Skip to main content
TrustRadius
Splunk SOAR

Splunk SOAR
Formerly Phantom

Overview

What is Splunk SOAR?

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.

Read more
Recent Reviews

TrustRadius Insights

Splunk SOAR has proven to be a valuable tool for organizations seeking to automate and manage their security operations. Users have …
Continue reading

General feedback

8 out of 10
July 20, 2023
Incentivized
We use Splunk SOAR to manage our security alerts for internal detections as well as external reports. Thanks to the automation our …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Splunk SOAR?

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.splunk.com/en_us/products/p…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

66 people also want pricing

Alternatives Pricing

What is KnowBe4 PhishER?

PhishER is presented as a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage the high volume of potentially malicious email messages reported by users. And, with automatic prioritization of emails, PhishER helps InfoSec and Security…

Return to navigation

Product Details

What is Splunk SOAR?

Splunk SOAR provides security orchestration, automation and response capabilities that allow security analysts to work smarter by automating repetitive tasks; respond to security incidents faster with automated detection, investigation, and response; increase productivity, efficiency and accuracy; and strengthen defenses by connecting and coordinating complex workflows across their team and tools. Splunk SOAR also supports a broad range of security operations center (SOC) functions including event and case management, integrated threat intelligence, collaboration tools and reporting.

Splunk SOAR Competitors

Splunk SOAR Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.

Palo Alto Networks Cortex XSOAR and Google Chronicle are common alternatives for Splunk SOAR.

Reviewers rate Performance highest, with a score of 8.9.

The most common users of Splunk SOAR are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(85)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Splunk SOAR has proven to be a valuable tool for organizations seeking to automate and manage their security operations. Users have reported improvements in overall security posture and efficiency, particularly in the areas of threat detection, incident response, and vulnerability management. The software offers automation capabilities that help achieve almost zero downtime, along with user-friendly dashboards that provide valuable insights for analysts and managers.

One of the key use cases of Splunk SOAR is its ability to create playbooks based on widely recognized frameworks such as MITRE and NIST. This feature allows users to streamline their security operations by automating repetitive tasks and responding to security incidents effectively. The software also supports case management and offers integrated threat intelligence, enabling users to make informed decisions.

Consultants who have implemented Splunk SOAR have found it particularly helpful when receiving alerts from SIEM systems and undergoing training. It has proven to be a reliable tool for active threat detection, alert monitoring, and managing threats efficiently with its algorithm-based signature handling.

The customization feature of Splunk SOAR is highly valued by users as it enables them to include custom codes in their playbooks. This flexibility allows organizations to tailor the software to their specific needs and enhance its functionality.

Managed IT service providers have been deploying and managing Splunk SOAR for mid-sized businesses with great success. By automating tasks, detecting threats, and fostering innovation, the software helps these providers deliver efficient and effective security services.

In cybersecurity research sectors, Splunk SOAR is frequently employed for threat monitoring, logging, security analysis, and addressing fixes. Its comprehensive capabilities support improved incident response capabilities, build robust log analytics, and strengthen defense through security orchestration and integration.

Overall, Splunk SOAR provides organizations with the tools they need to respond quickly to security issues, automate workflows, enhance collaboration among team members, and improve incident resolution processes. With its powerful automation features and user-friendly interface, the software streamlines threat investigation, enriches actions based on alerts, and facilitates the monitoring and management of security alerts and notifications for various applications.

Effective Automation and Optimization: Many users have found that the automation and optimization features of the security system have been effective in reducing the probability of security incidents.

Seamless Integration with Other Security Tools: Reviewers appreciate the seamless integration of the security system with other security tools and systems, which allows them to address their specific needs and requirements. This integration enhances overall efficiency and effectiveness in managing security operations.

Centralized Platform for Managing Security Operations: The centralized platform for managing and coordinating security operations is considered a valuable feature by many users. It provides a unified interface to monitor, manage, and respond to security issues, streamlining workflows and enhancing productivity.

