Splunk SOAR Reviews

Splunk SOAR can be deployed on-premise and in the cloud.

The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point.

I have been using Splunk SOAR for approximately two years.

We have approximately six users from one client and four from another client using Splunk SOAR.

The technical support from Splunk SOAR is good. However, you can always resolve the problem with the community. Splunk has a very good community, and most of the time, we find a solution much better, it is easier and quicker in the community, instead of waiting to open a ticket for Splunk. When you open a ticket, you go into a queue, then the feedback is a little bit slower.

The initial implementation of Splunk SOAR is in the middle range of difficulty. It is not very easy because you need to understand a little bit of the solution to deploy it, but as soon as you learn it, it becomes very easy because most of the integrations are ready. It's very easy to change playbooks, or create a new playbook because you do not need to know how to code. It doesn't matter how the language of the coding it's running in the back end to learn your playbook. It is up to you to create a playbook using the UI interface. If you want, you can code your own if you enjoy coding. You can have the opportunity to change or create some playbooks with Python codes, but you don't need to do that, it is optional. Anyone can develop their own playbooks.

The deployment of Splunk SOAR on premises took approximately 15 days, and deployments in the cloud took approximately two days. You learn how to integrate the solution by doing it. It took about two days because it was my first time, but the next time, when I do it, it will take approximately half a day.

Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers.

The price of Splunk SOAR is based on the number of people using it. Once you increase the users, the prices go goes up. The customer receives a license for the user that is going to operate it in their environment.

I rate Splunk SOAR a ten out of ten.

We're not really creating the use cases. Our internal team is developing the use cases. Right now, we have automated the whole phishing process. After that we are still planning to automate a few more things like malware investigation and then from there other processes.

We're in the POC phase. We need more time to get used to the solution and to understand it better to discover the most useful features.

So far, the interface is very easy to use.

The GUI is great.

The features in the Phantom playbook are all very good.

You can build different playbook and you can play with the playbook. One playbook can give you insights into URL applications, one playbook you can give the reputation about the file access. You can build different playbooks and after integrating all the playbooks you can come up with some organizational directions and decisions. It will give you very good insights into various incidents.

The solution is great for automating redundant work.

It's difficult sometime to manage the amount of reported suspicious emails. Using an intervention like this solution helps make that task easier.

We haven't had too much experience on the solution.

The solution is relatively new in the market.

It would be ideal if we could automate processes even more.

The interface is great, however, they could still keep refining it to make it even more user friendly.

We have used the solution over the past year.

At a previous organization, I did work with another tool in Beta. It was able to provide UVA capacity. I'm not sure if they used a different tool at this current organization.

The Phantom has better GUI, however, I'm not able to clearly see the risk fabric.

I wasn't part of the deployment team. I have no idea if the initial implementation is straightforward or complex.

Technically, we are still in the deployment phase. We haven't finished yet. We are yet to go live. IN the next few weeks we'll go live, however, only on the phishing features.

I'm not aware of the company looking into other options before choosing this solution. All of this was handled by the procurement team, and I am not a party to their decision-making process.

I'm not sure which version of the solution we're currently using.

If a company wants to automate redundant work, this solution is perfect for that. Very specific processes can be easily automated to save time. That way, analysts can invest their time elsewhere. Phantom is one of the great tools for reducing redundancies. 

I'd rate the solution eight out of ten.

I'm just a beginner on the solution and it's pretty easy for me to use. 

Our team likes it. They've been using it for a while and they really seem to like it. They know more about it than I do at this point, as I'm still new.

It's a default for a lot of things on our system.

We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap. 

The pricing of the product could be more reasonable.

While I am a beginner on the Splunk platform, our team has a good amount of experience with it overall. I've personally only been working with it for two or three months or so. It hasn't been that long.

I've never actually opened a ticket with Splunk technical support in the past. I can't speak to how helpful or responsive they are. I don't have any experience with them to discuss how helpful or responsive they are.

The licenses are quite expensive at this time. They need to work on the pricing in order to make the costs much more reasonable.

We are a customer and an end-user. We don't have a business relationship with Splunk.

I can't speak to which version of the solution we're using.

I'd rate the solution at seven out of ten overall. 

My primary use case was for the MITRE ATT&CK parameters. I have some experience with MITRE ATT&CK for SIEM and SOAR solutions.

I like the integration capabilities of Phantom. It has a lot of integrations with other products.

Its searching methodologies are also good. It is also easy to understand and easy to create playbooks.

I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook.

It is also very expensive for my region.

I have been using this solution for one year.

I didn't focus on that feature, so I cannot say anything about that.

