Skip to main content
TrustRadius
Splunk SOAR

Splunk SOAR
Formerly Phantom

Overview

What is Splunk SOAR?

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.

Read more
Recent Reviews

TrustRadius Insights

Splunk SOAR has proven to be a valuable tool for organizations seeking to automate and manage their security operations. Users have …
Continue reading
TrustRadius Insights
TrustRadius Insights

General feedback

8 out of 10
July 20, 2023
Incentivized
We use Splunk SOAR to manage our security alerts for internal detections as well as external reports. Thanks to the automation our …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons
Verified User
Engineer in Engineering
Computer Software Company, 201-500 employees
Gaurav S | TrustRadius Reviewer
Gaurav S
Senior Security Specialist
Ernst and young (Security & Investigations, 10,001+ employees)
Return to navigation

Pricing

View all pricing
Splunk SOAR

Splunk SOAR

N/A
Unavailable

What is Splunk SOAR?

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.splunk.com/en_us/products/p…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

66 people also want pricing

Alternatives Pricing

KnowBe4 PhishER

KnowBe4 PhishER

$0.50
per month per seat
What is KnowBe4 PhishER?

PhishER is presented as a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage the high volume of potentially malicious email messages reported by users. And, with automatic prioritization of emails, PhishER helps InfoSec and Security…

Return to navigation

Product Details

What is Splunk SOAR?

Splunk SOAR provides security orchestration, automation and response capabilities that allow security analysts to work smarter by automating repetitive tasks; respond to security incidents faster with automated detection, investigation, and response; increase productivity, efficiency and accuracy; and strengthen defenses by connecting and coordinating complex workflows across their team and tools. Splunk SOAR also supports a broad range of security operations center (SOC) functions including event and case management, integrated threat intelligence, collaboration tools and reporting.

Splunk SOAR Competitors

Splunk SOAR Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.

Palo Alto Networks Cortex XSOAR and Google Chronicle are common alternatives for Splunk SOAR.

Reviewers rate Performance highest, with a score of 8.9.

The most common users of Splunk SOAR are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(85)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Splunk SOAR has proven to be a valuable tool for organizations seeking to automate and manage their security operations. Users have reported improvements in overall security posture and efficiency, particularly in the areas of threat detection, incident response, and vulnerability management. The software offers automation capabilities that help achieve almost zero downtime, along with user-friendly dashboards that provide valuable insights for analysts and managers.

One of the key use cases of Splunk SOAR is its ability to create playbooks based on widely recognized frameworks such as MITRE and NIST. This feature allows users to streamline their security operations by automating repetitive tasks and responding to security incidents effectively. The software also supports case management and offers integrated threat intelligence, enabling users to make informed decisions.

Consultants who have implemented Splunk SOAR have found it particularly helpful when receiving alerts from SIEM systems and undergoing training. It has proven to be a reliable tool for active threat detection, alert monitoring, and managing threats efficiently with its algorithm-based signature handling.

The customization feature of Splunk SOAR is highly valued by users as it enables them to include custom codes in their playbooks. This flexibility allows organizations to tailor the software to their specific needs and enhance its functionality.

Managed IT service providers have been deploying and managing Splunk SOAR for mid-sized businesses with great success. By automating tasks, detecting threats, and fostering innovation, the software helps these providers deliver efficient and effective security services.

In cybersecurity research sectors, Splunk SOAR is frequently employed for threat monitoring, logging, security analysis, and addressing fixes. Its comprehensive capabilities support improved incident response capabilities, build robust log analytics, and strengthen defense through security orchestration and integration.

Overall, Splunk SOAR provides organizations with the tools they need to respond quickly to security issues, automate workflows, enhance collaboration among team members, and improve incident resolution processes. With its powerful automation features and user-friendly interface, the software streamlines threat investigation, enriches actions based on alerts, and facilitates the monitoring and management of security alerts and notifications for various applications.

Effective Automation and Optimization: Many users have found that the automation and optimization features of the security system have been effective in reducing the probability of security incidents.

Seamless Integration with Other Security Tools: Reviewers appreciate the seamless integration of the security system with other security tools and systems, which allows them to address their specific needs and requirements. This integration enhances overall efficiency and effectiveness in managing security operations.

Centralized Platform for Managing Security Operations: The centralized platform for managing and coordinating security operations is considered a valuable feature by many users. It provides a unified interface to monitor, manage, and respond to security issues, streamlining workflows and enhancing productivity.

Confusing and complex user interface: Several users have found the user interface of the product to be confusing and complex, requiring extensive training to understand its functionality. Some users have described it as overwhelming and in need of improvement, especially for beginners.

High cost: The cost of purchasing and implementing the product is considered high by some customers, making it difficult for them to afford. Additionally, some users have mentioned that the advanced features of the software do not necessarily provide enough value for the price.

