.
What about the implementation team?
The implementation was completed in-house.
What's my experience with pricing, setup cost, and licensing?
I give the price a six out of ten. Splunk SOAR is priced higher than most other solutions.
What other advice do I have?
I give the solution a seven out of ten.
I recommend Splunk SOAR for larger organizations.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CTO at a tech services company with 11-50 employees
Customized workflows, easy to onboard, and lots of time savings
Pros and Cons
- "Workflow management is most valuable. It is easily customizable"
- "Portability is one thing that is currently lacking. The open-source product that I evaluated had portability. It would require a lot of development effort, but it will save the cost of rewriting all the playbooks."
What is our primary use case?
I am the CTO of a startup. We evaluated this product.
Our major requirement was to open APIs to our product. I felt that the open-source product that I evaluated was better in terms of open APIs to integrate into the existing product because Splunk SOAR is an enterprise product and not an open-source one. However, after evaluating the go-to-market time and how soon we can implement things, the customer preferred Splunk SOAR because it could be easily integrated. Over time, they may choose to have the capabilities inside the in-house product instead of using Splunk SOAR, but at this point, they are using Splunk SOAR.
We have our own product. We were developing our in-house engine based on user analytics and behaviors, but because of funding issues, we stopped working on that. During that time, I started looking at Splunk SOAR to compare its features, and that is how I was able to recommend it to the customer. I told them that instead of creating these capabilities in the in-house product, they could start using Splunk SOAR. In the future, we will be able to import the workflow from Splunk SOAR into the product. We would need a standardized backend to be able to import the workflows. At this point, it is not available, but in the future, just like JSON or XML, it should happen. There should be portability. I am not sure if it is in their roadmap. It is their loss in one aspect, but it is a gain in another aspect because they can claim that workflows are portable across platforms.
How has it helped my organization?
A major use case for my customer was dealing with DDoS attacks. The customer is in the BFSI industry. The major issue for them was people trying to get access to customer accounts by logging in or generating OTPs from different locations. They wanted to limit access to OTPs and logins from particular geographies because 95% of their customer base is from an Asia-Pacific country. They were able to do that and solve that issue. They were also able to reduce the cost of customer care because when a customer gets a message about an OTP for a withdrawal, they tend to call customer care. Instead of generating an OTP, they created a workflow to avoid generating an OTP when it is requested from other geographies. They developed a workflow to make a call to the customer and confirm if they have requested the OTP for money withdrawal. In our geography, rules are becoming stricter and stricter, and banks are held responsible for such cases. The customer was able to meet the requirements of the government. They were also able to save money and reduce operational costs. They could save 75% of operational costs.
I have used the solution's playbooks and the visual playbook editor to help automate tasks. I am a technical person, so it is easy for me to use the playbooks and visual playbook editor. I also write playbooks at the code level.
Spunk SOAR has saved us time in alert triage.
Spunk SOAR has saved time in threat response. They were able to stop 75% of the cases of sending OTPs to the wrong people.
Spunk SOAR's automation helped reduce tedious manual tasks. Based on the input that I got for the first two quarters, there was somewhere about a 75% reduction.
What is most valuable?
Workflow management is most valuable. It is easily customizable.
What needs improvement?
Portability is one thing that is currently lacking. The open-source product that I evaluated had portability. It would require a lot of development effort, but it will save the cost of rewriting all the playbooks.
What do I think about the stability of the solution?
Its stability is pretty good. UI is more responsive than other tools for writing playbooks and other things.
What do I think about the scalability of the solution?
When I evaluated, there were just one or two users. They have been using it only for two quarters. I will know its scalability better after a year or so.
How was the initial setup?
It is SaaS-based. Being a BFSI business, most of their core applications are on-premises, but the applications that we have evaluated stay on AWS.
It is much quicker to onboard compared to the open-source tools I have used. We were able to onboard initial applications in a day. It is very fast.
What about the implementation team?
I helped the customer to onboard it. There was also help available from the Splunk team.
Which other solutions did I evaluate?
I evaluated Splunk SOAR and a few other SOAR solutions. I evaluated an open-source solution and the IBM solution. I preferred Splunk SOAR because of its log processing and the way it allows you to customize workflows. I felt it was better than any other competitor in the market because it is a next-generation SOAR tool.
