SOAR with good protection
March 29, 2022
SOAR with good protection
Score 7 out of 10
Overall Satisfaction with Splunk SOAR (Security Orchestration, Automation and Response), formerly Phantom
Since our network has always been vulnerable to online threats, our company relies on the services of Splunk SOAR to implement improvements in our internal system. During the installation process, we encountered some difficulties but were pleased to have technical support, and the implementation was completed in a short period of time. Because Spunk SOAR has an automated approach to eliminate any threat that even tries to appear in our firm, we lower the amount of manual analysis and increase our effectiveness.
- You can manage a large number of services thanks to the API.
- It's a versatile solution with a slew of beneficial features and top-notch customer service that elevates the SOC environment.
- It is the nerve center of the security ecosystem, giving teams the ability to spot anomalies right away with the information it provides.
- The rationale of the graphical user interface is confusing. You must first understand the logic before you can successfully apply it. There are times when the focus is too much on security terms.
- Although the API is quite good, it is still missing a few endpoints and supporting documentation. Occasionally, I had to contact the vendor for assistance because the answer was not provided in the manual.
- Because there are so many guidelines to follow when conducting a customized investigation, the process becomes extremely difficult.
- A better orchestration tool than planned was created by using data in 2 %
- More Time Is Spent Per Task
- Time was saved because to the use of automation.
Our team was able to locate a large number of automated processes in the Runbooks that we already had. As a result of the present Playbooks' simple design, which includes visual editors and APIs for quick idea generation, people can quickly create new ideas in Sandbox and see them put into action as soon as possible. The processes and PlayBooks do not slow down the process of identifying and correcting the vulnerabilities, but we were able to identify that this would increase the efficiency of our process and if that man really would create a lot of errors... As a result of our analysis, we believe that security orchestration will only improve processes.
The project's success hinged on Splunk's automation capabilities. For the log monitoring project, alarms, auto-triage, and notifications were all actively utilized; automation scripts were easy to integrate, allowing for various bespoke scripts and the automation of numerous procedures. In addition to custom email or report generation, highly compressed tasks such as custom workflows that required a significant degree of manual intervention were also engaged in this project. '
Do you think Splunk SOAR delivers good value for the price?
Are you happy with Splunk SOAR's feature set?
Did Splunk SOAR live up to sales and marketing promises?
Did implementation of Splunk SOAR go as expected?
Would you buy Splunk SOAR again?
I give it a 7 out of 10 with the possibility of bumping it up to 10 because it's a great tool for analyzing threats, but some members of my team didn't find it very simple. Splunk SOAR (Security Orchestration, Automation, and Response) has to be configured and customized to our desire before Phantom. Right now, I give it a 7 out of 10, but I think it might use some work on the user interface to make it more accessible to those with less experience.