IT Central Station is now PeerSpot: Here's why

Splunk Phantom OverviewUNIXBusinessApplication

Splunk Phantom is #3 ranked solution in SOAR tools. PeerSpot users give Splunk Phantom an average rating of 8.4 out of 10. Splunk Phantom is most commonly compared to Palo Alto Networks Cortex XSOAR: Splunk Phantom vs Palo Alto Networks Cortex XSOAR. Splunk Phantom is popular among the large enterprise segment, accounting for 72% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 25% of all views.
Splunk Phantom Buyer's Guide

Download the Splunk Phantom Buyer's Guide including reviews and more. Updated: July 2022

What is Splunk Phantom?

Phantom enables teams to work smarter by executing automated actions across their security infrastructure in seconds, versus hours or more if performed manually. Teams can codify workflows into Phantom’s automated playbooks using the visual editor (no coding required) or the integrated Python development environment. By offloading these repetitive tasks, teams can focus their attention on making the most mission-critical decisions.
Phantom is the connective tissue that lets existing security tools work better together. By connecting and coordinating complex workflows across the SOC’s team and tools, Phantom ensures that each part of the SOC’s layered defense is actively participating in a unified defense strategy. Powerful abstraction allows teams to focus on what they need to accomplish, while the platform translates that into tool-specific actions.
Incident Response
Phantom helps security teams investigate and respond to threats faster. Using Phantom’s automated detection, investigation, and response capabilities, teams can execute response actions at machine speed, reduce malware dwell time and lower their overall mean time to resolve (MTTR). And now with Phantom on Splunk Mobile, analysts can use their mobile device to respond to security incidents while on-the-go. Phantom’s event and case management functionality can further streamline security operations. Case-related data and activity are easily accessible from one central repository. It’s easy to chat with other team members about an event or case, and assign events and tasks to the appropriate team member.

Splunk Phantom was previously known as Phantom.

Splunk Phantom Customers

Recorded Future, Blackstone

Splunk Phantom Video

Archived Splunk Phantom Reviews (more than two years old)

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Technical Lead at Paladion Networks
Real User
Good security orchestration and when we face challenges with it we can find a solution in the documentation
Pros and Cons
  • "Very flexible integration with other tools"
  • "And most of the challenges that I have faced with the solution can be found in the documentation itself."

What is our primary use case?

Our primary use case of the solution is for fine tuning. We provide professional services for our customers to enhance their ability to use the functionalities of Splunk. We're integrators of the solution. 

What is most valuable?

The most valuable feature of Splunk is a very flexible integration with other tools. Compared to other products in the market, Splunk is very user friendly, and not very complicated. It integrates with most of the endpoints and that's a very positive side of the solution. There's no need to remember a lot of things and documentation is great. I really appreciate that aspect. Since it is cloud-based there is a lot of flexibility. And most of the challenges that I have faced with the solution can be found in the documentation itself.

At this point, I'm very happy with the solution. There's nothing there that disturbs me. Security orchestration is a new emerging issue in the market. If I have to compare with other security orchestration tools, Splunk is a good solution. Many vendors have opted for Splunk because of easy usability and connectivity to radius devices.

For how long have I used the solution?

I've been using this solution for about six months. 

What do I think about the stability of the solution?

Stability is good

Buyer's Guide
Splunk Phantom
July 2022
Learn what your peers think about Splunk Phantom. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
622,358 professionals have used our research since 2012.

What do I think about the scalability of the solution?

Scalability is good, allows flexibility. That's what makes life easy. 

How are customer service and support?

There's great documentation and most of the challenges I've faced, I've found the solution via the documentation. I've never contacted the technical support which attests to the quality of the documentation. 

Which solution did I use previously and why did I switch?

I know RSA and Splunk are similar solutions even though I've never used RSA. I know that Splunk is user friendly and doesn't require in-depth knowledge. Everything is file based, applications like RSA rely on databases. I have the confidence of being able to use Splunk efficiently and there are a lot of features I can handle myself the way I want to. 

How was the initial setup?

Initial setup is very straightforward and simple. Much easier than other tools, it takes a couple of days depending on the architecture. 

What's my experience with pricing, setup cost, and licensing?

The solution is for our clients so we don't deal with the licensing aspect. 

What other advice do I have?

