Information Security Analyst at a healthcare company with 1,001-5,000 employees
Real User
Top 10
2024-09-04T18:41:00Z
Sep 4, 2024
I rate Splunk SOAR eight out of 10. I recommend Splunk if the company can afford it. It's suitable for a large organization that requires security monitoring. It's the best tool for threat hunting and analysis.
Cyber Security Network Security Engineer at Cirrus Logic
Real User
Top 20
2024-06-13T20:55:00Z
Jun 13, 2024
I would rate Splunk SOAR a nine out of ten just because it does hit all points for the use cases as an analyst, engineer, or developer. It allows us to automate and orchestrate all of our detections and respond to them very quickly.
Cyber Defense Center Capability Lead at a financial services firm with 1,001-5,000 employees
Real User
Top 20
2024-06-12T20:45:00Z
Jun 12, 2024
I would rate Splunk SOAR nine out of ten. Our initial Splunk installation was a successful proof of concept but needed to be made more reliable. Splunk professional services offered assistance, but due to limitations in finding a suitable SOAR solution, we opted for a cold standby implementation. This allows us to switch to the standby instance if the primary SOAR becomes unavailable.
I would rate Splunk SOAR nine out of ten. It's a fantastic product it needs a few more features to make it amazing. The clustering does need to be simplified a bit. Version controlling for apps and making app development just a little bit easier for developers would take it to the next level. There's no other SOAR product that does what Splunk SOAR does as well. All other SOAR are frankly inferior, but it just needs that little bit of extra functionality to make it a truly great product.
When it comes to Splunk SOAR's ability to provide end-to-end visibility into our company's cloud-native environment, I would say that we are not using the cloud portions of it. I don't know if that's super relevant to what we are doing in our organization. I am 100 percent sure that Splunk SOAR helped reduce your mean time to resolve, but I don't have any metrics on hand but I know it has dramatically decreased. The tool has helped with the business resilience part. I think having it as a platform has been a solid portion of the product that we offer to people. Spunk SOAR has definitely saved my time in alert triage. When some of the tedious enrichment and lookup stuff happens, the analyst doesn't have to deal with such areas, and they can just jump in and see relevant data all in one pane of glass, which has been super helpful for speeding things up. The unified platform helps consolidate networking, security, and IT observability tools. The consolidation of tools impacts our organization as it just helps focus the SOC analyst on a single unified place to find information. It helps keep things streamlined and regular so they know where to look for certain stuff they want. It really helps people with training. It is a really easy tool to onboard people into because everything is right there in the product itself. The product is really great. I would love to see more SOAR innovation going into the tool, especially the on-premises version since it is what we use in our company. I feel the tool needs to encourage continuous improvements, but as a product itself, my company is really happy with the solution. I rate the tool an eight out of ten.
It's a valuable solution. It enables SIEM capabilities. We're able to orchestrate when events are happening, and this minimizes event tickets. We are able to handle security challenges while gaining good visibility. I'd rate the solution nine out of ten.
SOAR PS Consultant at a tech vendor with 11-50 employees
Consultant
Top 20
2023-07-21T15:28:00Z
Jul 21, 2023
I give Splunk SOAR a ten out of ten. I started looking into security automation at that time. Initially, it was Phantom, which was quite popular five years ago. Splunk bought it and changed it to SOAR, so it became pretty easy to use. It's a relatively new concept, which is why we wanted to see how it works. Once Splunk SOAR is deployed, it takes a couple of weeks to train the SOC team of our clients to use the playbooks. Splunk SOAR requires maintenance if we plan to scale up the database, increase the number of users involved, and expand our development efforts. Additionally, the amount of data processed and other factors should be considered. For a premium user who actively uses it daily and is heavily involved in development, the solution may need regular maintenance. However, apart from such cases, I believe it doesn't require significant maintenance. For those considering using Splunk SOAR, there is ample documentation available on the Splunk website. Additionally, they can download a free trial version, which can be installed on their server for experimentation.
Cyber Security Architect at a financial services firm with 201-500 employees
Real User
Top 20
2023-07-20T01:11:00Z
Jul 20, 2023
Our organization monitors multiple cloud environments. Monitoring multiple cloud environments using Splunk SOAR is fairly easy when the integrations work. Some apps within Splunk SOAR require you to configure them and ensure they maintain their connection and that they're updated. We've had several issues with third-party ones and those developed by Splunk. It is important for your organization that Splunk SOAR has end-to-end visibility into your cloud-native environment. We're security-focused, and we want to be able to look at the logs that are in our native applications. For the use cases we've implemented, Splunk SOAR has helped reduce our mean time to resolve. However, there's been a lot of time to develop that. Overall, I haven't seen that I've saved time yet, but I expect we will in the future. Splunk SOAR can save the analyst up to 30 minutes for a single malware analysis playbook. Overall, I rate Splunk SOAR a six out of ten.
