Ladies & Gentlemen ! Splunk SOAR with you anywhere and everywhere.
October 27, 2022

Ladies & Gentlemen ! Splunk SOAR with you anywhere and everywhere.

Muhammed Ali CETİN | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk SOAR

The product has a lot of capabilities and lives up to expectations when it works. We have experienced many issues around deployment, installation, scaling, and certain integrations that proved more difficult or had fewer features than expected. Business problems and outcomes: * Automation anywhere and everywhere for the security department * almost zero downtime * Great dashboarding for both analyst and C-Suite or managers * easy to create playbooks regarding MITRE, NIST, etc.

Pros

  • Automation
  • War room.
  • Dashboarding
  • Playbook management.

Cons

  • TI procedures.
  • more playbooks for small SOC teams.
  • You'd probably need to create more custom playbooks and automation, so these most used actions should be created by Splunk.
  • MTTR
  • Dashboard and war room for analysts and C suite - easy to show them results and benefits of Splunk soar.
  • Faster process execution, playbook action and results.
We are able to automate almost every one of our use cases, even our threat-hunting, and threat intel procedures. We have 20+ playbooks and cover almost everything, even searching logs into Splunk, looking into TIP and external systems, enrichment, and collecting evidence for analysts; it can perform concurrent playbooks running.
We Do not have a large volume of security alerts. We are working on the SIEM side to reduce FP, large volumes, etc. So it means nothing to me, and it is not a job for the SOAR system, I believe. We are able to automate almost every one of our use cases, even our threat-hunting, and threat intel procedures. We have 20+ playbooks and cover almost everything, even searching logs into Splunk, looking into TIP and external systems, enrichment, and collecting evidence for analysts; it can perform concurrent playbooks running.
If you use Splunk SIEM, you might wanna use Splunk soar, too. one vendor for SIEM and SOAR, and you do not need to think about integration, etc. Easy to use if we compare to other SOARs, chat and war rooms are great, and almost every action that we need is already created in Splunk SOAR.

Do you think Splunk SOAR delivers good value for the price?

Not sure

Are you happy with Splunk SOAR's feature set?

Yes

Did Splunk SOAR live up to sales and marketing promises?

Yes

Did implementation of Splunk SOAR go as expected?

Yes

Would you buy Splunk SOAR again?

Yes

Palo Alto Networks Next-Generation Firewalls - PA Series, Palo Alto Networks Prisma Cloud, Palo Alto Networks WildFire, Darktrace, Vectra Threat Detection & Response Platform, Corelight, McAfee Enterprise Security Manager, McAfee Enterprise Log Manager, Symantec Advanced Threat Protection, Symantec Endpoint Security, CrowdStrike Falcon Endpoint Protection, Trellix Network Security, Trellix EDR, Mandiant Advantage Threat Intelligence
Well Suited Scenarios Where Splunk SOAR, * Automation for Cyber Security team * decrease your MTTR value significantly * Ease to create Playbooks for specific use cases * very user-friendly * War room and chat room regarding on incident is so great! * Almost every action that you need is sitting in Splunk SOAR less appropriate, * there is no all 3rd party integration, I mean, some are missing, and you need to create your own way by using python, and it takes time.

Comments

More Reviews of Splunk SOAR

  1. Home
  2. Security Orchestration, Automation and Response (SOAR) Tools
  3. Splunk SOAR Reviews
  4. User Review of Splunk SOAR