Information Security Analyst at a healthcare company with 1,001-5,000 employees
Real User
Top 10
2024-09-04T18:41:00Z
Sep 4, 2024
I use Splunk to detect threats and conduct threat analysis. The solution monitors, models, and analyzes all security events in our cloud environment's production areas and mitigates threats.
Cyber Security Network Security Engineer at Cirrus Logic
Real User
Top 20
2024-06-13T20:55:00Z
Jun 13, 2024
One of our use cases is to automate any kind of process after investigation. When going into an investigation, we want to make sure that we have the right tools to use. Instead of having multiple tools, we can bring them all into one platform, such as Splunk SOAR, to provide us with that information.
My use case for Splunk SOAR is security automation. We are running a Splunk SOAR cluster. Three nodes in three different environments in a dev-test and prod environment.
My company operates as an MSSP that takes care of the detection and response for our customers. Splunk SOAR is where our company does the alert processing, and it is also where our SOC does its work. I work on developing the playbooks and apps that we use.
We use the solution to search the logs, check the threat indicators, threat tasks, etc. It helps us check any alerts that we get in the alert report. Based on that, we react to that particular alert.
Splunk SOAR streamlines the handling of common customer scenarios that arise across diverse situations. Even when specific expertise within our team varies, Splunk SOAR empowers all users with pre-built playbooks, guiding them through the required actions in any circumstance.
SOAR PS Consultant at a tech vendor with 11-50 employees
Consultant
Top 20
2023-07-21T15:28:00Z
Jul 21, 2023
Splunk SOAR is primarily used for automating security use cases for clients who want to reduce human intervention and personnel involvement. It facilitates end-to-end security workflows and helps to decrease the time spent on manual investigations. Splunk SOAR can be deployed both in the cloud and on-premises. The cloud deployment comes pre-installed, so if we want to connect to any on-premises applications, we may need an additional server.
Staff Security Engineer at a engineering company with 10,001+ employees
Real User
Top 20
2023-07-20T00:30:00Z
Jul 20, 2023
My primary use case is for SOC automation but it's used for a lot more than that. Some of the use cases are more or less appropriate for it. It's capable of doing a lot of things. We use the SOAR platform to ingest alerts and escalations that we get. They do the actual enrichment processing and triaging but we don't use it for detection. We potentially could, but it's not what the product is meant for.
Sr. Principal Info Sec Analyst at Veritas Technologies LLC
Real User
Top 10
2023-06-09T20:06:00Z
Jun 9, 2023
I'm using it mainly for SOC automation and reporting. It's for incident and threat modeling, incident reporting, and triage. I come from a cybersecurity background and I used to work on the tickets for the security alerts we received from various sources, including Splunk and other SIEM tools. The major challenge was that we were occupied with a lot of noise and activities like validation of IP reports, DNS checks, and traffic monitoring. These were redundant activities that every analyst had to do. We wanted to stop these kinds of activities.
Director of Security Engineering and Operations at a legal firm with 1,001-5,000 employees
Real User
Top 5
2023-05-12T16:14:00Z
May 12, 2023
My company has two use cases for Splunk SOAR. We use it to enrich alarms by pulling in outside sources of information. Splunk can also automate actions while ensuring they are structured and reproducible.
The solution provides information on user accounts. The solution has playbooks that check the user with server ID. It checks the domain name and IP address of the web page.
This is a DevOps product. We use the solution to monitor the activity of users and integrate Splunk UEBA, monitoring traffic, packages, external attacks, left movement, and lateral movements. We also use it maybe inside the person's C2 servers, and for exercise and SQL injections. Basically, we use the solution for any type of attack that can happen regarding the meter attack grid.
We wanted to automate the process of creating playbooks, orchestrating events, customizing integrations, and deploying applications such as Thread Connect and Wireless Total for enrichment and threat hunting. We have tailored these applications to meet our specific needs and redeployed them.