I don't have any experience with their technical support. My customer was using it in their company, and I had some experience with this solution over there while managing their security solutions, but I didn't get in touch with Splunk specialists.

Its initial setup is straightforward. It is similar to most of the solutions. I didn't have any complexity.

I don't know the exact price, but for my region, it is very expensive.

I would recommend this solution, but it also depends on the price. Splunk is number one for SIEM or SOAR. Another solution that I would recommend is Palo Alto XSOAR. 

I would rate Splunk Phantom a nine out of ten.

My use case for the solution is basically focused on deploying and configuring data related to Splunk, upgrading the Splunk SOAR instances, implementing role-based access controls for different users, and performing system performance tasks, along with resolving logs and connectivity-related issues. 

Additionally, I handle integrations with SIEM tools such as Splunk and EDR, firewalls, and threat platforms.

Implementing Splunk SOAR has significantly benefited our business. It has made a huge impact across security operations and the business overall. The biggest improvement is in speed, consistency, and scalability of responses. With automation of over 60% of repetitive tasks, it has significantly improved efficiency in threat triage and ticketing.

Splunk SOAR has saved us dozens of hours every month by automating tasks, which has reduced the manual workloads significantly for level one and level two analysts.

Splunk SOAR has reduced our Mean Time to Detect by approximately 30% to 40%. The Mean Time To Resolve is approximately reduced by 30% to 40%.

Splunk SOAR absolutely improves our ability to investigate and gain end-to-end visibility and effectively remediate threats across our environments.

Visualizing and troubleshooting our cloud-native environment with Splunk SOAR is fast. It enables informed investigations with centralized timelines and helps with immediate responses by gathering data from all SIEM, EDR, and threat feeds.

Splunk SOAR has saved us time in alert triage. It saves about 20 to 25 minutes per alert by gathering data and checking regulations.

Splunk SOAR has saved us time in threat response, reducing it by approximately 30% to 50%.

Splunk SOAR has helped consolidate multiple tools used in the business, such as security tools and threat intelligence tools, into a singular workflow.

The best feature in Splunk SOAR is the visual Playbook Editor. The drag-and-drop interfaces make visualizations and understanding workflows easy. Moreover, Splunk SOAR supports over 300 integrations with SIEM tools, EDR, firewalls, and threat and cloud platforms. We can also build apps using Python.

Creating playbooks using the Playbook Editor in Splunk SOAR is easy. The editor is designed to be user-friendly with visual drag and drop features, allowing for easy workflows without writing any code. Simple playbooks, such as IP reputation checks and ticket creation, can be built in just a few minutes, while complex playbooks involving loops and API calls are manageable as well.

The visibility of the Playbook Viewer is one of the key strengths for Splunk SOAR. It provides a centralized view of an incident from alert to response within a single container and allows you to have action-level transparency by logging each action in real-time. You can click through each step to check input and output status and logs, along with a timeline view for incidents, which aids in the entire investigation.

Splunk SOAR's ability to integrate with systems and applications in our environment is extensive. It supports a wide range of apps and tools, such as firewalls, ticketing systems including Jira, and cloud platforms like AWS and Azure. It also had easy API-based custom integrations.

There are areas in Splunk SOAR that have room for improvement. To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced lifecycle management. Real-time collaboration features, more granular metrics, and improved reporting for dashboards would also be beneficial.

I have been using Splunk SOAR for about 5 to 6 years. I am involved in the Splunk Administration and Splunk Analyst roles.

Considering performance and other factors, I would rate its stability an eight out of ten.

It can be extended and adapted as necessary. I would rate its scalability as an eight out of ten.

In my team, there are 10 to 15 active users working on Splunk SOAR. We are a large organization.

I would rate Splunk's technical support as a nine.

Positive

Before using Splunk SOAR, my team utilized various tools, including networking tools and SIEM tools, to assist our SecOps team in performing investigations.

As compared to other SOAR solutions, Splunk SOAR is the most flexible platform available in the market, especially in terms of integration capabilities and compatible playbooks. It has strong alignment with Splunk Enterprise Security compared to tools like IBM SOAR, which may lack flexibility.

It wasn't very easy. It includes a lot of techniques and methods. It takes a couple of days to deploy.

It didn't take much time to train my SOC team on how to use playbooks after implementing Splunk SOAR. As a SOC team, we routinely deal with incident responses and track day-to-day activities using various tools, including Splunk. Splunk effectively gathers information regarding unauthorized user access, which helps us track and analyze them swiftly.

Splunk SOAR is moderately priced, neither cheap nor overly expensive.

I would absolutely recommend Splunk SOAR to other users, but it also depends on their specific use cases for threat incidents and professional needs.

Overall, I would rate Splunk SOAR an eight out of ten.