Splunk SOAR Reviews

Splunk SOAR can be deployed on-premise and in the cloud.

The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point.

I have been using Splunk SOAR for approximately two years.

We have approximately six users from one client and four from another client using Splunk SOAR.

The technical support from Splunk SOAR is good. However, you can always resolve the problem with the community. Splunk has a very good community, and most of the time, we find a solution much better, it is easier and quicker in the community, instead of waiting to open a ticket for Splunk. When you open a ticket, you go into a queue, then the feedback is a little bit slower.

The initial implementation of Splunk SOAR is in the middle range of difficulty. It is not very easy because you need to understand a little bit of the solution to deploy it, but as soon as you learn it, it becomes very easy because most of the integrations are ready. It's very easy to change playbooks, or create a new playbook because you do not need to know how to code. It doesn't matter how the language of the coding it's running in the back end to learn your playbook. It is up to you to create a playbook using the UI interface. If you want, you can code your own if you enjoy coding. You can have the opportunity to change or create some playbooks with Python codes, but you don't need to do that, it is optional. Anyone can develop their own playbooks.

The deployment of Splunk SOAR on premises took approximately 15 days, and deployments in the cloud took approximately two days. You learn how to integrate the solution by doing it. It took about two days because it was my first time, but the next time, when I do it, it will take approximately half a day.

Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers.

The price of Splunk SOAR is based on the number of people using it. Once you increase the users, the prices go goes up. The customer receives a license for the user that is going to operate it in their environment.

I rate Splunk SOAR a ten out of ten.

My primary use case was for the MITRE ATT&CK parameters. I have some experience with MITRE ATT&CK for SIEM and SOAR solutions.

I like the integration capabilities of Phantom. It has a lot of integrations with other products.

Its searching methodologies are also good. It is also easy to understand and easy to create playbooks.

I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook.

It is also very expensive for my region.

I have been using this solution for one year.

I didn't focus on that feature, so I cannot say anything about that.

I don't have any experience with their technical support. My customer was using it in their company, and I had some experience with this solution over there while managing their security solutions, but I didn't get in touch with Splunk specialists.

Its initial setup is straightforward. It is similar to most of the solutions. I didn't have any complexity.

I don't know the exact price, but for my region, it is very expensive.

I would recommend this solution, but it also depends on the price. Splunk is number one for SIEM or SOAR. Another solution that I would recommend is Palo Alto XSOAR. 

I would rate Splunk Phantom a nine out of ten.

I'm just a beginner on the solution and it's pretty easy for me to use. 

Our team likes it. They've been using it for a while and they really seem to like it. They know more about it than I do at this point, as I'm still new.

It's a default for a lot of things on our system.

We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap. 

The pricing of the product could be more reasonable.

While I am a beginner on the Splunk platform, our team has a good amount of experience with it overall. I've personally only been working with it for two or three months or so. It hasn't been that long.

I've never actually opened a ticket with Splunk technical support in the past. I can't speak to how helpful or responsive they are. I don't have any experience with them to discuss how helpful or responsive they are.

The licenses are quite expensive at this time. They need to work on the pricing in order to make the costs much more reasonable.

We are a customer and an end-user. We don't have a business relationship with Splunk.

I can't speak to which version of the solution we're using.

I'd rate the solution at seven out of ten overall.