Splunk SOAR Reviews

We're not really creating the use cases. Our internal team is developing the use cases. Right now, we have automated the whole phishing process. After that we are still planning to automate a few more things like malware investigation and then from there other processes.

We're in the POC phase. We need more time to get used to the solution and to understand it better to discover the most useful features.

So far, the interface is very easy to use.

The GUI is great.

The features in the Phantom playbook are all very good.

You can build different playbook and you can play with the playbook. One playbook can give you insights into URL applications, one playbook you can give the reputation about the file access. You can build different playbooks and after integrating all the playbooks you can come up with some organizational directions and decisions. It will give you very good insights into various incidents.

The solution is great for automating redundant work.

It's difficult sometime to manage the amount of reported suspicious emails. Using an intervention like this solution helps make that task easier.

We haven't had too much experience on the solution.

The solution is relatively new in the market.

It would be ideal if we could automate processes even more.

The interface is great, however, they could still keep refining it to make it even more user friendly.

We have used the solution over the past year.

At a previous organization, I did work with another tool in Beta. It was able to provide UVA capacity. I'm not sure if they used a different tool at this current organization.

The Phantom has better GUI, however, I'm not able to clearly see the risk fabric.

I wasn't part of the deployment team. I have no idea if the initial implementation is straightforward or complex.

Technically, we are still in the deployment phase. We haven't finished yet. We are yet to go live. IN the next few weeks we'll go live, however, only on the phishing features.

I'm not aware of the company looking into other options before choosing this solution. All of this was handled by the procurement team, and I am not a party to their decision-making process.

I'm not sure which version of the solution we're currently using.

If a company wants to automate redundant work, this solution is perfect for that. Very specific processes can be easily automated to save time. That way, analysts can invest their time elsewhere. Phantom is one of the great tools for reducing redundancies. 

I'd rate the solution eight out of ten.

I'm just a beginner on the solution and it's pretty easy for me to use. 

Our team likes it. They've been using it for a while and they really seem to like it. They know more about it than I do at this point, as I'm still new.

It's a default for a lot of things on our system.

We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap. 

The pricing of the product could be more reasonable.

While I am a beginner on the Splunk platform, our team has a good amount of experience with it overall. I've personally only been working with it for two or three months or so. It hasn't been that long.

I've never actually opened a ticket with Splunk technical support in the past. I can't speak to how helpful or responsive they are. I don't have any experience with them to discuss how helpful or responsive they are.

The licenses are quite expensive at this time. They need to work on the pricing in order to make the costs much more reasonable.

We are a customer and an end-user. We don't have a business relationship with Splunk.

I can't speak to which version of the solution we're using.

I'd rate the solution at seven out of ten overall. 

My primary use case was for the MITRE ATT&CK parameters. I have some experience with MITRE ATT&CK for SIEM and SOAR solutions.

I like the integration capabilities of Phantom. It has a lot of integrations with other products.

Its searching methodologies are also good. It is also easy to understand and easy to create playbooks.

I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook.

It is also very expensive for my region.

I have been using this solution for one year.

I didn't focus on that feature, so I cannot say anything about that.

I don't have any experience with their technical support. My customer was using it in their company, and I had some experience with this solution over there while managing their security solutions, but I didn't get in touch with Splunk specialists.

Its initial setup is straightforward. It is similar to most of the solutions. I didn't have any complexity.

I don't know the exact price, but for my region, it is very expensive.

I would recommend this solution, but it also depends on the price. Splunk is number one for SIEM or SOAR. Another solution that I would recommend is Palo Alto XSOAR. 

I would rate Splunk Phantom a nine out of ten.