Try our new research platform with insights from 80,000+ expert users
Splunk Consultant at Yssy
Real User
Useful playbooks, easy integration, and helpful community support
Pros and Cons
  • "The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point."
  • "Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers."

What is our primary use case?

Splunk SOAR can be deployed on-premise and in the cloud.

What is most valuable?

The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point.

For how long have I used the solution?

I have been using Splunk SOAR for approximately two years.

What do I think about the scalability of the solution?

We have approximately six users from one client and four from another client using Splunk SOAR.

Buyer's Guide
Splunk SOAR
March 2025
Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
848,989 professionals have used our research since 2012.

How are customer service and support?

The technical support from Splunk SOAR is good. However, you can always resolve the problem with the community. Splunk has a very good community, and most of the time, we find a solution much better, it is easier and quicker in the community, instead of waiting to open a ticket for Splunk. When you open a ticket, you go into a queue, then the feedback is a little bit slower.

How was the initial setup?

The initial implementation of Splunk SOAR is in the middle range of difficulty. It is not very easy because you need to understand a little bit of the solution to deploy it, but as soon as you learn it, it becomes very easy because most of the integrations are ready. It's very easy to change playbooks, or create a new playbook because you do not need to know how to code. It doesn't matter how the language of the coding it's running in the back end to learn your playbook. It is up to you to create a playbook using the UI interface. If you want, you can code your own if you enjoy coding. You can have the opportunity to change or create some playbooks with Python codes, but you don't need to do that, it is optional. Anyone can develop their own playbooks.

The deployment of Splunk SOAR on premises took approximately 15 days, and deployments in the cloud took approximately two days. You learn how to integrate the solution by doing it. It took about two days because it was my first time, but the next time, when I do it, it will take approximately half a day.

What's my experience with pricing, setup cost, and licensing?

Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers.

The price of Splunk SOAR is based on the number of people using it. Once you increase the users, the prices go goes up. The customer receives a license for the user that is going to operate it in their environment.

What other advice do I have?

I rate Splunk SOAR a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user1404753 - PeerSpot reviewer
Senior Data Analyst at a financial services firm with 10,001+ employees
Real User
Great automation capabilities, easy to use, and offers good GUI
Pros and Cons
  • "So far, the interface is very easy to use."
  • "It would be ideal if we could automate processes even more."

What is our primary use case?

We're not really creating the use cases. Our internal team is developing the use cases. Right now, we have automated the whole phishing process. After that we are still planning to automate a few more things like malware investigation and then from there other processes.

What is most valuable?

We're in the POC phase. We need more time to get used to the solution and to understand it better to discover the most useful features.

So far, the interface is very easy to use.

The GUI is great.

The features in the Phantom playbook are all very good.

You can build different playbook and you can play with the playbook. One playbook can give you insights into URL applications, one playbook you can give the reputation about the file access. You can build different playbooks and after integrating all the playbooks you can come up with some organizational directions and decisions. It will give you very good insights into various incidents.

The solution is great for automating redundant work.

It's difficult sometime to manage the amount of reported suspicious emails. Using an intervention like this solution helps make that task easier.

What needs improvement?

We haven't had too much experience on the solution.

The solution is relatively new in the market.

It would be ideal if we could automate processes even more.

The interface is great, however, they could still keep refining it to make it even more user friendly.

For how long have I used the solution?

We have used the solution over the past year.

Which solution did I use previously and why did I switch?

At a previous organization, I did work with another tool in Beta. It was able to provide UVA capacity. I'm not sure if they used a different tool at this current organization.

The Phantom has better GUI, however, I'm not able to clearly see the risk fabric.

How was the initial setup?

I wasn't part of the deployment team. I have no idea if the initial implementation is straightforward or complex.

Technically, we are still in the deployment phase. We haven't finished yet. We are yet to go live. IN the next few weeks we'll go live, however, only on the phishing features.

Which other solutions did I evaluate?

I'm not aware of the company looking into other options before choosing this solution. All of this was handled by the procurement team, and I am not a party to their decision-making process.

What other advice do I have?

