Splunk SOARFormerly Phantom
Overview
What is Splunk SOAR?
Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.
Awesome tool for Security Monitoring.
Splunk SOAR Robust and efficient.
Splunk SOAR Review
Great tool, wish for more documentation
A product that although has some qwirks, is one of the more flexible SOAR platforms to work with
General feedback
Exceptional threat reporting and efficient and robust algorithm based bug handling
Leading security automated orchestration platform
Splunk SOAR: A great orchestration and automation tool
We fuel our growth by having great protection in our system with automatic alerts.
"SOAR" your return on investments.
Splunk SOAR - The CIA of Software Security
This is a review from a consultant not from a final user
Ladies & Gentlemen ! Splunk SOAR with you anywhere and everywhere.
Top Performing Splunk SOAR with top-tier automation.
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Reviewer Pros & Cons
Pricing
What is Splunk SOAR?
Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
66 people also want pricing
Alternatives Pricing
What is KnowBe4 PhishER?
PhishER is presented as a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage the high volume of potentially malicious email messages reported by users. And, with automatic prioritization of emails, PhishER helps InfoSec and Security…
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Splunk SOAR?
Splunk SOAR Competitors
- Palo Alto Networks Cortex XSOAR
- Google Chronicle
- IBM QRadar SOAR
Splunk SOAR Technical Details
Operating Systems | Unspecified |
---|---|
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(85)Community Insights
- Business Problems Solved
- Pros
- Cons
Splunk SOAR has proven to be a valuable tool for organizations seeking to automate and manage their security operations. Users have reported improvements in overall security posture and efficiency, particularly in the areas of threat detection, incident response, and vulnerability management. The software offers automation capabilities that help achieve almost zero downtime, along with user-friendly dashboards that provide valuable insights for analysts and managers.
One of the key use cases of Splunk SOAR is its ability to create playbooks based on widely recognized frameworks such as MITRE and NIST. This feature allows users to streamline their security operations by automating repetitive tasks and responding to security incidents effectively. The software also supports case management and offers integrated threat intelligence, enabling users to make informed decisions.
Consultants who have implemented Splunk SOAR have found it particularly helpful when receiving alerts from SIEM systems and undergoing training. It has proven to be a reliable tool for active threat detection, alert monitoring, and managing threats efficiently with its algorithm-based signature handling.
The customization feature of Splunk SOAR is highly valued by users as it enables them to include custom codes in their playbooks. This flexibility allows organizations to tailor the software to their specific needs and enhance its functionality.
Managed IT service providers have been deploying and managing Splunk SOAR for mid-sized businesses with great success. By automating tasks, detecting threats, and fostering innovation, the software helps these providers deliver efficient and effective security services.
In cybersecurity research sectors, Splunk SOAR is frequently employed for threat monitoring, logging, security analysis, and addressing fixes. Its comprehensive capabilities support improved incident response capabilities, build robust log analytics, and strengthen defense through security orchestration and integration.
Overall, Splunk SOAR provides organizations with the tools they need to respond quickly to security issues, automate workflows, enhance collaboration among team members, and improve incident resolution processes. With its powerful automation features and user-friendly interface, the software streamlines threat investigation, enriches actions based on alerts, and facilitates the monitoring and management of security alerts and notifications for various applications.
Effective Automation and Optimization: Many users have found that the automation and optimization features of the security system have been effective in reducing the probability of security incidents.
Seamless Integration with Other Security Tools: Reviewers appreciate the seamless integration of the security system with other security tools and systems, which allows them to address their specific needs and requirements. This integration enhances overall efficiency and effectiveness in managing security operations.
Centralized Platform for Managing Security Operations: The centralized platform for managing and coordinating security operations is considered a valuable feature by many users. It provides a unified interface to monitor, manage, and respond to security issues, streamlining workflows and enhancing productivity.
Confusing and complex user interface: Several users have found the user interface of the product to be confusing and complex, requiring extensive training to understand its functionality. Some users have described it as overwhelming and in need of improvement, especially for beginners.
High cost: The cost of purchasing and implementing the product is considered high by some customers, making it difficult for them to afford. Additionally, some users have mentioned that the advanced features of the software do not necessarily provide enough value for the price.
Lack of integration with other tools: Many users have encountered challenges when trying to integrate the product with other tools outside the Splunk environment. They have expressed limitations in integration with other products and a need for better documentation on the API.
Attribute Ratings
Reviews
(1-3 of 3)Splunk SOAR Robust and efficient.
- Playbook Design.
- Robust and Speed.
- Flexibility
- Integration with On-Prem.
- Access to more APIs in the apps section.
- Improving API actions.
- Achieveing SLA.
- Saving Analysts time.
- Automation.
- API based alert enrichemnt.
- Monitoring engagements.
- Custom Playbooks.
- Custom playbook.
- Custom API
- Custom API Actions.
- Scaling to a lot of clients.
- Developing a custom playbook.
- Developing custom API.
- Automated analyzes that eliminate manual work.
- Order of priority in the analysis, determining greater efficiency in the detection of threats.
- Great time savings and easy code writing, without being experts we achieve good cases of alerts.
- We found no major flaws with Splunk SOAR, but it is slightly disadvantaged by the acquisition price, as it is high and some companies may think twice before buying it.
- Decrease in manual errors, since the entire analysis process is automated.
- It has priority on threats, which ensures that there are no false positives.
- Good quality of automated responses.
- Effective responses to problems and incidents that arise.
- Splunk SOAR is a high quality system that we constantly use to prevent problems in our system, detection is immediate and ensures benefits.
- With Splunk SOAR we will have a better vision of our IT infrastructure and with the rapid response of this software we will maintain security with a good quality of automation.
This is a review from a consultant not from a final user
- Ingestion and analysis of data for security issues
- possibility to perform automaticincident response actions
- itpermits to SOC analysts to investigate and intervene on systems
- The interface isn't immediate in comprehension, I had to follow a training to understand how it works
- it's expensive: not all the customers can buy it!
- It needs PostgreSQL as DB, I'd like to have all inside Splunk also data.
- Satisfy customers
- Have an integrated solution for our proposal
- Avoid the presence (as much as possible) of external products in security management
- Support SIEM in data analysis
- intervenes on systems after a security incident
- Automate as many as possibile activities
- Complete Splunk ES offering
- Complete Splunk ES offerings
- Product Features
- Product Reputation
Im satisfied by this product, We'd propose much more it with a lower price.
- Implemented in-house
Design,
Installation,
Configuration
Tuning
- No relevant issues
- Online training
- Playbooks at first
- External Systems access
- Atomated activies configuration
- All without training, non with training
- Maybe installation