What other advice do I have?
I would rate Splunk SOAR a nine out of ten because there is no portability.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: May 30, 2024
Flag as inappropriatePrincipal Security Engineer at a tech company with 51-200 employees
Integrates well, and uses custom Python code, but the UI has room for improvement
Pros and Cons
- "The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools."
- "There is a lot of room for improvement with the UI."
What is our primary use case?
We utilize Splunk SOAR to automate our incident response process. I am the sole engineer in my current organization, responsible for working on Splunk to automate the incident response process followed by our team. This involves investigating various incident response procedures established within our security operations center.
The main problem we want to solve is the time it takes to invoice tickets and remediate incidents. Therefore, we aim to reduce that time. If our analysts manually handle and investigate each incident, it will take longer compared to using this solution, which automates most of the processes. Whenever an incident occurs, the playbook and Splunk automatically initiate the necessary actions to gather the required data, enabling the analyst to make informed decisions and address the incident promptly.
How has it helped my organization?
Creating a playbook using the Solutions Playbook Editor, is relatively easy if we possess some knowledge of Python code and the ability to write various types of flow diagrams.
The visibility of the solution's playbook viewer is excellent. There is adequate documentation that assists individuals in learning how to utilize the playbook to construct solutions.
Splunk SOAR's ability to integrate with other systems and applications in our environment is straightforward. It has numerous capabilities to integrate with various security tools, as it supports open APIs. If the solution supports the API, we only need to write the corresponding APIs in the pipeline code and utilize those API tools to construct the integration, enabling us to take action accordingly.
The most significant improvement I have observed is time-saving in the Security Operations Center incidents. We receive approximately a thousand to eleven hundred incidents per day, and if we were to manually investigate these incidents, we would require a team of ten to twelve people. However, by utilizing Splunk SOAR, we are able to handle the investigation of these thousand alerts with just six or seven people.
Splunk SOAR is not difficult to use in an investigation; it depends on the use case. I haven't encountered any issues with the implementation of the case solution, and there don't seem to be any limitations in that regard.
Splunk SOAR assists us in reducing the volume of security events. Whenever an incident occurs, the playbook initiates actions simultaneously with its generation in our security operations center. These incidents are automatically handled by the playbook, while incidents requiring manual intervention are assigned to our analysts. All other incidents are handled automatically through Splunk SOAR playbooks. Splunk SOAR has reduced the security event volume by forty-five percent.
Our mean time to detect has been drastically reduced. Before Splunk SOAR our security operation center, analysts worked on a queue. Whenever an alert was received, it was placed in a queue, and the incidents were investigated one by one. However, with the implementation of Splunk SOAR, we now have instant knowledge and analysts can start investigating more effectively. The required data is already gathered by the playbook itself, aiding analysts in making more accurate decisions in less time. This has resulted in a reduction of our mean time to detection by at least eighty percent. Previously, without Splunk SOAR, we experienced significant mean time to detect because analysts had to focus on one incident at a time, leaving other incidents waiting. Now, there is no need for incidents to wait for an analyst to take over. The playbook automatically gathers the data, allowing the analyst to have all the necessary information as soon as they start, enabling them to make prompt decisions.
Splunk SOAR has helped reduce our mean time to resolve. The resolution of incidents sometimes depends on different teams that need to investigate and send notifications for action. However, the notification of those incidents has been significantly reduced, and we can confidently say that we have achieved a fifty percent reduction in our mean time to resolve.
Fifty percent of our IT staff's time is saved through using Splunk SOAR, and we can utilize that time to work on the other project we have.
Splunk SOAR has saved our organization forty-five percent of our time.
What is most valuable?
The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools. Additionally, we can write our own Python code, which can be used and embedded in a Splunk SOAR playbook, enabling us to utilize that code directly within the solution itself.
What needs improvement?
There is a lot of room for improvement with the UI.
I would like to have more integrations with cloud technologies and functionalities such as AI within Splunk SOAR.
For how long have I used the solution?
I have been using Splunk SOAR for five years.
What do I think about the stability of the solution?
Splunk SOAR is stable.
What do I think about the scalability of the solution?
