Splunk SOAR Reviews and Ratings

Use Cases and Deployment Scope

It plays a central role in bridging detection with response automation. As a SOC analyst, I oversee threat response operations from multiple enterprise clients. Splunk SOAR obviously does a ton for us but at its core, the problem it solves is alert fatigue and triage inconsistency.

Likelihood to Recommend

A 7/10 because it demands continuous babysitting when you're operating it at scale. For a couple of our clients, we've built an automated phishing triage pipeline that ties together proofpoint TAP and active directory. The moment a user reports a suspicious email, Splunk SOAR parses it, checks the urls, quarantines related messages, disables compromised accounts and even creates a Servicenow ticket. In my 6 years as an analyst, I haven't had a more suitable enterprise use case with Splunk SOAR like this one.

Use Cases and Deployment Scope

Splunk SOAR has helped us to monitor and manage the security alerts and notifications for our various applications. After setting up Splunk SOAR, investigation and resolution of incidents have become much easier and less time-consuming. We also monitor our cloud environments for vulnerability checks and prevention with the help of this awesome tool.

Likelihood to Recommend

Well Suited: Integration of Splunk with other internal tools has been really helpful, especially when we integrated Splunk with our internal support and incident management portal. Less suited: Some processes can be completed using small scripts; it is recommended not to use this as this can be confusing and time-consuming for small tasks.

Use Cases and Deployment Scope

We're using it for Automation to address different clients to help them reduce their working time on certain things, which helps them increase their efficiency and thereby help them meet the SLA. Splunk SOAR helps us with a lot of customization to include custom codes in the playbook, which is a deal breaker.

Likelihood to Recommend

If anyone is from a consulting background catering to multiple clients they can monitor all the clients by developing certain custom playbook which helps them to keep track of all these clients, thereby helping the team to monitor without putting in a lot of effort But Splunk SOAR has to develop cross-platform capabilities.

Use Cases and Deployment Scope

We are uing SOAR playbooks to automate the alerting mechanism for the Operations

Likelihood to Recommend

The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work.

Use Cases and Deployment Scope

Writing automation for our Product and Security Incident Response team to make certain processes easier.

Likelihood to Recommend

When writing an automation to make certain processes it's nice to use SOAR, but if there is much customization that needs to be done, it's not very good to use.

Use Cases and Deployment Scope

As part of a security orchestration team, we build automations to help not only in our incident response capabilities, but we also utilize it for data movement and reporting purposes. This helps streamline our business objectives to keep a consistent and actively tracked means to assets, vulnerability management, our cloud environment monitoring, SIEM solutions, and much more.

Likelihood to Recommend

Well Suited: Splunk SOAR helps provide a accurate understanding of events that trigger different workflows. Although a bit confusing to navigate the UI in some situations, it can provide metrics based on the type of events it looks for when triggering automations. Less Appropriate: Recently, our teams have been working on orchestration efforts that utilize a lot of API calls that the apps in Splunk SOAR don't necessarily support right out of the box. some custom functions are needed to do whats necessary. The main objective for Splunk SOAR is to drag and drop and with little configuration build playbooks and workflows to get solutions up and running. However, it seems in these scenarios where we are manipulating data and working a lot with API's and other data streams, its better off to just build a python script, run it in a cronjob or something similar, and let python do the rest. Splunk SOAR in this case can become quite difficult to setup to do whats needed and a simple python script could fix it.

Use Cases and Deployment Scope

We use Splunk SOAR to manage our security alerts for internal detections as well as external reports. Thanks to the automation our analysts don’t have to spend as much time doing the basics of investigation and can spend more time resolving incidents. We also utilize Splunk SOAR to reduce alert fatigue grouping similar alerts and provide analyst tools to suppress some alerts.

Likelihood to Recommend

Splunk SOAR is well suited to any incident resolution that involves interacting with multiple third party platform apis. It’s not the best at any process that involves a lot of user input along the way.

Use Cases and Deployment Scope

We use SOAR to orchestrate our security workflows from end-to-end so all our usually daily time consuming tasks are automated. That way, we gain time and efficiency. Alerts let us stay on top of all security issues, and keep us reactive when we need to respond to threats in no time.

Likelihood to Recommend

We use it to automate our SecOps main tasks such as:

- monitoring (website monitoring, application monitoring, API monitoring, database monitoring, network monitoring, etc.)

- troubleshooting site issues

- analyzing phishing emails

- reducing manual tasks

- streamlining incident response process,

etc.

It's basically a no brainer tool to use to ease our life and free us time.

Use Cases and Deployment Scope

There are only few really good SOAR available in market which excel at automation and Splunk SOAR is one of them. We used Splunk SOAR to automate blue team operations (SOC team). We have used playbooks for lots of repetitive task such as forwarding alerts to other 3rd party tools, open/close cases in case management tool, analyzing phishing emails etc.

Likelihood to Recommend

I my experience I have found Splunk SOAR very well suited when you're looking to reduce response time of a SOC analyst. i.e. Splunk SOAR does very well job when looking to forward alerts or events / incidents to various communication channel, analyse events to determine if its false positive or not etc. Also I personally think dashboard can be little better.

Use Cases and Deployment Scope

Splunk SOAR has helped us to improve our overall security posture, efficiency and effectiveness by automating and managing our security operations through streamlining most of our manual processes such as threat detection, incident response and vulnerability management. Therefore, our team has been able to respond more quickly to potential threats and reduce the impact of security incidents on the organization.

Likelihood to Recommend

Our company has very complex and dynamic security operations because of the large number of security tools and systems that we need to manage and coordinate. Moreover, it helps us to meet many regulatory and compliance requirements because it helps us to automate and document our security operations. We also use it to streamline our security operations and improve our response to potential threats.