It's important to know your customer's requirements so you can choose the correct solution. The budget also needs to be taken into account. Most customer's budgets suit a Splunk solution whereas RSA is much more expensive. 

I would rate Splunk Phantom a seven out of 10. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
Al Sedghi - PeerSpot reviewer
Chief Technology Officer at a tech consulting company with 51-200 employees
Real User
Good protocol flexibility and team collaboration for threat detection, but the API integration needs to be expanded
Pros and Cons
  • "The most valuable feature is the risk-based access control."
  • "We want to see improvements made to the APIs such that we can connect to many different systems and data sources."

What is our primary use case?

We are a consulting firm and this is a solution that we use for ourselves, as well as implement it for our customers.

Our use case is to establish a platform for threat analysis across different data sources that we have in the company. Essentially, it is an orchestration platform and we want to make sure that we can tie into different endpoints or data sources from which traffic originates. We need to then detect and analyze threats.

What is most valuable?

The most valuable feature is the risk-based access control.

The team collaboration when it comes to detecting a threat is helpful.

I like the fact that we can leverage the API to be able to establish a connection and share information across different repositories.

The flexibility that it has when using different protocols, like TLP, for communicating, is fairly good.

This solution supports the automated handling of phishing attempts through the collection of potentially malicious emails from end-users. It analyzes them, identifies threats, and assesses risk.

What needs improvement?

Phantom was only recently acquired by Splunk so it is not fully integrated yet. Our area of concern is that Splunk Phantom works with the other Splunk products. At this point, there are certain things that are not fully operational across the rest of the product line.

The extension of the product to allow for better integration with other data sources is something that needs attention. We want to see improvements made to the APIs such that we can connect to many different systems and data sources.

The search capability could be improved by way of better indexing and also integration with third-party solutions such as Elasticsearch.

I would like to see escalation management and integration with communication tools like Slack.

I would like to have more capability around analytics.

There needs to be a better facility for documenting and storing issues, as well as being able to find those issues. Splunk does a good job of that, so I think that it will be done.

What do I think about the stability of the solution?

The solution overall is stable, but it could be more so. It is an application server and there is a vulnerability when a traffic overload occurs, or if there is an incompatibility with a backend or another data source. There is a risk that something can freeze up.   

High Availability / Disaster Recovery (HA/DR) is key and Splunk Phantom’s product offerings must ensure sharding and clustering to enable scalability and automated failover

What do I think about the scalability of the solution?

Because this is an orchestration platform, it's supposed to offload the users from being directly involved in looking at and analyzing security issues. It is something that you just let run. From an administration standpoint, we have a team of ten people that work around this platform.

How are customer service and technical support?

Prior to Splunk acquiring Phantom, the support for this solution was subpar. Now, however, the support model has changed and it is pretty reasonable.

How was the initial setup?

The initial setup takes some time because you have to configure it and then connect it to different data sources and make sure that they operate properly. It requires an engineer who's fairly knowledgeable in security, interaction, setup, and administration.

In terms of the deployment time, I think that it is something that you can get up and running in perhaps two or three months. I don't think that you could get this up and running fully in a week, for example.

What's my experience with pricing, setup cost, and licensing?

It is a subscription-based licensing model that varies depending on how much data is processed by Spunk. There are built-in volume discounts.

There are some additional costs if you want to get some front-end support or installation or setup, which is part of professional services. There are also some modules, such as analytics, that Splunk will provide for an additional fee.

What other advice do I have?

My advice to anybody who is considering this solution is to first really understand the requirements that you have, well enough. You need to identify and understand the data sources that you need, prior to purchase, to ensure that there is a need and also that there are no issues with incompatibility or connectivity. You also need to have the right resources to assess, implement, or oversee the implementation. You're going into an environment that requires a little bit of understanding of artificial intelligence because the SOAR platform requires setting up some rules. You also need to have a technical support group in-house to be able to help, otherwise, you would be dependent on Splunk for assistance.

Overall, this product is fairly good but it's not quite mature yet. It needs some enhancement and some stabilization in some areas.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Splunk Phantom Report and get advice and tips from experienced pros sharing their opinions.
Updated: July 2022
Buyer's Guide
Download our free Splunk Phantom Report and get advice and tips from experienced pros sharing their opinions.