Splunk SOAR pros and cons

Vendor: Splunk

4.0 out of 5

30 reviews
85% willing to recommend

537 followers

Splunk SOAR Pros review quotes

TC

reviewer2239809

Staff Security Engineer at a engineering company with 10,001+ employees

Jul 20, 2023

The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it.

Read full review

SS

Sr. Principal Info Sec Analyst at Veritas Technologies LLC

Jun 9, 2023

When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved.

Read full review

PW

reviewer2182467

Director of Security Engineering and Operations at a legal firm with 1,001-5,000 employees

May 12, 2023

I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work.

Read full review

Free Report: Splunk SOAR Reviews and More

Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.

768,578 professionals have used our research since 2012.

SB

Steven Bochniewicz

Security Architect at University of Maryland

Jul 20, 2023

The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable.

Read full review

MD MASRURUL HODA

Security Manager at a financial services firm with 5,001-10,000 employees

Jan 30, 2023

Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task.

Read full review

MK

Principal Security Engineer at a tech company with 51-200 employees

Jul 4, 2023

The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools.

Read full review

Siddharth Matalia

Senior Technical Specialist at a manufacturing company with 10,001+ employees

Jan 27, 2023

The customizable playbook is the most valuable aspect of the solution.

Read full review

Technical Associate at Positka

Jan 22, 2021

The customization continues to be excellent.

Read full review

AM

reviewer2241480

SOAR PS Consultant at a tech vendor with 11-50 employees

Jul 21, 2023

The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me.

Read full review

GG

reviewer2195199

Senior Technical Specialist at a financial services firm with 10,001+ employees

May 25, 2023

It's pretty easy when it comes to setting up assets. If you want to fetch emails or call a REST API, you can set up an asset and grab that information.

Read full review

Show 10 more reviews (out of 30)

Splunk SOAR Cons review quotes

TC

reviewer2239809

Staff Security Engineer at a engineering company with 10,001+ employees

Jul 20, 2023

SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks.

Read full review

SS

Sr. Principal Info Sec Analyst at Veritas Technologies LLC

Jun 9, 2023

Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch..

Read full review

PW

reviewer2182467

Director of Security Engineering and Operations at a legal firm with 1,001-5,000 employees

May 12, 2023

We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them.

Read full review

Free Report: Splunk SOAR Reviews and More

Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.

768,578 professionals have used our research since 2012.

SB

Steven Bochniewicz

Security Architect at University of Maryland

Jul 20, 2023

have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning.

Read full review

MD MASRURUL HODA

Security Manager at a financial services firm with 5,001-10,000 employees

Jan 30, 2023

The technical support for the Splunk SIEM solution was average.

Read full review

MK

Principal Security Engineer at a tech company with 51-200 employees

Jul 4, 2023

There is a lot of room for improvement with the UI.

Read full review

Siddharth Matalia

Senior Technical Specialist at a manufacturing company with 10,001+ employees

Jan 27, 2023

What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed.

Read full review

Technical Associate at Positka

Jan 22, 2021

In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed.

Read full review

AM

reviewer2241480

SOAR PS Consultant at a tech vendor with 11-50 employees

Jul 21, 2023

The UI can be more customizable for the clients.

Read full review

GG

reviewer2195199

Senior Technical Specialist at a financial services firm with 10,001+ employees

May 25, 2023

Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient.

Read full review

Show 10 more reviews (out of 30)

Product Categories

Product Categories

Security Orchestration Automation and Response (SOAR)

Popular Comparisons

Popular Comparisons

Microsoft Sentinel vs Splunk SOAR

VMware Carbon Black Endpoint vs Splunk SOAR

AWS Security Hub vs Splunk SOAR

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Exabeam Fusion SIEM vs Splunk SOAR

Cisco SecureX vs Splunk SOAR

ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR

ServiceNow Security Operations vs Splunk SOAR

Fortinet FortiSOAR vs Splunk SOAR

Cortex XSIAM vs Splunk SOAR

IBM Resilient vs Splunk SOAR

Logpoint vs Splunk SOAR

Fidelis Elevate vs Splunk SOAR

McAfee ePolicy Orchestrator vs Splunk SOAR

Swimlane vs Splunk SOAR

See all alternatives

Product Categories

Product Categories

Security Orchestration Automation and Response (SOAR)

Popular Comparisons

Popular Comparisons

Microsoft Sentinel vs Splunk SOAR

VMware Carbon Black Endpoint vs Splunk SOAR

AWS Security Hub vs Splunk SOAR

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Exabeam Fusion SIEM vs Splunk SOAR

Cisco SecureX vs Splunk SOAR

ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR

ServiceNow Security Operations vs Splunk SOAR

Fortinet FortiSOAR vs Splunk SOAR

Cortex XSIAM vs Splunk SOAR

IBM Resilient vs Splunk SOAR

Logpoint vs Splunk SOAR

Fidelis Elevate vs Splunk SOAR

McAfee ePolicy Orchestrator vs Splunk SOAR

Swimlane vs Splunk SOAR

See all alternatives

Related questions

56

Which Do You Recommend, Phantom or Demisto?

639

What are the Top 5 cybersecurity trends in 2022?

8,346

What is the difference between SIEM and SOAR platforms?

1,773

What is an incident response playbook and how is it used in SOAR?

533

What are the latest trends in Security Operations Center (SOC)?

108

What tools and solutions do you use for automated incident response in an enterprise in 2022?

503

How to evaluate SIEM detection rules?

623

Why a Security Operations Center (SOC) is important?

341

What types of Security Operations Center (SOC) deployment models do exist?

10

When evaluating Security Orchestration, Automation, and Response (SOAR), what aspect do you think is the most important to look for?