This is a review from a consultant not from a final user
Updated November 26, 2022
This is a review from a consultant not from a final user
Score 10 out of 10
Vetted Review
Overall Satisfaction with Splunk SOAR (Security Orchestration, Automation and Response), formerly Phantom
I'm a consultant in Splunk and SOAR implementing for our customers and I'm not a final user. The scope of my Use cases is intervened after an alert from SIEM. I tried to use Phantom, but it was difficult so I did the training about Phantom and now it's more clear.
Pros
- Ingestion and analysis of data for security issues
- possibility to perform automaticincident response actions
- itpermits to SOC analysts to investigate and intervene on systems
Cons
- The interface isn't immediate in comprehension, I had to follow a training to understand how it works
- it's expensive: not all the customers can buy it!
- It needs PostgreSQL as DB, I'd like to have all inside Splunk also data.
- Satisfy customers
- Have an integrated solution for our proposal
- Avoid the presence (as much as possible) of external products in security management
We are a Splunk Partner and I know Splunk Phantom, for this reason we usually propose it, but I don't deeply know other competitor products.
Do you think Splunk SOAR delivers good value for the price?
Not sure
Are you happy with Splunk SOAR's feature set?
Yes
Did Splunk SOAR live up to sales and marketing promises?
Yes
Did implementation of Splunk SOAR go as expected?
Yes
Would you buy Splunk SOAR again?
Yes
Using Splunk SOAR (Security Orchestration, Automation and Response), formerly Phantom
1 - I'm the only one involved in Phantom Consultancies activities
1 - I'm a Splunk Architect, an expert in Enterprise Security and a CISA
- Support SIEM in data analysis
- intervenes on systems after a security incident
- Automate as many as possibile activities
- Complete Splunk ES offering
- Complete Splunk ES offerings
Evaluating Splunk SOAR (Security Orchestration, Automation and Response), formerly Phantom and Competitors
- Product Features
- Product Reputation
We're a Splunk Partners and we have a large knowledge about it in our organization, so we preferred to use a fully integrated SOAR product in out projects, the only limitation we encountered in the integrated offer is the high cost of it.
I don't change it!
Im satisfied by this product, We'd propose much more it with a lower price.
Im satisfied by this product, We'd propose much more it with a lower price.
Splunk SOAR (Security Orchestration, Automation and Response), formerly Phantom Implementation
- Implemented in-house
Yes - Analysis and requirements definition
Design,
Installation,
Configuration
Tuning
Design,
Installation,
Configuration
Tuning
Change management was a minor issue with the implementation - It need a well done role definition to maintain a complete control on all the activities (manual and automated).
- No relevant issues
Splunk SOAR (Security Orchestration, Automation and Response), formerly Phantom Training
Configuring Splunk SOAR (Security Orchestration, Automation and Response), formerly Phantom
Always have a development environment to use for testing.
No - we have not done any customization to the interface
No - we have not done any custom code
No additional configurations or customizations
Splunk SOAR (Security Orchestration, Automation and Response), formerly Phantom Support
Pros | Cons |
---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support understands my problem Support cares about my success Quick Initial Response | None |
No never, it's expensive!
No they didn't
Using Splunk SOAR (Security Orchestration, Automation and Response), formerly Phantom
Pros | Cons |
---|---|
Like to use Relatively simple Well integrated Consistent Quick to learn Convenient Feel confident using | Requires technical support Lots to learn |
- Playbooks at first
- External Systems access
- Atomated activies configuration
- All without training, non with training
- Maybe installation
Comments
Please log in to join the conversation