Staff Security Engineer at a engineering company with 10,001+ employees
Real User
Top 20
2023-07-20T00:30:00Z
Jul 20, 2023
I'd probably rate the functionality an eight or a nine out of ten. I would give the UI a four out of ten. I would rate general Splunk SOAR a seven out of ten.
Cybersecurity Analyst at a energy/utilities company with 10,001+ employees
Real User
Top 20
2023-07-19T01:32:00Z
Jul 19, 2023
We are fairly new to the solution. We are still adjusting Splunk SOAR. As I use the platform more, it'll become more intuitive. My core focus is on the SOAR platform. We're still beginning to get the tool fully customized for us. We are going through the basics to get all the way to fully leveraging the tool. We are still considering how to go from our current setup and expand it. Our organization monitors multiple cloud environments with Splunk SOAR. It is important for our organization that the product has end-to-end visibility into our cloud-native environment. It allows us to have better incident response. Having visibility on where the attacks or different issues are coming from allows us to better respond to them. The workshops are the biggest value I get from attending Splunk conferences. I'm getting a lot of real-world examples from different companies. It helps with networking and meeting other individuals who are going through the same type of process or are already leveraging Splunk SOAR. I can get feedback on how they're leveraging the platform. It gives us a lot of insight into things we should consider as we start to set up and build environments. Overall, I rate the product a ten out of ten.
Sr. Principal Info Sec Analyst at Veritas Technologies LLC
Real User
Top 10
2023-06-09T20:06:00Z
Jun 9, 2023
My advice would be to negotiate the cost. And if your organization is on the smaller side, with between 200 to 500 employees, you should not purchase it because it will blow up your finances. A bigger environment, with 2,000-plus employees, can go with the Splunk SOAR solution. And if you are going with this solution, you should confirm what support they are going to provide, such as whether they are going to provide training credits or not. Sometimes they don't provide Splunk credits for training. Any newbie who is going to work on this will find it terrible to work in this environment. He will not be able to work without guidance. Other SOAR solutions, like Demisto (Cortex SOAR) are very user-friendly.
Director of Security Engineering and Operations at a legal firm with 1,001-5,000 employees
Real User
Top 5
2023-05-12T16:14:00Z
May 12, 2023
I rate Splunk SOAR a nine out of ten. If you're thinking about implementing the solution, you should consider which events will save you the most time. Think about the procedures you're following today and where you can benefit the most from automation. The second piece is thinking about the other solutions involved and the capabilities they offer. Do you have the API access to automate what you want? Your success depends on those vendors and sorting that stuff out. You must also approach your SOAR playbooks and workflows in a modular way. Don't try to handle everything upfront. It's best to automate piece by piece. You don't need to tackle an entire ecosystem right off the bat. Take what you can and constantly improve it as you grow more comfortable. Splunk SOAR's strength comes from its interactions with other systems. Ensure that you're fully leveraging that.
I would rate the overall solution a nine out of ten. The tool automates many of your threat-related activity and gives you alerts based on our criteria. This solution is definitely useful. The product gives us the power to handle anything.
I'm an end-user. I'd advise new users to spend some time at the outset learning the commands. It will make it very easy to deal with. I'd rate the solution ten out of ten.
I give the solution a six out of ten because of the scope of building playbooks and automation. Unfortunately, this is accompanied by a downside due to a lack of support, bad applications, inadequate documentation, and a general lack of support. We have thousands of people using the solution. I would suggest alternatives to Splunk Phantom due to the cost and poor support. However, if cost and support are satisfactory I would recommend the solution.
We are both partners and customers of Splunk. If you are a company looking into Phantom and if you are a customer of Splunk, then you should definitely use it. And if your product is most probably looking for security or for some alerting purposes, it will help you to automate your many, many use cases. You can build many, many things with Splunk and on the Phantom side and you can automate your end-to-end process. Also, companies should know that a minimal language knowledge of Python is required. I'd rate the solution eight out of ten overall. Even for people who are not too technical, it's a good product.