Confusing and complex user interface: Several users have found the user interface of the product to be confusing and complex, requiring extensive training to understand its functionality. Some users have described it as overwhelming and in need of improvement, especially for beginners.

High cost: The cost of purchasing and implementing the product is considered high by some customers, making it difficult for them to afford. Additionally, some users have mentioned that the advanced features of the software do not necessarily provide enough value for the price.

Lack of integration with other tools: Many users have encountered challenges when trying to integrate the product with other tools outside the Splunk environment. They have expressed limitations in integration with other products and a need for better documentation on the API.

Attribute Ratings

Reviews

(1-25 of 40)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Splunk SOAR has helped us to monitor and manage the security alerts and notifications for our various applications. After setting up Splunk SOAR, investigation and resolution of incidents have become much easier and less time-consuming. We also monitor our cloud environments for vulnerability checks and prevention with the help of this awesome tool.
  • Incident reporting and management.
  • Orchestration
  • Security Monitoring.
  • Documentation can be improved.
  • Room for improvement in UI. (Can be confusing for beginners).
Well Suited: Integration of Splunk with other internal tools has been really helpful, especially when we integrated Splunk with our internal support and incident management portal. Less suited: Some processes can be completed using small scripts; it is recommended not to use this as this can be confusing and time-consuming for small tasks.
Gaurav S | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We're using it for Automation to address different clients to help them reduce their working time on certain things, which helps them increase their efficiency and thereby help them meet the SLA. Splunk SOAR helps us with a lot of customization to include custom codes in the playbook, which is a deal breaker.
  • Playbook Design.
  • Robust and Speed.
  • Flexibility
  • Integration with On-Prem.
  • Access to more APIs in the apps section.
  • Improving API actions.
If anyone is from a consulting background catering to multiple clients they can monitor all the clients by developing certain custom playbook which helps them to keep track of all these clients, thereby helping the team to monitor without putting in a lot of effort But Splunk SOAR has to develop cross-platform capabilities.
September 11, 2023

Splunk SOAR Review

Score 9 out of 10
Vetted Review
Verified User
Incentivized
We are uing SOAR playbooks to automate the alerting mechanism for the Operations
  • Prioritize alerts
  • Improve operational efficiency and productivity
  • Automate response and remediation actions
  • It's specifically geared for SOC and not broader automation
  • The artifact filtering that's forced on everything inside the platform is pretty awful
  • the documentation and support could be improved
The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work.
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Writing automation for our Product and Security Incident Response team to make certain processes easier.
  • Easy to use
  • Nice visual
  • Missing documentation
  • view is hard to see in one
When writing an automation to make certain processes it's nice to use SOAR, but if there is much customization that needs to be done, it's not very good to use.
Score 6 out of 10
Vetted Review
Verified User
Incentivized
As part of a security orchestration team, we build automations to help not only in our incident response capabilities, but we also utilize it for data movement and reporting purposes. This helps streamline our business objectives to keep a consistent and actively tracked means to assets, vulnerability management, our cloud environment monitoring, SIEM solutions, and much more.
  • REST API calls to other products for orchestration
  • Incident Response (if utilized correctly)
  • Monitoring and Logging efforts
  • Incident Response capabilities and features
  • Apps and streamlining the build process
  • real time syntax linting
  • Available Documentation and online Learnings
Well Suited: Splunk SOAR helps provide a accurate understanding of events that trigger different workflows. Although a bit confusing to navigate the UI in some situations, it can provide metrics based on the type of events it looks for when triggering automations. Less Appropriate: Recently, our teams have been working on orchestration efforts that utilize a lot of API calls that the apps in Splunk SOAR don't necessarily support right out of the box. some custom functions are needed to do whats necessary. The main objective for Splunk SOAR is to drag and drop and with little configuration build playbooks and workflows to get solutions up and running. However, it seems in these scenarios where we are manipulating data and working a lot with API's and other data streams, its better off to just build a python script, run it in a cronjob or something similar, and let python do the rest. Splunk SOAR in this case can become quite difficult to setup to do whats needed and a simple python script could fix it.
July 20, 2023

