Item: Splunk SOAR
Rating: 8
Author: Verified User

Use Cases and Deployment Scope

There are only few really good SOAR available in market which excel at automation and Splunk SOAR is one of them. We used Splunk SOAR to automate blue team operations (SOC team). We have used playbooks for lots of repetitive task such as forwarding alerts to other 3rd party tools, open/close cases in case management tool, analyzing phishing emails etc.

Pros and Cons

Excellent UI
Easy to make playbooks
Very good collaboration tools
Lots of integrations

Price
Splunk SOAR has lots of integration, still needs more
Should be easy to scale

Return on Investment

Reduced MTTR by almost 40-50% on average
Automated response based on certain events
Helps a lot with process standardisation

Performance

For the most time Splunk SOAR works flawlessly, without any problems. However, when incoming event volume is huge it may slowdown a bit or sometimes misses execution. When running a on-prem version if your server specs are not very high or as per recommendation it may start crashing or slow down sometimes.

Key Insights

Do you think Splunk SOAR delivers good value for the price?

Yes

Are you happy with Splunk SOAR's feature set?

Yes

Did Splunk SOAR live up to sales and marketing promises?

Did implementation of Splunk SOAR go as expected?

Yes

Would you buy Splunk SOAR again?

Yes

Other Software Used

Datadog, Box, Slack

Likelihood to Recommend

I my experience I have found Splunk SOAR very well suited when you're looking to reduce response time of a SOC analyst. i.e. Splunk SOAR does very well job when looking to forward alerts or events / incidents to various communication channel, analyse events to determine if its false positive or not etc. Also I personally think dashboard can be little better.

Splunk SOAR: A great orchestration and automation tool

Overall Satisfaction with Splunk SOAR