TrustRadius Insights
Splunk SOAR has proven to be a valuable tool for organizations seeking to automate and manage their security operations. Users have …
Splunk SOARFormerly Phantom
Overview
What is Splunk SOAR?
Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Reviewer Pros & Cons
Pricing
N/A
Unavailable
What is Splunk SOAR?
Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.
Entry-level set up fee?
- No setup fee
For the latest information on pricing, visithttps://www.splunk.com/en_us/products/p…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
68 people also want pricing
Alternatives Pricing
What is KnowBe4 PhishER/PhishER Plus?
PhishER is presented as a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage the high volume of potentially malicious email messages reported by users. And, with automatic prioritization of emails, PhishER helps InfoSec and Security…
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Splunk SOAR?
Splunk SOAR provides security orchestration, automation and response capabilities that allow security analysts to work smarter by automating repetitive tasks; respond to security incidents faster with automated detection, investigation, and response; increase productivity, efficiency and accuracy; and strengthen defenses by connecting and coordinating complex workflows across their team and tools. Splunk SOAR also supports a broad range of security operations center (SOC) functions including event and case management, integrated threat intelligence, collaboration tools and reporting.
Splunk SOAR Competitors
- Palo Alto Networks Cortex XSOAR
- Google Security Operations
- IBM QRadar SOAR
Splunk SOAR Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Frequently Asked Questions
Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.
Palo Alto Networks Cortex XSOAR and Google Security Operations are common alternatives for Splunk SOAR.
Reviewers rate Performance highest, with a score of 8.9.
The most common users of Splunk SOAR are from Enterprises (1,001+ employees).
Comparisons
Compare with
Reviews and Ratings
(85)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Pros
- Cons
Splunk SOAR has proven to be a valuable tool for organizations seeking to automate and manage their security operations. Users have reported improvements in overall security posture and efficiency, particularly in the areas of threat detection, incident response, and vulnerability management. The software offers automation capabilities that help achieve almost zero downtime, along with user-friendly dashboards that provide valuable insights for analysts and managers.
One of the key use cases of Splunk SOAR is its ability to create playbooks based on widely recognized frameworks such as MITRE and NIST. This feature allows users to streamline their security operations by automating repetitive tasks and responding to security incidents effectively. The software also supports case management and offers integrated threat intelligence, enabling users to make informed decisions.
Consultants who have implemented Splunk SOAR have found it particularly helpful when receiving alerts from SIEM systems and undergoing training. It has proven to be a reliable tool for active threat detection, alert monitoring, and managing threats efficiently with its algorithm-based signature handling.
The customization feature of Splunk SOAR is highly valued by users as it enables them to include custom codes in their playbooks. This flexibility allows organizations to tailor the software to their specific needs and enhance its functionality.
Managed IT service providers have been deploying and managing Splunk SOAR for mid-sized businesses with great success. By automating tasks, detecting threats, and fostering innovation, the software helps these providers deliver efficient and effective security services.
In cybersecurity research sectors, Splunk SOAR is frequently employed for threat monitoring, logging, security analysis, and addressing fixes. Its comprehensive capabilities support improved incident response capabilities, build robust log analytics, and strengthen defense through security orchestration and integration.
Overall, Splunk SOAR provides organizations with the tools they need to respond quickly to security issues, automate workflows, enhance collaboration among team members, and improve incident resolution processes. With its powerful automation features and user-friendly interface, the software streamlines threat investigation, enriches actions based on alerts, and facilitates the monitoring and management of security alerts and notifications for various applications.
Effective Automation and Optimization: Many users have found that the automation and optimization features of the security system have been effective in reducing the probability of security incidents.
Seamless Integration with Other Security Tools: Reviewers appreciate the seamless integration of the security system with other security tools and systems, which allows them to address their specific needs and requirements. This integration enhances overall efficiency and effectiveness in managing security operations.
Centralized Platform for Managing Security Operations: The centralized platform for managing and coordinating security operations is considered a valuable feature by many users. It provides a unified interface to monitor, manage, and respond to security issues, streamlining workflows and enhancing productivity.
