Skip to main content
TrustRadius
Splunk SOAR

Splunk SOAR
Formerly Phantom

Overview

What is Splunk SOAR?

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.

Read more
Recent Reviews

TrustRadius Insights

Splunk SOAR has proven to be a valuable tool for organizations seeking to automate and manage their security operations. Users have …
Continue reading
TrustRadius Insights
TrustRadius Insights

General feedback

8 out of 10
July 20, 2023
Incentivized
We use Splunk SOAR to manage our security alerts for internal detections as well as external reports. Thanks to the automation our …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons
Verified User
Engineer in Engineering
Computer Software Company, 201-500 employees
Gaurav S | TrustRadius Reviewer
Gaurav S
Senior Security Specialist
Ernst and young (Security & Investigations, 10,001+ employees)
Return to navigation

Pricing

View all pricing
Splunk SOAR

Splunk SOAR

N/A
Unavailable

What is Splunk SOAR?

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.splunk.com/en_us/products/p…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

66 people also want pricing

Alternatives Pricing

KnowBe4 PhishER

KnowBe4 PhishER

$0.50
per month per seat
What is KnowBe4 PhishER?

PhishER is presented as a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage the high volume of potentially malicious email messages reported by users. And, with automatic prioritization of emails, PhishER helps InfoSec and Security…

Return to navigation

Product Details

What is Splunk SOAR?

Splunk SOAR provides security orchestration, automation and response capabilities that allow security analysts to work smarter by automating repetitive tasks; respond to security incidents faster with automated detection, investigation, and response; increase productivity, efficiency and accuracy; and strengthen defenses by connecting and coordinating complex workflows across their team and tools. Splunk SOAR also supports a broad range of security operations center (SOC) functions including event and case management, integrated threat intelligence, collaboration tools and reporting.

Splunk SOAR Competitors

Splunk SOAR Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.

Palo Alto Networks Cortex XSOAR and Google Chronicle are common alternatives for Splunk SOAR.

Reviewers rate Performance highest, with a score of 8.9.

The most common users of Splunk SOAR are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(85)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Splunk SOAR has proven to be a valuable tool for organizations seeking to automate and manage their security operations. Users have reported improvements in overall security posture and efficiency, particularly in the areas of threat detection, incident response, and vulnerability management. The software offers automation capabilities that help achieve almost zero downtime, along with user-friendly dashboards that provide valuable insights for analysts and managers.

One of the key use cases of Splunk SOAR is its ability to create playbooks based on widely recognized frameworks such as MITRE and NIST. This feature allows users to streamline their security operations by automating repetitive tasks and responding to security incidents effectively. The software also supports case management and offers integrated threat intelligence, enabling users to make informed decisions.

Consultants who have implemented Splunk SOAR have found it particularly helpful when receiving alerts from SIEM systems and undergoing training. It has proven to be a reliable tool for active threat detection, alert monitoring, and managing threats efficiently with its algorithm-based signature handling.

The customization feature of Splunk SOAR is highly valued by users as it enables them to include custom codes in their playbooks. This flexibility allows organizations to tailor the software to their specific needs and enhance its functionality.

Managed IT service providers have been deploying and managing Splunk SOAR for mid-sized businesses with great success. By automating tasks, detecting threats, and fostering innovation, the software helps these providers deliver efficient and effective security services.

In cybersecurity research sectors, Splunk SOAR is frequently employed for threat monitoring, logging, security analysis, and addressing fixes. Its comprehensive capabilities support improved incident response capabilities, build robust log analytics, and strengthen defense through security orchestration and integration.

Overall, Splunk SOAR provides organizations with the tools they need to respond quickly to security issues, automate workflows, enhance collaboration among team members, and improve incident resolution processes. With its powerful automation features and user-friendly interface, the software streamlines threat investigation, enriches actions based on alerts, and facilitates the monitoring and management of security alerts and notifications for various applications.

Effective Automation and Optimization: Many users have found that the automation and optimization features of the security system have been effective in reducing the probability of security incidents.

Seamless Integration with Other Security Tools: Reviewers appreciate the seamless integration of the security system with other security tools and systems, which allows them to address their specific needs and requirements. This integration enhances overall efficiency and effectiveness in managing security operations.

Centralized Platform for Managing Security Operations: The centralized platform for managing and coordinating security operations is considered a valuable feature by many users. It provides a unified interface to monitor, manage, and respond to security issues, streamlining workflows and enhancing productivity.

Confusing and complex user interface: Several users have found the user interface of the product to be confusing and complex, requiring extensive training to understand its functionality. Some users have described it as overwhelming and in need of improvement, especially for beginners.

