Item: Splunk SOAR
Rating: 8
Author: Verified User

Overall Satisfaction with Splunk SOAR

Use Cases and Deployment Scope

We use Splunk SOAR to manage our security alerts for internal detections as well as external reports. Thanks to the automation our analysts don’t have to spend as much time doing the basics of investigation and can spend more time resolving incidents. We also utilize Splunk SOAR to reduce alert fatigue grouping similar alerts and provide analyst tools to suppress some alerts.

Pros and Cons

Pros

Automate detail collection for incidents
Provide the tools to quickly resolve incidents

Cons

User prompts aren’t fully featured
The ui can be a bit overwhelming to use at first

Return on Investment

Reduced man hours on common tasks

Performance

It all depends on your deployment and administration. This will highly vary.

Automation

Building automations has scaled to the difficulty you make it. If you want a simple drag and drop automation you can do that, if you want to dive into code and have more advanced automations you can do that too! Splunk SOAR has a variety of apps already built and maintained by the community that’ll help you get just about anything done.

Key Insights

Do you think Splunk SOAR delivers good value for the price?

Not sure

Are you happy with Splunk SOAR's feature set?

Yes

Did Splunk SOAR live up to sales and marketing promises?

Yes

Did implementation of Splunk SOAR go as expected?

Yes

Would you buy Splunk SOAR again?

Yes

Other Software Used

Splunk Cloud, Splunk Enterprise

Likelihood to Recommend

Splunk SOAR is well suited to any incident resolution that involves interacting with multiple third party platform apis. It’s not the best at any process that involves a lot of user input along the way.

Comments

Please log in to join the conversation

General feedback