Confusing and complex user interface: Several users have found the user interface of the product to be confusing and complex, requiring extensive training to understand its functionality. Some users have described it as overwhelming and in need of improvement, especially for beginners.
High cost: The cost of purchasing and implementing the product is considered high by some customers, making it difficult for them to afford. Additionally, some users have mentioned that the advanced features of the software do not necessarily provide enough value for the price.
Lack of integration with other tools: Many users have encountered challenges when trying to integrate the product with other tools outside the Splunk environment. They have expressed limitations in integration with other products and a need for better documentation on the API.
Attribute Ratings
Reviews
(1-25 of 40)Companies can't remove reviews or game the system. Here's why
October 29, 2023
Awesome tool for Security Monitoring.
Splunk SOAR has helped us to monitor and manage the security alerts and notifications for our various applications. After setting up Splunk SOAR, investigation and resolution of incidents have become much easier and less time-consuming. We also monitor our cloud environments for vulnerability checks and prevention with the help of this awesome tool.
September 12, 2023
Splunk SOAR Robust and efficient.
We're using it for Automation to address different clients to help them reduce their working time on certain things, which helps them increase their efficiency and thereby help them meet the SLA. Splunk SOAR helps us with a lot of customization to include custom codes in the playbook, which is a deal breaker.
September 11, 2023
Splunk SOAR Review
We are uing SOAR playbooks to automate the alerting mechanism for the Operations
September 08, 2023
Great tool, wish for more documentation
Writing automation for our Product and Security Incident Response team to make certain processes easier.
September 04, 2023
A product that although has some qwirks, is one of the more flexible SOAR platforms to work with
As part of a security orchestration team, we build automations to help not only in our incident response capabilities, but we also utilize it for data movement and reporting purposes. This helps streamline our business objectives to keep a consistent and actively tracked means to assets, vulnerability management, our cloud environment monitoring, SIEM solutions, and much more.
July 20, 2023
General feedback
We use Splunk SOAR to manage our security alerts for internal detections as well as external reports. Thanks to the automation our analysts don’t have to spend as much time doing the basics of investigation and can spend more time resolving incidents. We also utilize Splunk SOAR to reduce alert fatigue grouping similar alerts and provide analyst tools to suppress some alerts.
We were largely depending on Splunk SOAR for active threat detection and alert monitoring .It has a good algorithm based signature handling which efficiently manages threats. Also our cyber security researchers constantly use this software for advanced research based on their specialisations. Advanced penetration testing also helped us to enhance the security of our hosted applications
We use SOAR to orchestrate our security workflows from end-to-end so all our usually daily time consuming tasks are automated. That way, we gain time and efficiency. Alerts let us stay on top of all security issues, and keep us reactive when we need to respond to threats in no time.
March 29, 2023
Splunk SOAR: A great orchestration and automation tool
There are only few really good SOAR available in market which excel at automation and Splunk SOAR is one of them. We used Splunk SOAR to automate blue team operations (SOC team). We have used playbooks for lots of repetitive task such as forwarding alerts to other 3rd party tools, open/close cases in case management tool, analyzing phishing emails etc.
This software is very fast to protect our system, we require the services of Splunk SOAR to implement improvements in our internal system, since our network has always been a constant victim of the threats that abound on the web, in the installation process we had problems, but we loved having technical support, the implementation was completed in a short time, it is a complete system to automate alerts in advance, it has very good scans to neutralize threats and protect our information. We reduce manual analysis, and we are more effective because Spunk SOAR has an automated system to eliminate any threat that even tries to appear in our company.
December 20, 2022
"SOAR" your return on investments.
Splunk SOAR has helped us to improve our overall security posture, efficiency and effectiveness by automating and managing our security operations through streamlining most of our manual processes such as threat detection, incident response and vulnerability management. Therefore, our team has been able to respond more quickly to potential threats and reduce the impact of security incidents on the organization.
