Item: Splunk SOAR
Rating: 10
Author: Verified User

Overall Satisfaction with Splunk SOAR (Security Orchestration, Automation and Response), formerly Phantom

Use Cases and Deployment Scope

I use Security SOAR for Phishing, Enrichment, and Investigative Automation. It’s standard setup with Splunk Enterprise to pass data along the pipeline into Phantom.

Pros and Cons

Pros

Python easy usage
Intuitive editor
Expandable Eco system

Cons

Better Documentation

Return on Investment

Reduce MTTR
Reduce manual TOIL
Consistent Investigation workflow

Performance

With the current tight integration with an upstream data source like Splunk SOAR, a good design playbook can workaround various throttling and limiting API GW usage.

Automation

Alert fatigue is real. Phantom can help with its standard workflow by automating routing SOP and providing analysts the artifacts for final judgments. It’s a big win.

Key Insights

Do you think Splunk SOAR delivers good value for the price?

Yes

Are you happy with Splunk SOAR's feature set?

Yes

Did Splunk SOAR live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Splunk SOAR go as expected?

Yes

Would you buy Splunk SOAR again?

Yes

Other Software Used

Splunk Enterprise, CrowdStrike Falcon Endpoint Protection, ServiceNow Security Operations

Likelihood to Recommend

Comments

Please log in to join the conversation

SOAR it