Account-Manager at Consist ITU Environmental Software GmbH
Real User
2022-08-12T12:06:36Z
Aug 12, 2022
We install the solution for our customers and use the solution as well. We're an implementor. I'd advise new users to start at a small scale, since you have to learn about it. You can't implement it with a big bang. You must really go through it and do your homework. You have to have your backup plans, you have to have a real transparent view of your IT landscape. If you have this and your logs are quite good and the playbooks are implemented properly, then you can really scale up. You just have to do it step by step, as it's a bit of a learning curve that you have to go through. I'd rate the solution eight out of ten.
VP - Security Automation Lead at a financial services firm with 10,001+ employees
Real User
2022-04-11T12:26:57Z
Apr 11, 2022
My advice to others is they will need some Python developers for Splunk Phantom because it's not possible to only throw some blocks of Python code and it will work. You will need some experienced Python developers if you want to work with this platform. I rate Splunk Phantom a nine out of ten.
Cyber Security Solution Architect at a tech services company with 11-50 employees
Real User
2021-04-26T15:04:26Z
Apr 26, 2021
I would recommend this solution, but it also depends on the price. Splunk is number one for SIEM or SOAR. Another solution that I would recommend is Palo Alto XSOAR. I would rate Splunk Phantom a nine out of ten.
We have a business relationship with Splunk. We're partners. We're using the solution on our VM and also on our database cloud. I'd recommend the solution to other organizations. Compared to other products, Phantom seems to be easy to use and the ability to customize is high. Compared to the older version, the newer version is very customizable. We can very easily create custom functions. The UI looks good and is also improved. I would rate the solution eight out of ten.
Senior Data Analyst at a financial services firm with 10,001+ employees
Real User
2020-08-23T08:17:28Z
Aug 23, 2020
I'm not sure which version of the solution we're currently using. If a company wants to automate redundant work, this solution is perfect for that. Very specific processes can be easily automated to save time. That way, analysts can invest their time elsewhere. Phantom is one of the great tools for reducing redundancies. I'd rate the solution eight out of ten.
It's important to know your customer's requirements so you can choose the correct solution. The budget also needs to be taken into account. Most customer's budgets suit a Splunk solution whereas RSA is much more expensive. I would rate Splunk Phantom a seven out of 10.
Chief Technology Officer at Globalnet Research Corporation
Reseller
2020-02-12T17:16:43Z
Feb 12, 2020
My advice to anybody who is considering this solution is to first really understand the requirements that you have, well enough. You need to identify and understand the data sources that you need, prior to purchase, to ensure that there is a need and also that there are no issues with incompatibility or connectivity. You also need to have the right resources to assess, implement, or oversee the implementation. You're going into an environment that requires a little bit of understanding of artificial intelligence because the SOAR platform requires setting up some rules. You also need to have a technical support group in-house to be able to help, otherwise, you would be dependent on Splunk for assistance. Overall, this product is fairly good but it's not quite mature yet. It needs some enhancement and some stabilization in some areas. I would rate this solution an eight out of ten.
Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.
Go from overwhelmed to in-control
Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.
Force multiply your team
Orchestrate and automate repetitive tasks, investigation and response to...
I rate Splunk SOAR eight out of 10. I recommend Splunk if the company can afford it. It's suitable for a large organization that requires security monitoring. It's the best tool for threat hunting and analysis.
I'd rate the solution nine out of ten.
I would rate Splunk SOAR a nine out of ten just because it does hit all points for the use cases as an analyst, engineer, or developer. It allows us to automate and orchestrate all of our detections and respond to them very quickly.
I would rate Splunk SOAR nine out of ten. Our initial Splunk installation was a successful proof of concept but needed to be made more reliable. Splunk professional services offered assistance, but due to limitations in finding a suitable SOAR solution, we opted for a cold standby implementation. This allows us to switch to the standby instance if the primary SOAR becomes unavailable.
I would rate Splunk SOAR nine out of ten. It's a fantastic product it needs a few more features to make it amazing. The clustering does need to be simplified a bit. Version controlling for apps and making app development just a little bit easier for developers would take it to the next level. There's no other SOAR product that does what Splunk SOAR does as well. All other SOAR are frankly inferior, but it just needs that little bit of extra functionality to make it a truly great product.