General feedback

Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use Splunk SOAR to manage our security alerts for internal detections as well as external reports. Thanks to the automation our analysts don’t have to spend as much time doing the basics of investigation and can spend more time resolving incidents. We also utilize Splunk SOAR to reduce alert fatigue grouping similar alerts and provide analyst tools to suppress some alerts.
  • Automate detail collection for incidents
  • Provide the tools to quickly resolve incidents
  • User prompts aren’t fully featured
  • The ui can be a bit overwhelming to use at first
Splunk SOAR is well suited to any incident resolution that involves interacting with multiple third party platform apis. It’s not the best at any process that involves a lot of user input along the way.
Ramu S R | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We were largely depending on Splunk SOAR for active threat detection and alert monitoring .It has a good algorithm based signature handling which efficiently manages threats. Also our cyber security researchers constantly use this software for advanced research based on their specialisations. Advanced penetration testing also helped us to enhance the security of our hosted applications
  • effective threat monitoring
  • Score based threat level detection for handling attacks that require priority.
  • highly effective reporting templates for vulnerability testing
  • Advanced features are not cost effective.
  • Live monitoring and threats require more clarity
  • Require professional and sound knowledge on networking to operate.
Splunk SOAR is best fitted for research purposes detailed packet-based data is required, it is also best suited for students who are perusing higher education in cyber security. It is less suited for normal users or apps that demand less security.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use SOAR to orchestrate our security workflows from end-to-end so all our usually daily time consuming tasks are automated. That way, we gain time and efficiency. Alerts let us stay on top of all security issues, and keep us reactive when we need to respond to threats in no time.
  • workflows orchestration
  • security threat detections
  • security threat alerts
  • SPL Intelligence
  • Support
We use it to automate our SecOps main tasks such as:
- monitoring (website monitoring, application monitoring, API monitoring, database monitoring, network monitoring, etc.)
- troubleshooting site issues
- analyzing phishing emails
- reducing manual tasks
- streamlining incident response process,
etc.
It's basically a no brainer tool to use to ease our life and free us time.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
There are only few really good SOAR available in market which excel at automation and Splunk SOAR is one of them. We used Splunk SOAR to automate blue team operations (SOC team). We have used playbooks for lots of repetitive task such as forwarding alerts to other 3rd party tools, open/close cases in case management tool, analyzing phishing emails etc.
  • Excellent UI
  • Easy to make playbooks
  • Very good collaboration tools
  • Lots of integrations
  • Price
  • Splunk SOAR has lots of integration, still needs more
  • Should be easy to scale
I my experience I have found Splunk SOAR very well suited when you're looking to reduce response time of a SOC analyst. i.e. Splunk SOAR does very well job when looking to forward alerts or events / incidents to various communication channel, analyse events to determine if its false positive or not etc. Also I personally think dashboard can be little better.
Bernadette Johnsen | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
This software is very fast to protect our system, we require the services of Splunk SOAR to implement improvements in our internal system, since our network has always been a constant victim of the threats that abound on the web, in the installation process we had problems, but we loved having technical support, the implementation was completed in a short time, it is a complete system to automate alerts in advance, it has very good scans to neutralize threats and protect our information. We reduce manual analysis, and we are more effective because Spunk SOAR has an automated system to eliminate any threat that even tries to appear in our company.
  • Automated analyzes that eliminate manual work.
  • Order of priority in the analysis, determining greater efficiency in the detection of threats.
  • Great time savings and easy code writing, without being experts we achieve good cases of alerts.
  • We found no major flaws with Splunk SOAR, but it is slightly disadvantaged by the acquisition price, as it is high and some companies may think twice before buying it.
To all the community that is still hesitating to buy Splunk SOAR, I must say that this is the most scalable system on the market to prevent threats from penetrating the enterprise system. I rate them with 10 points because it is a very dynamic software, it generates productivity and a lot of confidence among employees, it is not slow, the alerts detected prevent future inconveniences, and you do not have to know much about writing code, because it is structured in Python, which generates a quick configuration.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Splunk SOAR has helped us to improve our overall security posture, efficiency and effectiveness by automating and managing our security operations through streamlining most of our manual processes such as threat detection, incident response and vulnerability management. Therefore, our team has been able to respond more quickly to potential threats and reduce the impact of security incidents on the organization.
  • Automation and optimization of security systems which help to reduce the probability of security incidents.
  • It seamlessly integrates with other security tools and systems to help us address our specific needs and requirements.
  • Centralized platform for managing and coordinating our security operations.
  • Due to its complex nature, it is quite difficult to learn and master.
  • The cost of purchasing and implementing it is quite high.
Our company has very complex and dynamic security operations because of the large number of security tools and systems that we need to manage and coordinate. Moreover, it helps us to meet many regulatory and compliance requirements because it helps us to automate and document our security operations. We also use it to streamline our security operations and improve our response to potential threats.