Splunk SOAR is a hundred percent scalable.
How was the initial setup?
The initial setup was straightforward and took approximately three hours. Four individuals from our network team and one individual from the Splunk personal service team were required for the deployment as we needed to configure the server.
What was our ROI?
We have observed approximately a forty-five percent return on investment with Splunk SOAR.
What's my experience with pricing, setup cost, and licensing?
Splunk SOAR is more expensive compared to other options for SOAR.
Which other solutions did I evaluate?
We assessed various open-source options prior to choosing Splunk SOAR, such as Securonix SOAR and Shuffle.
What other advice do I have?
I would rate Splunk SOAR a seven out of ten. The solution necessitates expertise in Python coding, which is challenging to find in individuals. Additionally, Splunk SOAR lacks sufficient AI integration.
Before using Splunk SOAR, it took us approximately six hours to block certain IPs on our firewalls. However, after implementing Splunk SOAR, we were able to accomplish the same task within just five minutes.
We deployed Splunk SOAR on a single server.
We have around nine people that use Splunk SOAR in our organization.
Maintenance is sometimes required based on the incident volume we receive. If we experience a higher volume, we need to maintain the RAM and other components in our server. Therefore, it is important for us to exercise caution in this regard.
I highly recommend Splunk SOAR for individuals seeking to automate the incident response process in their security operation centers.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Solution Architect at a tech vendor with 10,001+ employees
Versatile with good version control and excellent support
Pros and Cons
- "My understanding is the initial setup isn't too hard."
- "The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
What is our primary use case?
This is a DevOps product.
We use the solution to monitor the activity of users and integrate Splunk UEBA, monitoring traffic, packages, external attacks, left movement, and lateral movements. We also use it maybe inside the person's C2 servers, and for exercise and SQL injections. Basically, we use the solution for any type of attack that can happen regarding the meter attack grid.
What is most valuable?
The solution is very versatile.
It's a multi-functioning solution.
My understanding is the initial setup isn't too hard.
The version control is excellent.
Technical support is extremely helpful and responsive.
What needs improvement?
The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations.
For how long have I used the solution?
I've been using the solution for two years now as a part of the bigger Splunk Enterprise deployment.
What do I think about the stability of the solution?
The stability is great. It offers easy version control. There are no bugs and glitches. It doesn't crash or freeze. The team is doing great managing releases.
What do I think about the scalability of the solution?
The scalability is very high. It is easy to expand as needed.
I use it in a very large organization with well over one million users worldwide.
How are customer service and support?
We have a premium and dedicated team for tech support as well as a dedicated account manager. Everything is dedicated to the deployment. I can't say I'm not satisfied. Their response is usually very fast - within 30 minutes - and we have good experience with them.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
While I use other products as well, 90% of my day is on Splunk.
How was the initial setup?
While I didn't handle the implementation directly, I understand it's pretty easy.
What's my experience with pricing, setup cost, and licensing?
While the pricing is high, I don't care as long as the enterprise pays for it. For developers, it is free for 6 months and 500 GBs of ingestion per day.
From an enterprise standpoint, I'd rate the pricing ten out of ten as they are doing a great job and we are getting value for what we pay.
What other advice do I have?
I'm an end-user.
I'd advise new users to spend some time at the outset learning the commands. It will make it very easy to deal with.
I'd rate the solution ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Network Security Engineer at Cirrus Logic
We can automate and orchestrate our detections and quickly respond to them
Pros and Cons
- "In Splunk SOAR, I find the playbooks valuable. We get to create multiple playbooks, and within each playbook, there is a different type of investigation attached to it, which helps out an analyst or new analysts coming on board."
- "They can improve on what they are currently doing. They can provide more playbooks or at least template playbooks that are in their repository."
What is our primary use case?
One of our use cases is to automate any kind of process after investigation. When going into an investigation, we want to make sure that we have the right tools to use. Instead of having multiple tools, we can bring them all into one platform, such as Splunk SOAR, to provide us with that information.
How has it helped my organization?
Splunk SOAR has not benefited us yet because we are currently in the development process, but I believe that in the future, it will help us streamline our process and our RTR to respond and detect. It is going to help us in the future, but it has not brought us any benefit yet because we are currently building it up.