When it comes to Splunk SOAR's ability to provide end-to-end visibility into our company's cloud-native environment, I would say that we are not using the cloud portions of it. I don't know if that's super relevant to what we are doing in our organization. I am 100 percent sure that Splunk SOAR helped reduce your mean time to resolve, but I don't have any metrics on hand but I know it has dramatically decreased. The tool has helped with the business resilience part. I think having it as a platform has been a solid portion of the product that we offer to people. Spunk SOAR has definitely saved my time in alert triage. When some of the tedious enrichment and lookup stuff happens, the analyst doesn't have to deal with such areas, and they can just jump in and see relevant data all in one pane of glass, which has been super helpful for speeding things up. The unified platform helps consolidate networking, security, and IT observability tools. The consolidation of tools impacts our organization as it just helps focus the SOC analyst on a single unified place to find information. It helps keep things streamlined and regular so they know where to look for certain stuff they want. It really helps people with training. It is a really easy tool to onboard people into because everything is right there in the product itself. The product is really great. I would love to see more SOAR innovation going into the tool, especially the on-premises version since it is what we use in our company. I feel the tool needs to encourage continuous improvements, but as a product itself, my company is really happy with the solution. I rate the tool an eight out of ten.
Overall, I rate the product an eight out of ten.
I rate the overall solution an eight to nine out of ten. It's helpful from both an operations and product security perspective.
I would rate Splunk SOAR an eight out of ten.
It's a valuable solution. It enables SIEM capabilities. We're able to orchestrate when events are happening, and this minimizes event tickets. We are able to handle security challenges while gaining good visibility. I'd rate the solution nine out of ten.
I give Splunk SOAR a ten out of ten. I started looking into security automation at that time. Initially, it was Phantom, which was quite popular five years ago. Splunk bought it and changed it to SOAR, so it became pretty easy to use. It's a relatively new concept, which is why we wanted to see how it works. Once Splunk SOAR is deployed, it takes a couple of weeks to train the SOC team of our clients to use the playbooks. Splunk SOAR requires maintenance if we plan to scale up the database, increase the number of users involved, and expand our development efforts. Additionally, the amount of data processed and other factors should be considered. For a premium user who actively uses it daily and is heavily involved in development, the solution may need regular maintenance. However, apart from such cases, I believe it doesn't require significant maintenance. For those considering using Splunk SOAR, there is ample documentation available on the Splunk website. Additionally, they can download a free trial version, which can be installed on their server for experimentation.
Our organization monitors multiple cloud environments. Monitoring multiple cloud environments using Splunk SOAR is fairly easy when the integrations work. Some apps within Splunk SOAR require you to configure them and ensure they maintain their connection and that they're updated. We've had several issues with third-party ones and those developed by Splunk. It is important for your organization that Splunk SOAR has end-to-end visibility into your cloud-native environment. We're security-focused, and we want to be able to look at the logs that are in our native applications. For the use cases we've implemented, Splunk SOAR has helped reduce our mean time to resolve. However, there's been a lot of time to develop that. Overall, I haven't seen that I've saved time yet, but I expect we will in the future. Splunk SOAR can save the analyst up to 30 minutes for a single malware analysis playbook. Overall, I rate Splunk SOAR a six out of ten.
I'd probably rate the functionality an eight or a nine out of ten. I would give the UI a four out of ten. I would rate general Splunk SOAR a seven out of ten.
We are fairly new to the solution. We are still adjusting Splunk SOAR. As I use the platform more, it'll become more intuitive. My core focus is on the SOAR platform. We're still beginning to get the tool fully customized for us. We are going through the basics to get all the way to fully leveraging the tool. We are still considering how to go from our current setup and expand it. Our organization monitors multiple cloud environments with Splunk SOAR. It is important for our organization that the product has end-to-end visibility into our cloud-native environment. It allows us to have better incident response. Having visibility on where the attacks or different issues are coming from allows us to better respond to them. The workshops are the biggest value I get from attending Splunk conferences. I'm getting a lot of real-world examples from different companies. It helps with networking and meeting other individuals who are going through the same type of process or are already leveraging Splunk SOAR. I can get feedback on how they're leveraging the platform. It gives us a lot of insight into things we should consider as we start to set up and build environments. Overall, I rate the product a ten out of ten.
My advice would be to negotiate the cost. And if your organization is on the smaller side, with between 200 to 500 employees, you should not purchase it because it will blow up your finances. A bigger environment, with 2,000-plus employees, can go with the Splunk SOAR solution. And if you are going with this solution, you should confirm what support they are going to provide, such as whether they are going to provide training credits or not. Sometimes they don't provide Splunk credits for training. Any newbie who is going to work on this will find it terrible to work in this environment. He will not be able to work without guidance. Other SOAR solutions, like Demisto (Cortex SOAR) are very user-friendly.