Gregory Jones | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We chose Splunk SOAR because it provides great security and fast response capabilities allowing us work smarter through automating repetitive. Such tasks are response to security incidents faster with automatic detection, response, thorough investigation and efficient and accuracy. Splunk SOAR also supports a wide range of security operation functions for us such as case management and integrated threat intelligence.
  • Advanced capabilities for inspection of data for safety issues.
  • Capability to performing automatic response actions.
  • The guided product tour manual does not enclose all usability aspects.
  • Splunk SOAR is not instant in conception, I had to heed on several sessions to understand how it works.
Splunk SOAR is able to mitigate its impact quickly when hit by a system failure. It might be difficult to understand at first, but when you comprehend its features and begin to use it, it is impressive platform for security incident response. It favors more those that have had previous experience with the software than newbies.
Giuseppe Cusello | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
ResellerIncentivized
I'm a consultant in Splunk and SOAR implementing for our customers and I'm not a final user. The scope of my Use cases is intervened after an alert from SIEM. I tried to use Phantom, but it was difficult so I did the training about Phantom and now it's more clear.
  • Ingestion and analysis of data for security issues
  • possibility to perform automaticincident response actions
  • itpermits to SOC analysts to investigate and intervene on systems
  • The interface isn't immediate in comprehension, I had to follow a training to understand how it works
  • it's expensive: not all the customers can buy it!
  • It needs PostgreSQL as DB, I'd like to have all inside Splunk also data.
As I said, it's complicated to initially understand, but when a user understands its features and starts to use it, it's a fantastic platform for security incident response. I configured it for a customer that migrated its SOC from RSA to Splunk Enterprise Security. Now we're trying to propose it to another of our customer's SOC.
Muhammed Ali CETİN | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
The product has a lot of capabilities and lives up to expectations when it works. We have experienced many issues around deployment, installation, scaling, and certain integrations that proved more difficult or had fewer features than expected. Business problems and outcomes: * Automation anywhere and everywhere for the security department * almost zero downtime * Great dashboarding for both analyst and C-Suite or managers * easy to create playbooks regarding MITRE, NIST, etc.
  • Automation
  • War room.
  • Dashboarding
  • Playbook management.
  • TI procedures.
  • more playbooks for small SOC teams.
  • You'd probably need to create more custom playbooks and automation, so these most used actions should be created by Splunk.
Well Suited Scenarios Where Splunk SOAR, * Automation for Cyber Security team * decrease your MTTR value significantly * Ease to create Playbooks for specific use cases * very user-friendly * War room and chat room regarding on incident is so great! * Almost every action that you need is sitting in Splunk SOAR less appropriate, * there is no all 3rd party integration, I mean, some are missing, and you need to create your own way by using python, and it takes time.
Maria Coulter | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Being a managed IT service Provider company, our engagement with Splunk SOAR has more often than not been in deploying and managing the software for our clients with mid-sized businesses. Splunk SOAR automates most tasks in security and has a proven ability to detect threats and bugs on a system at very early stages. Splunk SOAR, besides helping our clients improve their business agility, also fosters innovation.
  • From a full-stack developer's perspective, Splunk SOAR's ability to utilize playbooks while also pulling data from OSINT tools is gold.
  • Supports on-premises, on-cloud and hybrid implementations with equal measure.
  • It has always been a great challenge integrating Splunk SOAR with other tools outside the Splunk environment.
While I still hold my stand on the efficiency and robustness of Splunk SOAR, I also acknowledge that there have been instances where it has been unsuitable. Like in administration operations. Splunk SOAR favors more those that have had previous experiences with the company. Moreover, most of our clients would prefer cheaper in-house solutions to perform similar operations, and getting them to comprehend Splunk SOAR's additional functionalities fully requires top-tier convincing.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We have engaged Splunk SOAR in our departments to handle the repetitive tasks and deal with the grunt work that IT analysts face on a daily basis. Splunk SOAR has streamlined our threat investigation processes as it offers a better and faster way to detect threats through consolidation of closely related containers into a single case. We also use it to automate security workflows through configuration of playbooks for faster response to threats.
  • Automation of repetitive tasks and workflows which has really helped with faster response to threats.
  • playbooks customization.
  • Integration with other third party solutions
  • Consolidation of security events into a cases for easier investigations.
  • Some solutions are lacking in the documentation so we had to contact the support for information.
Splunk SOAR has been important in minimizing the time we spend on dealing wit the daily repetitive work. We automate workflows for maintaining integrity within our IT systems. It has helped detect threats as well as identifying the root causes and removing them from the base. Splunk SOAR has brought a lot of innovation to our business over the past few years and has really boosted our productivity.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Splunk SOAR is making renovation in automation. Splunk SOAR provides the best-automated response. It provides codeless automation. The Security provided by Splunk SOAR is very much helpful to us.
  • Automatic Response
  • Playbooks
  • Security
  • Ease of use
Splunk SOAR is providing the best support for the automation. The playbooks are very easy to use. Splunk SOAR is very much helpful in raising alerts.
September 19, 2022

