Simple automation development without necessity (but ability) to write code
February 23, 2022
Simple automation development without necessity (but ability) to write code
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Splunk SOAR (Security Orchestration, Automation and Response), formerly Phantom
Splunk SOAR is used to ingest alerts from Splunk searches and to enrich and automate actions based on the alerts. Splunk SOAR is integrated with many of our third-party apps in order to respond effectively to alerts. Enrichment is provided automatically based on certain indicator types while most response actions involve human interaction for approval.
- Third-party integraton
- Custom code
- Simple GUI playbook development
- Expensive
- No built-in way to share playbooks or browse for playbooks developed by others
- Avoiding repetitive tasks
- Reduce time to resolution
- Eases approval process by including relevant data about events
Splunk Phantom integrates well with Splunk ES and has many integrations. One thing that I liked about XSOAR as compared to Phantom is that it has an "app-store" where you can download not only app integrations (similar to Phantom) but Playbooks and dashboards as well.
Do you think Splunk SOAR delivers good value for the price?
Not sure
Are you happy with Splunk SOAR's feature set?
Yes
Did Splunk SOAR live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Splunk SOAR go as expected?
Yes
Would you buy Splunk SOAR again?
Yes