SOARing through security response automation is exiting.
June 17, 2022

SOARing through security response automation is exiting.

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk SOAR

We utilize SOAR to automate daily tasks and alerts in our environment for our analysts to make quick decisions and react to evolving threats. From phishing emails to suspicious VPN notifications from users connecting around the world. We automated contacting end-users we are protecting to be efficient and create responses that automate the ticketing and closure of events once they have been deemed resolved. This helps us have a more proactive approach and gives us time to develop blue team / red team scenarios that we would otherwise not have the bandwidth to achieve with the manual process of investigating alerts while also providing a starting point for new hire training. We are starting to train new analysts on SOAR by comparing the tedious manual process and comparing it to playbooks for the analyst to understand the efficiency, value, context, and solutions that SOAR provides while also keeping our analysts up-to-date on the procedures we should mimic within our playbooks when planning to enhance or create new parent playbooks from existing sub-playbooks. This creates a revolving approach to enhancing our services and responsiveness to the business while also keeping the analyst from burning out over repetitive alerts and allows for a more proactive approach to enabling analysts to create new methods for more complex processes and tasks.
  • Is able to be quick and get results
  • Can be simple in use while allowing endless complexity
  • Doesn't need a huge understanding of code, but is helpful.
  • Some aspects of SOAR can be more descriptive with examples and better information within the building areas to avoid disruption.
  • Drilling down within each step should provide automatic documentation of every step that is being performed in plain English for fast and easy documentation of playbooks that reach production for analysts to easily familiarize themselves or troubleshoot more complex issues.
  • Licensing per analyst is a bit cumbersome as teams can fluctuate rapidly to avoid cost fluctuations.
  • Too early to tell.
  • Still need more data.
  • Might want to check in as support seems to be hit or miss depending on who you ask.
Super quick and easy to understand. Most of our issues stem from apps outside of SOAR that is connected. But that is to be expected anywhere.

Do you think Splunk SOAR delivers good value for the price?

Not sure

Are you happy with Splunk SOAR's feature set?


Did Splunk SOAR live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk SOAR go as expected?


Would you buy Splunk SOAR again?


Splunk Enterprise Security (ES), Rapid7 InsightVM (Nexpose), Forescout Platform (CounterACT)
It's the next single pane of glass that I would love to utilize all features for, however, licensing for our group is holding us back from doing so while the justification to management on the cost seems to always meet a cost / ROI conversation that I am never a part of.