I rate Splunk SOAR a nine out of ten. If you're thinking about implementing the solution, you should consider which events will save you the most time. Think about the procedures you're following today and where you can benefit the most from automation. The second piece is thinking about the other solutions involved and the capabilities they offer. Do you have the API access to automate what you want? Your success depends on those vendors and sorting that stuff out. You must also approach your SOAR playbooks and workflows in a modular way. Don't try to handle everything upfront. It's best to automate piece by piece. You don't need to tackle an entire ecosystem right off the bat. Take what you can and constantly improve it as you grow more comfortable. Splunk SOAR's strength comes from its interactions with other systems. Ensure that you're fully leveraging that.
I would rate the overall solution a nine out of ten. The tool automates many of your threat-related activity and gives you alerts based on our criteria. This solution is definitely useful. The product gives us the power to handle anything.
I'm an end-user. I'd advise new users to spend some time at the outset learning the commands. It will make it very easy to deal with. I'd rate the solution ten out of ten.
I give the solution a six out of ten because of the scope of building playbooks and automation. Unfortunately, this is accompanied by a downside due to a lack of support, bad applications, inadequate documentation, and a general lack of support. We have thousands of people using the solution. I would suggest alternatives to Splunk Phantom due to the cost and poor support. However, if cost and support are satisfactory I would recommend the solution.
We are both partners and customers of Splunk. If you are a company looking into Phantom and if you are a customer of Splunk, then you should definitely use it. And if your product is most probably looking for security or for some alerting purposes, it will help you to automate your many, many use cases. You can build many, many things with Splunk and on the Phantom side and you can automate your end-to-end process. Also, companies should know that a minimal language knowledge of Python is required. I'd rate the solution eight out of ten overall. Even for people who are not too technical, it's a good product.
We install the solution for our customers and use the solution as well. We're an implementor. I'd advise new users to start at a small scale, since you have to learn about it. You can't implement it with a big bang. You must really go through it and do your homework. You have to have your backup plans, you have to have a real transparent view of your IT landscape. If you have this and your logs are quite good and the playbooks are implemented properly, then you can really scale up. You just have to do it step by step, as it's a bit of a learning curve that you have to go through. I'd rate the solution eight out of ten.
I rate Splunk Phantom an eight out of ten.
My advice to others is they will need some Python developers for Splunk Phantom because it's not possible to only throw some blocks of Python code and it will work. You will need some experienced Python developers if you want to work with this platform. I rate Splunk Phantom a nine out of ten.
I would recommend this solution, but it also depends on the price. Splunk is number one for SIEM or SOAR. Another solution that I would recommend is Palo Alto XSOAR. I would rate Splunk Phantom a nine out of ten.
We have a business relationship with Splunk. We're partners. We're using the solution on our VM and also on our database cloud. I'd recommend the solution to other organizations. Compared to other products, Phantom seems to be easy to use and the ability to customize is high. Compared to the older version, the newer version is very customizable. We can very easily create custom functions. The UI looks good and is also improved. I would rate the solution eight out of ten.
I'm not sure which version of the solution we're currently using. If a company wants to automate redundant work, this solution is perfect for that. Very specific processes can be easily automated to save time. That way, analysts can invest their time elsewhere. Phantom is one of the great tools for reducing redundancies. I'd rate the solution eight out of ten.
It's important to know your customer's requirements so you can choose the correct solution. The budget also needs to be taken into account. Most customer's budgets suit a Splunk solution whereas RSA is much more expensive. I would rate Splunk Phantom a seven out of 10.
My advice to anybody who is considering this solution is to first really understand the requirements that you have, well enough. You need to identify and understand the data sources that you need, prior to purchase, to ensure that there is a need and also that there are no issues with incompatibility or connectivity. You also need to have the right resources to assess, implement, or oversee the implementation. You're going into an environment that requires a little bit of understanding of artificial intelligence because the SOAR platform requires setting up some rules. You also need to have a technical support group in-house to be able to help, otherwise, you would be dependent on Splunk for assistance. Overall, this product is fairly good but it's not quite mature yet. It needs some enhancement and some stabilization in some areas. I would rate this solution an eight out of ten.