High cost: The cost of purchasing and implementing the product is considered high by some customers, making it difficult for them to afford. Additionally, some users have mentioned that the advanced features of the software do not necessarily provide enough value for the price.

Lack of integration with other tools: Many users have encountered challenges when trying to integrate the product with other tools outside the Splunk environment. They have expressed limitations in integration with other products and a need for better documentation on the API.

Attribute Ratings

Reviews

(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
September 12, 2023

Splunk SOAR Robust and efficient.

Gaurav S | TrustRadius Reviewer
Gaurav S
Senior Security Specialist
Ernst and young (Security & Investigations, 10,001+ employees)
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
We're using it for Automation to address different clients to help them reduce their working time on certain things, which helps them increase their efficiency and thereby help them meet the SLA. Splunk SOAR helps us with a lot of customization to include custom codes in the playbook, which is a deal breaker.
Pros and Cons
  • Playbook Design.
  • Robust and Speed.
  • Flexibility
  • Integration with On-Prem.
  • Access to more APIs in the apps section.
  • Improving API actions.
Likelihood to Recommend
If anyone is from a consulting background catering to multiple clients they can monitor all the clients by developing certain custom playbook which helps them to keep track of all these clients, thereby helping the team to monitor without putting in a lot of effort But Splunk SOAR has to develop cross-platform capabilities.
Return on Investment
  • Achieveing SLA.
  • Saving Analysts time.
  • Automation.
Performance
9
Splunk SOAR performance is really good, but the key thing over here is developing an efficient playbook design that saves a lot of computational cycles on the system, which helps the playbook function in an efficient manner for the user who'll be working on its needs to understand the product and come up with efficient playbooks.
Other Software Used
Users and Roles
4
We all work on Splunk SOAR as consultants to cater to different clients by developing playbooks that help any organization save time for the operation teams in order to perform certain tedious tasks, thereby achieving the SLA as per the SOW and helping the client and the service providers to benefit.
Support Headcount Required
4
There are certain technical skills what the users need to have expertise in couple of main things are the users need to be good in python to develop certain custom playbooks and need to have good security knowledge inoder to address certain security concerns which the client mught have to be notified.
Business Processes Supported
  • API based alert enrichemnt.
  • Monitoring engagements.
  • Custom Playbooks.
Innovative Uses
  • Custom playbook.
  • Custom API
  • Custom API Actions.
Future Planned Uses
  • Scaling to a lot of clients.
  • Developing a custom playbook.
  • Developing custom API.
Likelihood to Renew
8
As we already have a lot of clients being catered with Splunk SOAR and because Splunk SOAR is robust and efficient, we are already using it, and we have understood the product to a certain extent, I feel we are personally more enticed to use and scale it to a lot of business.
March 20, 2023

We fuel our growth by having great protection in our system with automatic alerts.

Bernadette Johnsen | TrustRadius Reviewer
Bernadette Johnsen
Senior Account Manager
Arrow Electronics (Information Technology & Services, 10,001+ employees)
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
This software is very fast to protect our system, we require the services of Splunk SOAR to implement improvements in our internal system, since our network has always been a constant victim of the threats that abound on the web, in the installation process we had problems, but we loved having technical support, the implementation was completed in a short time, it is a complete system to automate alerts in advance, it has very good scans to neutralize threats and protect our information. We reduce manual analysis, and we are more effective because Spunk SOAR has an automated system to eliminate any threat that even tries to appear in our company.
Pros and Cons
  • Automated analyzes that eliminate manual work.
  • Order of priority in the analysis, determining greater efficiency in the detection of threats.
  • Great time savings and easy code writing, without being experts we achieve good cases of alerts.
  • We found no major flaws with Splunk SOAR, but it is slightly disadvantaged by the acquisition price, as it is high and some companies may think twice before buying it.
Likelihood to Recommend
To all the community that is still hesitating to buy Splunk SOAR, I must say that this is the most scalable system on the market to prevent threats from penetrating the enterprise system. I rate them with 10 points because it is a very dynamic software, it generates productivity and a lot of confidence among employees, it is not slow, the alerts detected prevent future inconveniences, and you do not have to know much about writing code, because it is structured in Python, which generates a quick configuration.
Return on Investment
  • Decrease in manual errors, since the entire analysis process is automated.
  • It has priority on threats, which ensures that there are no false positives.
  • Good quality of automated responses.
Performance
10
I give them the highest grade (10 points) because the whole configuration process is very fast, I don't need to know much, just what is necessary to be able to configure the alert processes, the playbooks allow us to be more effective in automation, without manual analysis, all alerts are automated, the detection and restriction of threats have increased.
Other Software Used
AccessPay, Book Systems, Acodis – Intelligent Document Processing (IDP)
Users and Roles
25
Support Headcount Required
20
Business Processes Supported
  • Effective responses to problems and incidents that arise.
Innovative Uses
  • Splunk SOAR is a high quality system that we constantly use to prevent problems in our system, detection is immediate and ensures benefits.
Future Planned Uses
  • With Splunk SOAR we will have a better vision of our IT infrastructure and with the rapid response of this software we will maintain security with a good quality of automation.
Likelihood to Renew
10
It is a really efficient system that has good artificial intelligence for incident prevention, it is not complicated to use and can be quickly customized, it is software that we like to use.
November 26, 2022

