Splunk SOAR Review
September 11, 2023

Splunk SOAR Review

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Splunk SOAR

We are uing SOAR playbooks to automate the alerting mechanism for the Operations

Pros

  • Prioritize alerts
  • Improve operational efficiency and productivity
  • Automate response and remediation actions

Cons

  • It's specifically geared for SOC and not broader automation
  • The artifact filtering that's forced on everything inside the platform is pretty awful
  • the documentation and support could be improved
  • The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable
  • Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task
I have not seen any real issues with the execution of playbooks. At the time of writing, I will give it a rating of 9 as I have not seen any performance issues with running the playbooks.
A lot of the automation capabilities that I have dealt with have primarily been focused on monitoring and logging of security events or identifying failures in playbooks work other parallel workflows. More recently, we have been carving a lot of data that has been periodically sent via email. This data is processed and parsed, workflows are ran accordingly, and other tools receive data accordingly to do specific tasks based on the results or status of items in the data from email.
Splunk SOAR is one of the more easier to use SOAR products because it gives you the ability to basically write a python script directly as a playbook rather than having to have logic steps built for each decision and only run one thing at a time. I have had previous SOAR products that require a tremendous amount of effort to setup data ingestion, where as Splunk SOAR seems to have the easiest route to execution.

Do you think Splunk SOAR delivers good value for the price?

Not sure

Are you happy with Splunk SOAR's feature set?

Yes

Did Splunk SOAR live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk SOAR go as expected?

Yes

Would you buy Splunk SOAR again?

Yes

Splunk Enterprise, Splunk IT Service Intelligence (ITSI)
The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work.

Comments

More Reviews of Splunk SOAR

  1. Home
  2. Security Orchestration, Automation and Response (SOAR) Tools
  3. Splunk SOAR Reviews
  4. User Review of Splunk SOAR