Basically, we are using it for most of our automation, and not as per the SOAR, although it is a SOAR application. We are not using it just for security purposes. We are using it for various purposes like maintenance. We do have our own data center where we have our maintenance on the infrastructure side, and the application has to be brought down. Here it has done exceptionally well. We shut down all our different applications by writing our code in the shell languages, and we upload through GitHub. It means that we can just call that script, and it gets triggered on the particular server, and it shuts down. It's like a workflow. The workflow has been created in such a way that it helps us. Earlier, when we used to have to manage it manually, when we shut down the application, it used to take a lot of time. Now it is done within 30 minutes. In our environment, we have SAP applications, and SAP has its own commands to shut down the applications, databases, et cetera. So it is just not limited to all those shutdowns and this. We do have various other stuff as well, like upgrades. So we have written the upgrade codes, and now we can upgrade X number of SAP applications and databases as needed.
Splunk Phantom can be deployed on the cloud, on-premise, and hybrid. If you want to put it to your cellphone or public cloud to use cloud services, such as Amazon AWS or Google Cloud Platform it is possible. The main usage of Splunk Phantom is for security monitoring, insider threat protection, user and entity behavioral analytics (UEBA), Security orchestration, automation, privileged user and account protection, and security against attacks, such as phishing and advanced malware attacks.
We are doing some automation on the SIM and we are getting some SIMS and we are looking for some automation to improve the security environment. That's how we are currently using Splunk.
Senior Data Analyst at a financial services firm with 10,001+ employees
Real User
2020-08-23T08:17:28Z
Aug 23, 2020
We're not really creating the use cases. Our internal team is developing the use cases. Right now, we have automated the whole phishing process. After that we are still planning to automate a few more things like malware investigation and then from there other processes.
Our primary use case of the solution is for fine tuning. We provide professional services for our customers to enhance their ability to use the functionalities of Splunk. We're integrators of the solution.
Chief Technology Officer at Globalnet Research Corporation
Reseller
2020-02-12T17:16:43Z
Feb 12, 2020
We are a consulting firm and this is a solution that we use for ourselves, as well as implement it for our customers. Our use case is to establish a platform for threat analysis across different data sources that we have in the company. Essentially, it is an orchestration platform and we want to make sure that we can tie into different endpoints or data sources from which traffic originates. We need to then detect and analyze threats.
Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.
Go from overwhelmed to in-control
Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.
Force multiply your team
Orchestrate and automate repetitive tasks, investigation and response to...
I use Splunk to detect threats and conduct threat analysis. The solution monitors, models, and analyzes all security events in our cloud environment's production areas and mitigates threats.
I primarily use the solution for incident investigations.
One of our use cases is to automate any kind of process after investigation. When going into an investigation, we want to make sure that we have the right tools to use. Instead of having multiple tools, we can bring them all into one platform, such as Splunk SOAR, to provide us with that information.
We use Splunk SOAR to automate response for ransomware attacks.
My use case for Splunk SOAR is security automation. We are running a Splunk SOAR cluster. Three nodes in three different environments in a dev-test and prod environment.
My company operates as an MSSP that takes care of the detection and response for our customers. Splunk SOAR is where our company does the alert processing, and it is also where our SOC does its work. I work on developing the playbooks and apps that we use.
I use the solution for incident response and automation.
We use the solution to search the logs, check the threat indicators, threat tasks, etc. It helps us check any alerts that we get in the alert report. Based on that, we react to that particular alert.
Splunk SOAR streamlines the handling of common customer scenarios that arise across diverse situations. Even when specific expertise within our team varies, Splunk SOAR empowers all users with pre-built playbooks, guiding them through the required actions in any circumstance.
We primarily use the solution for security automation. It's used to investigate and remediate threats.
Splunk SOAR is primarily used for automating security use cases for clients who want to reduce human intervention and personnel involvement. It facilitates end-to-end security workflows and helps to decrease the time spent on manual investigations. Splunk SOAR can be deployed both in the cloud and on-premises. The cloud deployment comes pre-installed, so if we want to connect to any on-premises applications, we may need an additional server.
