A product that although has some qwirks, is one of the more flexible SOAR platforms to work with
September 04, 2023

A product that although has some qwirks, is one of the more flexible SOAR platforms to work with

Anonymous | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk SOAR

As part of a security orchestration team, we build automations to help not only in our incident response capabilities, but we also utilize it for data movement and reporting purposes. This helps streamline our business objectives to keep a consistent and actively tracked means to assets, vulnerability management, our cloud environment monitoring, SIEM solutions, and much more.

Pros

  • REST API calls to other products for orchestration
  • Incident Response (if utilized correctly)
  • Monitoring and Logging efforts

Cons

  • Incident Response capabilities and features
  • Apps and streamlining the build process
  • real time syntax linting
  • Available Documentation and online Learnings
  • Data Orchestration for Metrics and Logging
  • Faster Process Execution
  • System Monitoring efforts for failures, etc
So far, I have not seen any real issues with execution or processes. At the time of writing, I will give it a rating of 7 since I know there is room for improvement somewhere, but just cant identify what exactly is needed.
A lot of the automation capabilities that I have dealt with have primarily been focused on monitoring and logging of security events or identifying failures in playbooks work other parallel workflows. More recently, we have been carving a lot of data that has been periodically sent via email. This data is processed and parsed, workflows are ran accordingly, and other tools receive data accordingly to do specific tasks based on the results or status of items in the data from email.
Splunk SOAR is one of the more easier to use SOAR products because it gives you the ability to basically write a python script directly as a playbook rather than having to have logic steps built for each decision and only run one thing at a time. I have had previous SOAR products that require a tremendous amount of effort to setup data ingestion, where as Splunk SOAR seems to have the easiest route to execution.

Do you think Splunk SOAR delivers good value for the price?

Not sure

Are you happy with Splunk SOAR's feature set?

Yes

Did Splunk SOAR live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk SOAR go as expected?

I wasn't involved with the implementation phase

Would you buy Splunk SOAR again?

Yes

Splunk Enterprise Security (ES)
Well Suited: Splunk SOAR helps provide a accurate understanding of events that trigger different workflows. Although a bit confusing to navigate the UI in some situations, it can provide metrics based on the type of events it looks for when triggering automations. Less Appropriate: Recently, our teams have been working on orchestration efforts that utilize a lot of API calls that the apps in Splunk SOAR don't necessarily support right out of the box. some custom functions are needed to do whats necessary. The main objective for Splunk SOAR is to drag and drop and with little configuration build playbooks and workflows to get solutions up and running. However, it seems in these scenarios where we are manipulating data and working a lot with API's and other data streams, its better off to just build a python script, run it in a cronjob or something similar, and let python do the rest. Splunk SOAR in this case can become quite difficult to setup to do whats needed and a simple python script could fix it.

Comments

More Reviews of Splunk SOAR

  1. Home
  2. Security Orchestration, Automation and Response (SOAR) Tools
  3. Splunk SOAR Reviews
  4. User Review of Splunk SOAR