Lack of integration with other tools: Many users have encountered challenges when trying to integrate the product with other tools outside the Splunk environment. They have expressed limitations in integration with other products and a need for better documentation on the API.

Attribute Ratings

Reviews

(1-25 of 40)
Companies can't remove reviews or game the system. Here's why
September 12, 2023

Splunk SOAR Robust and efficient.

Gaurav S | TrustRadius Reviewer
Gaurav S
Senior Security Specialist
Ernst and young (Security & Investigations, 10,001+ employees)
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Performance
9
Splunk SOAR performance is really good, but the key thing over here is developing an efficient playbook design that saves a lot of computational cycles on the system, which helps the playbook function in an efficient manner for the user who'll be working on its needs to understand the product and come up with efficient playbooks.
September 11, 2023

Splunk SOAR Review

Verified User
Employee in Information Technology
Information Technology & Services Company, 5001-10,000 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Performance
9
I have not seen any real issues with the execution of playbooks. At the time of writing, I will give it a rating of 9 as I have not seen any performance issues with running the playbooks.
September 04, 2023

A product that although has some qwirks, is one of the more flexible SOAR platforms to work with

Verified User
Professional in Information Technology
Financial Services Company, 1001-5000 employees
Score 6 out of 10
Vetted Review
Verified User
Incentivized
Performance
7
So far, I have not seen any real issues with execution or processes. At the time of writing, I will give it a rating of 7 since I know there is room for improvement somewhere, but just cant identify what exactly is needed.
May 31, 2023

Exceptional threat reporting and efficient and robust algorithm based bug handling

Ramu S R | TrustRadius Reviewer
Ramu S R
Junior Network Administrator
AMRITA VISHWA VIDYAPEETHAM (Higher Education, 5001-10,000 employees)
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Performance
9
Splunk when compared with other apps in the competition outplays all in terms of its advanced monitoring and log analysis mechanism and features. Also, Basic features are free of cost and would be more than enough for research purposes.
May 02, 2023

Leading security automated orchestration platform

Verified User
Employee in Sales
Computer Software Company, 51-200 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Performance
8
First and foremost, Splunk SOAR has helped the team reduce its workload. We've never had any performance issue with it, although we've seen it slow down when we received a significant incoming event volume. It didn't really impact us, but was worth noting. We've deployed it on cloud, not on prem, so we can easily increase the load if we need it.
March 29, 2023

Splunk SOAR: A great orchestration and automation tool

Verified User
Administrator in Information Technology
Information Technology & Services Company, 51-200 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Performance
7
For the most time Splunk SOAR works flawlessly, without any problems. However, when incoming event volume is huge it may slowdown a bit or sometimes misses execution. When running a on-prem version if your server specs are not very high or as per recommendation it may start crashing or slow down sometimes.
March 20, 2023

We fuel our growth by having great protection in our system with automatic alerts.

Bernadette Johnsen | TrustRadius Reviewer
Bernadette Johnsen
Senior Account Manager
Arrow Electronics (Information Technology & Services, 10,001+ employees)
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Performance
10
I give them the highest grade (10 points) because the whole configuration process is very fast, I don't need to know much, just what is necessary to be able to configure the alert processes, the playbooks allow us to be more effective in automation, without manual analysis, all alerts are automated, the detection and restriction of threats have increased.
December 20, 2022

"SOAR" your return on investments.

PK
Priya Kumar
Security Engineer
Aphelion Software (Computer Software, 501-1000 employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Performance
9
It has various capabilities for analyzing and detecting potential threats such as detecting intrusions and analysis of network traffic. In addition, it automates and coordinates the tasks of our teams which help us to respond more effectively to potential and threat incidents thearefore improving our consistency and effectiveness of our security operations. So far its performance has been marvelous.
December 18, 2022

Splunk SOAR - The CIA of Software Security

Gregory Jones | TrustRadius Reviewer
Gregory Jones
Cyber Security Engineering
Call Copy Inc (Information Technology & Services, 501-1000 employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Performance
8
Splunk SOAR automates plenty of events such operating system upgrades and file access limitations. It has helped me automate the most difficult workflows in incident responses. Splunk SOAR solves most of my playbook workflow hassles due to its independence in pulling data from a couple of OSNIT tools into Splunk SOAR.
November 26, 2022

This is a review from a consultant not from a final user

Giuseppe Cusello | TrustRadius Reviewer
Giuseppe Cusello
GRC Director
Cyber Partners S.p.A. (Information Technology & Services, 11-50 employees)
Score 10 out of 10
Vetted Review
ResellerIncentivized
Performance
9
As I already said, when opportunity trained, it's very easy to use the Phantom interface in Playbook creation. In addition, it's useful to securely access every kind of system and automate all the automatable activities. At the same time, permits a straight control on both manual and automated operations. The number of events and systems to manage isn't so relevant: it's relevant only the number of automatable activities and/or the number of operators.
October 27, 2022

Ladies & Gentlemen ! Splunk SOAR with you anywhere and everywhere.