I'm not sure which version of the solution we're currently using.

If a company wants to automate redundant work, this solution is perfect for that. Very specific processes can be easily automated to save time. That way, analysts can invest their time elsewhere. Phantom is one of the great tools for reducing redundancies. 

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Splunk SOAR
March 2025
Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
848,989 professionals have used our research since 2012.
reviewer1540500 - PeerSpot reviewer
Head of Cyber Security Operations Centre at a comms service provider with 1,001-5,000 employees
Real User
Easy to use and popular with our team but is a bit expensive
Pros and Cons
  • "I'm just a beginner on the solution and it's pretty easy for me to use."
  • "We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."

What is most valuable?

I'm just a beginner on the solution and it's pretty easy for me to use. 

Our team likes it. They've been using it for a while and they really seem to like it. They know more about it than I do at this point, as I'm still new.

It's a default for a lot of things on our system.

What needs improvement?

We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap. 

The pricing of the product could be more reasonable.

For how long have I used the solution?

While I am a beginner on the Splunk platform, our team has a good amount of experience with it overall. I've personally only been working with it for two or three months or so. It hasn't been that long.

How are customer service and technical support?

I've never actually opened a ticket with Splunk technical support in the past. I can't speak to how helpful or responsive they are. I don't have any experience with them to discuss how helpful or responsive they are.

What's my experience with pricing, setup cost, and licensing?

The licenses are quite expensive at this time. They need to work on the pricing in order to make the costs much more reasonable.

What other advice do I have?

We are a customer and an end-user. We don't have a business relationship with Splunk.

I can't speak to which version of the solution we're using.

I'd rate the solution at seven out of ten overall. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1561083 - PeerSpot reviewer
Cyber Security Solution Architect at a tech services company with 11-50 employees
Real User
Easy to create playbooks, easy to deploy, and good integration capabilities and searching methodologies
Pros and Cons
  • "I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks."
  • "I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region."

What is our primary use case?

My primary use case was for the MITRE ATT&CK parameters. I have some experience with MITRE ATT&CK for SIEM and SOAR solutions.

What is most valuable?

I like the integration capabilities of Phantom. It has a lot of integrations with other products.

Its searching methodologies are also good. It is also easy to understand and easy to create playbooks.

What needs improvement?

I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook.

It is also very expensive for my region.

For how long have I used the solution?

I have been using this solution for one year.

What do I think about the scalability of the solution?

I didn't focus on that feature, so I cannot say anything about that.

How are customer service and technical support?

I don't have any experience with their technical support. My customer was using it in their company, and I had some experience with this solution over there while managing their security solutions, but I didn't get in touch with Splunk specialists.

How was the initial setup?

Its initial setup is straightforward. It is similar to most of the solutions. I didn't have any complexity.

What's my experience with pricing, setup cost, and licensing?

I don't know the exact price, but for my region, it is very expensive.

What other advice do I have?

I would recommend this solution, but it also depends on the price. Splunk is number one for SIEM or SOAR. Another solution that I would recommend is Palo Alto XSOAR. 

I would rate Splunk Phantom a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Splunk/SOAR Engineer
Real User
Provides a visual platform for creating playbooks and significantly improves efficiency
Pros and Cons
  • "The best feature in Splunk SOAR is the visual Playbook Editor. The drag-and-drop interfaces make visualizations and understanding workflows easy."
  • "Splunk SOAR has made a huge impact across security operations and the business overall."
  • "To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced lifecycle management."
  • "There are areas in Splunk SOAR that have room for improvement. To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced lifecycle management."

What is our primary use case?

My use case for the solution is basically focused on deploying and configuring data related to Splunk, upgrading the Splunk SOAR instances, implementing role-based access controls for different users, and performing system performance tasks, along with resolving logs and connectivity-related issues. 

Additionally, I handle integrations with SIEM tools such as Splunk and EDR, firewalls, and threat platforms.

How has it helped my organization?

Implementing Splunk SOAR has significantly benefited our business. It has made a huge impact across security operations and the business overall. The biggest improvement is in speed, consistency, and scalability of responses. With automation of over 60% of repetitive tasks, it has significantly improved efficiency in threat triage and ticketing.