It is very important that Splunk SOAR has end-to-end visibility into our cloud-native environment. If there is no visibility, then there is no ability for us to detect on time and respond in time. It knocks out a lot of that time discrepancy.
Splunk SOAR has not yet helped reduce our mean time to resolve. It will be helping us in the future due to its playbooks and its compatibility with Mission Control and other Splunk integrations.
It has helped us with our business continuity and our ability to respond to different threats that might be out there.
Splunk SOAR has not saved us time in alert triage. We are still in the early stages of getting Splunk SOAR onboarded and developed, but I believe that it will significantly reduce our time to triage. Similarly, Splunk SOAR has not saved us time in threat response, but it will do so in the future.
Splunk's unified platform has helped consolidate networking, security, and IT observability tools. Splunk's unified platform has been great for every organization. Every analyst has been able to use one unified area.
What is most valuable?
In Splunk SOAR, I find the playbooks valuable. We get to create multiple playbooks, and within each playbook, there is a different type of investigation attached to it, which helps out an analyst or new analysts coming on board. When they get an incident, they do not need to find out where to start. All they have to do is to go to a particular playbook. It will give them end-to-end specifics on what to do and how to process it.
What needs improvement?
They can improve what they are currently doing. They can provide more playbooks or at least template playbooks that are in their repository. That is one area.
Another area would probably be related to onboarding different playbooks or different tool sets that new engineers have. Eventually, they will get there to ingest more tools and datasets into their SOAR.
In terms of additional features, it is hard to say. There can be more integration with other data ingestion platforms out there, not just Splunk.
For how long have I used the solution?
We have been using it for about one month.
What do I think about the stability of the solution?
We have not played with it too much yet. Once we are able to play with it more and get more details from it, we can respond to that.
What do I think about the scalability of the solution?
It can be very scalable just because of the number of different apps that the community pushes to it. Right now, it is not there yet, but I believe in the near future, it is going to be the best growing platform out there.
How are customer service and support?
Splunk's customer service is great and impeccable. I believe that they have been a very valuable resource to our organization and our team.
I would rate their support an eight out of ten just because I believe that no one really gets a ten. It is an eight just because the answers that they cannot answer for us, they are able to get from the community. The community really helps out, but they are always there to help, and they are always responsive.
How was the initial setup?
We are using Splunk Cloud, the public cloud, but we also have on-prem. We use AWS.
As the initial start of the Splunk SOAR, we are getting started with developing the playbooks and getting the configurations set up with our users and toolsets. It has been pretty easy so far. I have not had any hiccups, but we will see where that takes us as we finish our development.
What about the implementation team?
We did not use any integrator or reseller.
What was our ROI?
We have just started getting our metrics developed, ingesting into Splunk, and showing that to the executives.
What other advice do I have?
I would rate Splunk SOAR a nine out of ten just because it does hit all points for the use cases as an analyst, engineer, or developer. It allows us to automate and orchestrate all of our detections and respond to them very quickly.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jul 8, 2024
Flag as inappropriateBuyer's Guide
Download our free Splunk SOAR Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Security Orchestration Automation and Response (SOAR)Popular Comparisons
Microsoft Sentinel
AWS Security Hub
Palo Alto Networks Cortex XSOAR
Exabeam
ThreatConnect Threat Intelligence Platform (TIP)
ServiceNow Security Operations
Fortinet FortiSOAR
Tines
Logpoint
IBM Resilient
Swimlane
McAfee ePolicy Orchestrator
Google Security Operations
Cyware Cyber Fusion
Buyer's Guide
Download our free Splunk SOAR Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which Do You Recommend, Phantom or Demisto?
- What are the Top 5 cybersecurity trends in 2022?
- What is the difference between SIEM and SOAR platforms?
- What is an incident response playbook and how is it used in SOAR?
- What are the latest trends in Security Operations Center (SOC)?
- What tools and solutions do you use for automated incident response in an enterprise in 2022?
- How to evaluate SIEM detection rules?
- Why a Security Operations Center (SOC) is important?
- What types of Security Operations Center (SOC) deployment models do exist?
- When evaluating Security Orchestration, Automation, and Response (SOAR), what aspect do you think is the most important to look for?