Splunk SOAR can be deployed on-premise and in the cloud.
Splunk Consultant at Yssy
Useful playbooks, easy integration, and helpful community support
Pros and Cons
- "The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point."
- "Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers."
What is our primary use case?
What is most valuable?
The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point.
For how long have I used the solution?
I have been using Splunk SOAR for approximately two years.
What do I think about the scalability of the solution?
We have approximately six users from one client and four from another client using Splunk SOAR.
Buyer's Guide
Splunk SOAR
October 2024
Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
How are customer service and support?
The technical support from Splunk SOAR is good. However, you can always resolve the problem with the community. Splunk has a very good community, and most of the time, we find a solution much better, it is easier and quicker in the community, instead of waiting to open a ticket for Splunk. When you open a ticket, you go into a queue, then the feedback is a little bit slower.
How was the initial setup?
The initial implementation of Splunk SOAR is in the middle range of difficulty. It is not very easy because you need to understand a little bit of the solution to deploy it, but as soon as you learn it, it becomes very easy because most of the integrations are ready. It's very easy to change playbooks, or create a new playbook because you do not need to know how to code. It doesn't matter how the language of the coding it's running in the back end to learn your playbook. It is up to you to create a playbook using the UI interface. If you want, you can code your own if you enjoy coding. You can have the opportunity to change or create some playbooks with Python codes, but you don't need to do that, it is optional. Anyone can develop their own playbooks.
The deployment of Splunk SOAR on premises took approximately 15 days, and deployments in the cloud took approximately two days. You learn how to integrate the solution by doing it. It took about two days because it was my first time, but the next time, when I do it, it will take approximately half a day.
What's my experience with pricing, setup cost, and licensing?
Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers.
The price of Splunk SOAR is based on the number of people using it. Once you increase the users, the prices go goes up. The customer receives a license for the user that is going to operate it in their environment.
What other advice do I have?
I rate Splunk SOAR a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Solution Architect at a tech services company with 11-50 employees
Easy to create playbooks, easy to deploy, and good integration capabilities and searching methodologies
Pros and Cons
- "I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks."
- "I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region."
What is our primary use case?
My primary use case was for the MITRE ATT&CK parameters. I have some experience with MITRE ATT&CK for SIEM and SOAR solutions.
What is most valuable?
I like the integration capabilities of Phantom. It has a lot of integrations with other products.
Its searching methodologies are also good. It is also easy to understand and easy to create playbooks.
What needs improvement?
I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook.
It is also very expensive for my region.
For how long have I used the solution?
I have been using this solution for one year.
What do I think about the scalability of the solution?
I didn't focus on that feature, so I cannot say anything about that.
How are customer service and technical support?
I don't have any experience with their technical support. My customer was using it in their company, and I had some experience with this solution over there while managing their security solutions, but I didn't get in touch with Splunk specialists.
How was the initial setup?
Its initial setup is straightforward. It is similar to most of the solutions. I didn't have any complexity.
What's my experience with pricing, setup cost, and licensing?
I don't know the exact price, but for my region, it is very expensive.
What other advice do I have?
I would recommend this solution, but it also depends on the price. Splunk is number one for SIEM or SOAR. Another solution that I would recommend is Palo Alto XSOAR.
I would rate Splunk Phantom a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Splunk SOAR
October 2024
Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
Head of Cyber Security Operations Centre at a comms service provider with 1,001-5,000 employees
Easy to use and popular with our team but is a bit expensive
Pros and Cons
- "I'm just a beginner on the solution and it's pretty easy for me to use."
- "We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
What is most valuable?
I'm just a beginner on the solution and it's pretty easy for me to use.
Our team likes it. They've been using it for a while and they really seem to like it. They know more about it than I do at this point, as I'm still new.
It's a default for a lot of things on our system.
What needs improvement?
We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap.
The pricing of the product could be more reasonable.
For how long have I used the solution?
While I am a beginner on the Splunk platform, our team has a good amount of experience with it overall. I've personally only been working with it for two or three months or so. It hasn't been that long.
How are customer service and technical support?
I've never actually opened a ticket with Splunk technical support in the past. I can't speak to how helpful or responsive they are. I don't have any experience with them to discuss how helpful or responsive they are.
What's my experience with pricing, setup cost, and licensing?
The licenses are quite expensive at this time. They need to work on the pricing in order to make the costs much more reasonable.
What other advice do I have?
We are a customer and an end-user. We don't have a business relationship with Splunk.
I can't speak to which version of the solution we're using.
I'd rate the solution at seven out of ten overall.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Splunk SOAR Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Security Orchestration Automation and Response (SOAR)Popular Comparisons
Microsoft Sentinel
AWS Security Hub
VMware Carbon Black Endpoint
Palo Alto Networks Cortex XSOAR
Cortex XSIAM
Exabeam
ThreatConnect Threat Intelligence Platform (TIP)
ServiceNow Security Operations
Fortinet FortiSOAR
Tines
Logpoint
Fidelis Elevate
IBM Resilient
Swimlane
Buyer's Guide
Download our free Splunk SOAR Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which Do You Recommend, Phantom or Demisto?
- What are the Top 5 cybersecurity trends in 2022?
- What is the difference between SIEM and SOAR platforms?
- What is an incident response playbook and how is it used in SOAR?
- What are the latest trends in Security Operations Center (SOC)?
- What tools and solutions do you use for automated incident response in an enterprise in 2022?
- How to evaluate SIEM detection rules?
- Why a Security Operations Center (SOC) is important?
- What types of Security Operations Center (SOC) deployment models do exist?
- When evaluating Security Orchestration, Automation, and Response (SOAR), what aspect do you think is the most important to look for?