Splunk SOAR has saved us dozens of hours every month by automating tasks, which has reduced the manual workloads significantly for level one and level two analysts.

Splunk SOAR has reduced our Mean Time to Detect by approximately 30% to 40%. The Mean Time To Resolve is approximately reduced by 30% to 40%.

Splunk SOAR absolutely improves our ability to investigate and gain end-to-end visibility and effectively remediate threats across our environments.

Visualizing and troubleshooting our cloud-native environment with Splunk SOAR is fast. It enables informed investigations with centralized timelines and helps with immediate responses by gathering data from all SIEM, EDR, and threat feeds.

Splunk SOAR has saved us time in alert triage. It saves about 20 to 25 minutes per alert by gathering data and checking regulations.

Splunk SOAR has saved us time in threat response, reducing it by approximately 30% to 50%.

Splunk SOAR has helped consolidate multiple tools used in the business, such as security tools and threat intelligence tools, into a singular workflow.

What is most valuable?

The best feature in Splunk SOAR is the visual Playbook Editor. The drag-and-drop interfaces make visualizations and understanding workflows easy. Moreover, Splunk SOAR supports over 300 integrations with SIEM tools, EDR, firewalls, and threat and cloud platforms. We can also build apps using Python.

Creating playbooks using the Playbook Editor in Splunk SOAR is easy. The editor is designed to be user-friendly with visual drag and drop features, allowing for easy workflows without writing any code. Simple playbooks, such as IP reputation checks and ticket creation, can be built in just a few minutes, while complex playbooks involving loops and API calls are manageable as well.

The visibility of the Playbook Viewer is one of the key strengths for Splunk SOAR. It provides a centralized view of an incident from alert to response within a single container and allows you to have action-level transparency by logging each action in real-time. You can click through each step to check input and output status and logs, along with a timeline view for incidents, which aids in the entire investigation.

Splunk SOAR's ability to integrate with systems and applications in our environment is extensive. It supports a wide range of apps and tools, such as firewalls, ticketing systems including Jira, and cloud platforms like AWS and Azure. It also had easy API-based custom integrations.

What needs improvement?

There are areas in Splunk SOAR that have room for improvement. To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced lifecycle management. Real-time collaboration features, more granular metrics, and improved reporting for dashboards would also be beneficial.

For how long have I used the solution?

I have been using Splunk SOAR for about 5 to 6 years. I am involved in the Splunk Administration and Splunk Analyst roles.

What do I think about the stability of the solution?

Considering performance and other factors, I would rate its stability an eight out of ten.

What do I think about the scalability of the solution?

It can be extended and adapted as necessary. I would rate its scalability as an eight out of ten.

In my team, there are 10 to 15 active users working on Splunk SOAR. We are a large organization.

How are customer service and support?

I would rate Splunk's technical support as a nine.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Before using Splunk SOAR, my team utilized various tools, including networking tools and SIEM tools, to assist our SecOps team in performing investigations.

As compared to other SOAR solutions, Splunk SOAR is the most flexible platform available in the market, especially in terms of integration capabilities and compatible playbooks. It has strong alignment with Splunk Enterprise Security compared to tools like IBM SOAR, which may lack flexibility.

How was the initial setup?

It wasn't very easy. It includes a lot of techniques and methods. It takes a couple of days to deploy.

It didn't take much time to train my SOC team on how to use playbooks after implementing Splunk SOAR. As a SOC team, we routinely deal with incident responses and track day-to-day activities using various tools, including Splunk. Splunk effectively gathers information regarding unauthorized user access, which helps us track and analyze them swiftly.

What's my experience with pricing, setup cost, and licensing?

Splunk SOAR is moderately priced, neither cheap nor overly expensive.

What other advice do I have?

I would absolutely recommend Splunk SOAR to other users, but it also depends on their specific use cases for threat incidents and professional needs.

Overall, I would rate Splunk SOAR an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Splunk SOAR Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Splunk SOAR Report and get advice and tips from experienced pros sharing their opinions.