SOAR it

Score 10 out of 10
Vetted Review
Verified User
Incentivized
I use Security SOAR for Phishing, Enrichment, and Investigative Automation. It’s standard setup with Splunk Enterprise to pass data along the pipeline into Phantom.
  • Python easy usage
  • Intuitive editor
  • Expandable Eco system
  • Better Documentation
September 19, 2022

Splunk SOAR Review

Score 9 out of 10
Vetted Review
Verified User
Incentivized
I use Splunk SOAR to automate security events for our CSOC. Automation is currently in development.
  • Extensible
  • Rich with custom applications
  • Flexible
  • Based on python
  • Better support for apps
  • Performance
  • Improved code editor
Provides generic apps that work well with integrating with products that don't have a specific app.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
My organization has engaged Splunk SOAR for automating our IT and security activities. It is simpler to create and configure its automated playbooks that are useful for eliminating security analyst's heavy tasks. We use it to gain visibility on the functioning of apps, trouble shoot, and rapidly resolve any security mishaps.
  • Streamlined direction to other security tools for action
  • The amalgamation of all security issues at a central place
  • Faster app development process allows for the creation, testing and editing of apps from a single place
  • Customization
  • Limited integration with other products and documentation on the API
  • Disaster recovery is still manual
Splunk SOAR has been our principal tool for automation of regular tasks for a couple of years. It is actually more advanced than we expected. It has helped improve how we integrate our tools especially those owned by Splunk. I also love that it allows for the writing of custom code to complex playbooks raising its robust automation capabilities to a much higher level.
July 28, 2022

SPLUNK SOAR REVIEW.