We use Splunk SOAR mainly for security.
My primary use case is for SOC automation but it's used for a lot more than that. Some of the use cases are more or less appropriate for it. It's capable of doing a lot of things. We use the SOAR platform to ingest alerts and escalations that we get. They do the actual enrichment processing and triaging but we don't use it for detection. We potentially could, but it's not what the product is meant for.
We use the solution to automate some of our legacy processes. We review items like phishing and emails.
I'm using it mainly for SOC automation and reporting. It's for incident and threat modeling, incident reporting, and triage. I come from a cybersecurity background and I used to work on the tickets for the security alerts we received from various sources, including Splunk and other SIEM tools. The major challenge was that we were occupied with a lot of noise and activities like validation of IP reports, DNS checks, and traffic monitoring. These were redundant activities that every analyst had to do. We wanted to stop these kinds of activities.
My company has two use cases for Splunk SOAR. We use it to enrich alarms by pulling in outside sources of information. Splunk can also automate actions while ensuring they are structured and reproducible.
The solution provides information on user accounts. The solution has playbooks that check the user with server ID. It checks the domain name and IP address of the web page.
This is a DevOps product. We use the solution to monitor the activity of users and integrate Splunk UEBA, monitoring traffic, packages, external attacks, left movement, and lateral movements. We also use it maybe inside the person's C2 servers, and for exercise and SQL injections. Basically, we use the solution for any type of attack that can happen regarding the meter attack grid.
We wanted to automate the process of creating playbooks, orchestrating events, customizing integrations, and deploying applications such as Thread Connect and Wireless Total for enrichment and threat hunting. We have tailored these applications to meet our specific needs and redeployed them.
Basically, we are using it for most of our automation, and not as per the SOAR, although it is a SOAR application. We are not using it just for security purposes. We are using it for various purposes like maintenance. We do have our own data center where we have our maintenance on the infrastructure side, and the application has to be brought down. Here it has done exceptionally well. We shut down all our different applications by writing our code in the shell languages, and we upload through GitHub. It means that we can just call that script, and it gets triggered on the particular server, and it shuts down. It's like a workflow. The workflow has been created in such a way that it helps us. Earlier, when we used to have to manage it manually, when we shut down the application, it used to take a lot of time. Now it is done within 30 minutes. In our environment, we have SAP applications, and SAP has its own commands to shut down the applications, databases, et cetera. So it is just not limited to all those shutdowns and this. We do have various other stuff as well, like upgrades. So we have written the upgrade codes, and now we can upgrade X number of SAP applications and databases as needed.
We primarily use the solution for supporting or automating the email spam items and some ISMS monitoring items, et cetera.
Splunk Phantom can be deployed on the cloud, on-premise, and hybrid. If you want to put it to your cellphone or public cloud to use cloud services, such as Amazon AWS or Google Cloud Platform it is possible. The main usage of Splunk Phantom is for security monitoring, insider threat protection, user and entity behavioral analytics (UEBA), Security orchestration, automation, privileged user and account protection, and security against attacks, such as phishing and advanced malware attacks.
Security Operations and Incident response processes automation and alerts enrichment.
My primary use case was for the MITRE ATT&CK parameters. I have some experience with MITRE ATT&CK for SIEM and SOAR solutions.
We are doing some automation on the SIM and we are getting some SIMS and we are looking for some automation to improve the security environment. That's how we are currently using Splunk.
We're not really creating the use cases. Our internal team is developing the use cases. Right now, we have automated the whole phishing process. After that we are still planning to automate a few more things like malware investigation and then from there other processes.
Our primary use case of the solution is for fine tuning. We provide professional services for our customers to enhance their ability to use the functionalities of Splunk. We're integrators of the solution.
We are a consulting firm and this is a solution that we use for ourselves, as well as implement it for our customers. Our use case is to establish a platform for threat analysis across different data sources that we have in the company. Essentially, it is an orchestration platform and we want to make sure that we can tie into different endpoints or data sources from which traffic originates. We need to then detect and analyze threats.