Muhammed Ali CETÄ°N | TrustRadius Reviewer
Muhammed Ali CETÄ°N
senior Security Engineer
Yapı Kredi Teknoloji (Banking, 10,001+ employees)
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Performance
8
We are able to automate almost every one of our use cases, even our threat-hunting, and threat intel procedures. We have 20+ playbooks and cover almost everything, even searching logs into Splunk, looking into TIP and external systems, enrichment, and collecting evidence for analysts; it can perform concurrent playbooks running.
October 11, 2022

Top Performing Splunk SOAR with top-tier automation.

Maria Coulter | TrustRadius Reviewer
Maria Coulter
Full Stack Engineer
NexusTek (Information Technology & Services, 201-500 employees)
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Performance
9
Splunk SOAR's performance is in the roof. We manage Splunk SOAR for a great percentage of our clients, as most of them who start the trial end up purchasing it when they see just how much automation a single software can achieve. As a full-stack engineer, Splunk SOAR solves most of my playbook workflow hassles due to the liberty of pulling data from OSNIT tools into Splunk SOAR.
October 04, 2022

Splunk SAOR provides an Efficient Way For Maintaining IT security.

Verified User
Analyst in Information Technology
Information Technology & Services Company, 10,001+ employees
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Performance
10
It has APIs that are useful for integration with third party solutions as well as for absorbing large volumes of data from our servers, networks and apps. Splunk SOAR offers a variety of playbooks that we use in automating workflows for migrating data and for analyzing the data to ensure its security.
September 19, 2022

SOAR it

Verified User
Administrator in Corporate
Security & Investigations Company, 5001-10,000 employees
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Performance
10
With the current tight integration with an upstream data source like Splunk SOAR, a good design playbook can workaround various throttling and limiting API GW usage.
August 16, 2022

Soar Up Your Security Automation with Splunk SOAR.

Verified User
Consultant in Information Technology
Information Technology & Services Company, 5001-10,000 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Performance
9
With Splunk SOAR's tasks are performed more rapidly than they would be if manually entered. The product also smoothly connects with security tools like firewalls through apps to perform various security actions.
July 28, 2022

SPLUNK SOAR REVIEW.

Pavan sreevatsav Akula | TrustRadius Reviewer
Pavan sreevatsav Akula
Cybersecurity Analyst
Wipro LTD (Computer Networking, 10,001+ employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Performance
9
It may be a adaptable item with many fundamental and valuable highlights, which together with extraordinary client back, brings the SOC environment to the another level. The no-code approach to integrative and the ease of setting up playbooks make it stand out.
July 19, 2022

Awesome tool for vulnerability analysis, threat detection and penetration testing

Sachin Vinay | TrustRadius Reviewer
Sachin Vinay
Network Administrator
Amrita Vishwa Vidyapeetham (Higher Education, 5001-10,000 employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Performance
9
Currently, Splunk SOAR beats all its competitors with its improved algorithms for detecting advanced threats. Moreover, solutions to the existing problems in the infrastructure are also evaluated easily with Splunk. Overall we could suggest it to any cyber security enthusiasts for its remarkable performance in this sector. I would rate it as an above-average product.
July 06, 2022

Highly powerful SIEM tool with Endless Capabitlies

Verified User
Team Lead in Engineering
Computer Software Company, 10,001+ employees
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Performance
9
Our team was capable enough to identify a lot of automation plants in the existing runbooks that we had. The present Playbooks are very easy and provide multiple integration options which include visual editors and API, people to develop and quick ideas on Sandbox and get it implemented immediately and effectively. To an extent, the processes and PlayBooks do not slow down the process of identifying and rectifying the vulnerabilities, but we were able to identify that this would increase the efficiency of our process and if that man really would create a lot of errors. Thinking into a perspective we believe that security orchestration Would bring only better performance in terms of process
June 29, 2022

Keeps the Security teams on toes and the company on top.

Ezekiel Mathew | TrustRadius Reviewer
Ezekiel Mathew
Security Software Engineer
NJVC-LLC (Information Technology & Services, 1001-5000 employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Performance
9
I have been able to automate plenty of events with Splunk SOAR from carrying out site optimizations all the way to migration services, all through with a consistent uptime. We have created a specific Splunk SOAR playbook; when Splunk receives an alert, the playbook triggers an automatic endpoint detection and response.
Return to navigation