1. Home
  2. Security Orchestration, Automation and Response (SOAR) Tools
  3. Splunk SOAR Reviews
  4. User Review of Splunk SOAR
Splunk SOAR: Your success in automation lies within your python abilities
June 20, 2022

Splunk SOAR: Your success in automation lies within your python abilities

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk SOAR

We utilize Splunk SOAR to automate mundane and repetitive security tasks to speed remediation and reduce manual effort. In our organization, our use case is centered around security operations and monitoring. Splunk SOAR facilitates our efforts to remediate and respond to threats within our environment at near-machine speed.
  • Automation of end user notification
  • Automation of ticket workflow
  • Automation of data enrichment
  • Automation of analyst alerting
  • Playbooks can be daunting to design
  • Playbooks are a compilation of python scripts and API calls with a nice GUI but can break as easily
  • Solid understanding of python scripting is required to troubleshoot issues
  • Reduced MTTR for phished users
  • Reduced MTTR when isolating compromised devices
  • Reduction in manual effort to notify users of clicked malicious links
Splunk SOAR's performance is as good as your python scripting and API calling abilities. While the GUI makes things a little easier, anything that doesn't fall inside the box can be problematic. Once designed and tested the playbooks often run without hesitation and reliably provided systems are spec'd properly.

Do you think Splunk SOAR delivers good value for the price?

Yes

Are you happy with Splunk SOAR's feature set?

Yes

Did Splunk SOAR live up to sales and marketing promises?

No

Did implementation of Splunk SOAR go as expected?

No

Would you buy Splunk SOAR again?

Yes

We use Splunk SOAR to automate notification of users of malicious links clicked and to pull malicious emails from mailboxes based on analyst determination. Beyond that, we use Splunk SOAR to automate the isolation of devices determined by EDR to be compromised while enriching the alert data and notifying analysts. In our implementation, we have experienced issues with troubleshooting when part of the python script would fail rather than the playbook or an entire function within the playbook.