Pavan sreevatsav Akula | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
In order to make SaaS deployment more inexpensive for small and medium-sized businesses, it can be further reinforced. Further refinement of pricing based on various deployment strategies can increase client retention. The technical team and customer service at Backhand should be more responsive to our requests and tickets.
  • Utilization simplicity and compatibility with the Windows environment.
  • Automation capabilities.
  • Playbooks are simple to use, integrate, and build.
  • A lack of instruction It can be difficult to contact the support staff. Limited experience from current users.
  • It takes some effort to set up and learn new technology at first. More assistance is required from the support staff. The product's price needs to go down.
  • Cost of the larger version.
Simple to send and speedier integration, Incredible client back, and cross-breed environment execution. The whole handle is computerized, and the reaction time is about a few seconds after the recognized dangers. Its consistent integration and arrangement with our existing framework, The capacity to quickly react to occurrences and alerts.
Sachin Vinay | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We are mostly using SPLUNK SOAR for all our cybersecurity research-oriented sectors, mainly for PhD scholars and pg. students who are doing projects in cybersecurity. Also we have a lot of production servers which require advanced threat monitoring and logging which could be easily satisfied with Splunk SOAR software.
  • precise handling of vulnerabilities with efficient algorithms
  • excellent alerting system with in-detail solutions
  • quality templates of reporting specific security events.
  • Require more advancement in real time threat monitoring
  • dashboards are less user-friendly, not fit for end users with basic networking knowledge.
  • Advanced features come with a high price, when compared to its competitors
Splunk can be suggested for research-oriented educational institutions, cyber research projects, Ph.D. scholars, etc. as it has scope for detailed information on the threat patterns, vulnerability checks, and advanced networking concepts. It is less suited for normal enterprises that are less concerned with data integrity and also for cloud-based solutions.
AMJITH LAL S | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Splunk SOAR was being tested in our environment for security analysis and for cyber security research purposes. With quality automation, we could identify security concerns and act accordingly. We could also identify major security outbreaks with log analysis and reporting from SOAR. Our research team constantly checks the logs and addresses the team for executing the fixes.
  • In depth layer based network logging.
  • Accurate automation of threat handling.
  • Penetration testing with overall vulnerability management.
  • Missing a utility dashboard.
  • Automation features are not scalable.
  • Requires advanced knowledge on networking to operate.
Splunk as an overall security setup will be best suited for any kind of research purposes as we can get precise and detailed info on network packets with step-by-step troubleshooting procedures. It is less suitable for organisations that do not concentrate more on security and require less priority on threats and errors.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We used Splunk SOAR as a log aggregating platform that connects our Splunk tool and connects all the application that provides ingress and egress connections inside and outside the organization. We use this part of our log onboarding platform, a company-wide program that is used to enable logging on all the applications that are being used with donor security metrics.
  • Security Orchestraction
  • Custom Playbooks
  • Integration to Cloud Applications
  • Access Control Issues
  • On-Prem Hosting Capabilities
The tool has some excellent capability sets the benchmark for log monitoring and orchestration standards. The tool is very easy to onboard, the training to give the security consultants very less and it's very easy to pick up due to its huge amount of documentation training program that provides. The support that team provides cease absolutely brilliant. There is a number of custom PlayBooks that would suit almost all your needs and that would master cloud conference and almost all the requirements and minimal effort to customize it based on your needs.
Ezekiel Mathew | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Our company supports geospatial organizations, and intelligence and defense communities in the state and beyond. We aim to deliver secure software services and that's why we engage Splunk SOAR to not only automate repetitive tasks but also improve the incident response capabilities. We use Splunk SOAR extensively while building log analytics to help turn data into outcomes with its top-notch automation.
  • All incident investigations can be automated
  • Generates reports easily and quickly after submitting the file to a malware sandbox
  • Provides detailed analysis of suspicious activity.
  • Some inaccuracies from their predictive models.
Splunk SOAR is absolutely incredible when it comes to automating actions saving our team plenty of hours per week. The deployment is quite flexible, supporting both on-premises and hybrid deployments. I'm intrigued by Splunk's capabilities in case management. I am the assistant team lead in our cybersecurity department and I constantly review and deploy solutions for these incident cases. With Splunk, this task is much easier as I create codified reusable templates for these repetitive procedures.
Return to navigation