This is a review from a consultant not from a final user

Giuseppe Cusello | TrustRadius Reviewer
Giuseppe Cusello
GRC Director
Cyber Partners S.p.A. (Information Technology & Services, 11-50 employees)
Score 10 out of 10
Vetted Review
ResellerIncentivized
Use Cases and Deployment Scope
I'm a consultant in Splunk and SOAR implementing for our customers and I'm not a final user. The scope of my Use cases is intervened after an alert from SIEM. I tried to use Phantom, but it was difficult so I did the training about Phantom and now it's more clear.
Pros and Cons
  • Ingestion and analysis of data for security issues
  • possibility to perform automaticincident response actions
  • itpermits to SOC analysts to investigate and intervene on systems
  • The interface isn't immediate in comprehension, I had to follow a training to understand how it works
  • it's expensive: not all the customers can buy it!
  • It needs PostgreSQL as DB, I'd like to have all inside Splunk also data.
Likelihood to Recommend
As I said, it's complicated to initially understand, but when a user understands its features and starts to use it, it's a fantastic platform for security incident response. I configured it for a customer that migrated its SOC from RSA to Splunk Enterprise Security. Now we're trying to propose it to another of our customer's SOC.
Return on Investment
  • Satisfy customers
  • Have an integrated solution for our proposal
  • Avoid the presence (as much as possible) of external products in security management
Performance
9
As I already said, when opportunity trained, it's very easy to use the Phantom interface in Playbook creation. In addition, it's useful to securely access every kind of system and automate all the automatable activities. At the same time, permits a straight control on both manual and automated operations. The number of events and systems to manage isn't so relevant: it's relevant only the number of automatable activities and/or the number of operators.
Alternatives Considered
We are a Splunk Partner and I know Splunk Phantom, for this reason we usually propose it, but I don't deeply know other competitor products.
Other Software Used
Users and Roles
1
I'm the only one involved in Phantom Consultancies activities
Support Headcount Required
1
I'm a Splunk Architect, an expert in Enterprise Security and a CISA
Business Processes Supported
  • Support SIEM in data analysis
  • intervenes on systems after a security incident
  • Automate as many as possibile activities
Innovative Uses
  • Complete Splunk ES offering
Future Planned Uses
  • Complete Splunk ES offerings
Likelihood to Renew
9
It's a fantastic product, even if a little expensive.
Products Replaced
No
Key Differentiators
  • Product Features
  • Product Reputation
We're a Splunk Partners and we have a large knowledge about it in our organization, so we preferred to use a fully integrated SOAR product in out projects, the only limitation we encountered in the integrated offer is the high cost of it.
Evaluation Lessons Learned
I don't change it!
Im satisfied by this product, We'd propose much more it with a lower price.
Implementation Details / Implementation Partner
  • Implemented in-house
Implementation Phases
Yes
Analysis and requirements definition
Design,
Installation,
Configuration
Tuning
Change Management Lessons
Change management was a minor issue with the implementation
It need a well done role definition to maintain a complete control on all the activities (manual and automated).
Implementation Issues
  • No relevant issues
Implementation Rating
9
I already said that the main key insight is the knowledge of Phantom, so a detailed training for all the people involeved.
Training Types Used
  • Online training
In-Person Training
I never followed an in-person training, I gave my evaluation based on the online training
Online Training
9
I followed training for Phantom admins and it opened a world for me
Product Configurability
9
Having a training it's well configurable
Configuration Lessons
Always have a development environment to use for testing.
UI Customization
No - we have not done any customization to the interface
Extensibility and Customization
No - we have not done any custom code
Additional Customization Considerations
No additional configurations or customizations
Support Rating
9
Splunk Support is always great! In addition the Community is very efficient and active.
Premium Support
No never, it's expensive!
Bug Resolution
No
Exceptional Examples of Splunk SOAR Support
No they didn't
Usability
9
Not immediate: it always requires a training.
Easy Tasks
  • Playbooks at first
  • External Systems access
  • Atomated activies configuration
Difficult Tasks
  • All without training, non with training
  • Maybe installation
Scalability
9
me and the customers I encountered found it flexible and scalable
Return to navigation