December 18, 2022
Splunk SOAR - The CIA of Software Security
We chose Splunk SOAR because it provides great security and fast response capabilities allowing us work smarter through automating repetitive. Such tasks are response to security incidents faster with automatic detection, response, thorough investigation and efficient and accuracy. Splunk SOAR also supports a wide range of security operation functions for us such as case management and integrated threat intelligence.
November 26, 2022
This is a review from a consultant not from a final user
I'm a consultant in Splunk and SOAR implementing for our customers and I'm not a final user. The scope of my Use cases is intervened after an alert from SIEM. I tried to use Phantom, but it was difficult so I did the training about Phantom and now it's more clear.
The product has a lot of capabilities and lives up to expectations when it works. We have experienced many issues around deployment, installation, scaling, and certain integrations that proved more difficult or had fewer features than expected. Business problems and outcomes: * Automation anywhere and everywhere for the security department * almost zero downtime * Great dashboarding for both analyst and C-Suite or managers * easy to create playbooks regarding MITRE, NIST, etc.
October 11, 2022
Top Performing Splunk SOAR with top-tier automation.
Being a managed IT service Provider company, our engagement with Splunk SOAR has more often than not been in deploying and managing the software for our clients with mid-sized businesses. Splunk SOAR automates most tasks in security and has a proven ability to detect threats and bugs on a system at very early stages. Splunk SOAR, besides helping our clients improve their business agility, also fosters innovation.
We have engaged Splunk SOAR in our departments to handle the repetitive tasks and deal with the grunt work that IT analysts face on a daily basis. Splunk SOAR has streamlined our threat investigation processes as it offers a better and faster way to detect threats through consolidation of closely related containers into a single case. We also use it to automate security workflows through configuration of playbooks for faster response to threats.
September 21, 2022
Splunk SOAR best for Security Orchestration
Splunk SOAR is making renovation in automation. Splunk SOAR provides the best-automated response. It provides codeless automation. The Security provided by Splunk SOAR is very much helpful to us.
September 19, 2022
SOAR it
I use Security SOAR for Phishing, Enrichment, and Investigative Automation. It’s standard setup with Splunk Enterprise to pass data along the pipeline into Phantom.
September 19, 2022
Splunk SOAR Review
I use Splunk SOAR to automate security events for our CSOC. Automation is currently in development.
August 16, 2022
Soar Up Your Security Automation with Splunk SOAR.
My organization has engaged Splunk SOAR for automating our IT and security activities. It is simpler to create and configure its automated playbooks that are useful for eliminating security analyst's heavy tasks. We use it to gain visibility on the functioning of apps, trouble shoot, and rapidly resolve any security mishaps.
July 28, 2022
SPLUNK SOAR REVIEW.
In order to make SaaS deployment more inexpensive for small and medium-sized businesses, it can be further reinforced. Further refinement of pricing based on various deployment strategies can increase client retention. The technical team and customer service at Backhand should be more responsive to our requests and tickets.
We are mostly using SPLUNK SOAR for all our cybersecurity research-oriented sectors, mainly for PhD scholars and pg. students who are doing projects in cybersecurity. Also we have a lot of production servers which require advanced threat monitoring and logging which could be easily satisfied with Splunk SOAR software.
Splunk SOAR was being tested in our environment for security analysis and for cyber security research purposes. With quality automation, we could identify security concerns and act accordingly. We could also identify major security outbreaks with log analysis and reporting from SOAR. Our research team constantly checks the logs and addresses the team for executing the fixes.
July 06, 2022
Highly powerful SIEM tool with Endless Capabitlies
We used Splunk SOAR as a log aggregating platform that connects our Splunk tool and connects all the application that provides ingress and egress connections inside and outside the organization. We use this part of our log onboarding platform, a company-wide program that is used to enable logging on all the applications that are being used with donor security metrics.
Our company supports geospatial organizations, and intelligence and defense communities in the state and beyond. We aim to deliver secure software services and that's why we engage Splunk SOAR to not only automate repetitive tasks but also improve the incident response capabilities. We use Splunk SOAR extensively while building log analytics to help turn data into outcomes with its top-notch automation.