Splunk SOAR Reviews

My use case for the solution is basically focused on deploying and configuring data related to Splunk, upgrading the Splunk SOAR instances, implementing role-based access controls for different users, and performing system performance tasks, along with resolving logs and connectivity-related issues. 

Additionally, I handle integrations with SIEM tools such as Splunk and EDR, firewalls, and threat platforms.

Implementing Splunk SOAR has significantly benefited our business. It has made a huge impact across security operations and the business overall. The biggest improvement is in speed, consistency, and scalability of responses. With automation of over 60% of repetitive tasks, it has significantly improved efficiency in threat triage and ticketing.

Splunk SOAR has saved us dozens of hours every month by automating tasks, which has reduced the manual workloads significantly for level one and level two analysts.

Splunk SOAR has reduced our Mean Time to Detect by approximately 30% to 40%. The Mean Time To Resolve is approximately reduced by 30% to 40%.

Splunk SOAR absolutely improves our ability to investigate and gain end-to-end visibility and effectively remediate threats across our environments.

Visualizing and troubleshooting our cloud-native environment with Splunk SOAR is fast. It enables informed investigations with centralized timelines and helps with immediate responses by gathering data from all SIEM, EDR, and threat feeds.

Splunk SOAR has saved us time in alert triage. It saves about 20 to 25 minutes per alert by gathering data and checking regulations.

Splunk SOAR has saved us time in threat response, reducing it by approximately 30% to 50%.

Splunk SOAR has helped consolidate multiple tools used in the business, such as security tools and threat intelligence tools, into a singular workflow.

I'm using it mainly for SOC automation and reporting. It's for incident and threat modeling, incident reporting, and triage.

I come from a cybersecurity background and I used to work on the tickets for the security alerts we received from various sources, including Splunk and other SIEM tools. The major challenge was that we were occupied with a lot of noise and activities like validation of IP reports, DNS checks, and traffic monitoring. These were redundant activities that every analyst had to do. We wanted to stop these kinds of activities. 

Splunk SOAR has multiple integrations with various tools, such as VirusTotal. Once we purchased those tools from the respective owners and automated them, the kinds of redundant activities we were having to do were almost immediately stopped.

Also, the ingestion of multiple log sources together helped us eliminate false positives. Using the SOAR platform, our monthly alert count was reduced from 1,100 to 200 or 250. That was the best impact we have seen from implementing SOAR in our environment.

It has reduced our mean time to detect and mean time to respond, from 20 to 30 minutes to just 5 to 10 minutes. In cybersecurity, every moment can be a ticking time bomb for us. We need to get to a solution immediately, whenever any incident is triggered in our environment. SOAR has helped us a lot.

Using this platform has resulted in a better work-life balance for my team.

I use the solution for incident response and automation.

The product helps with workflow reduction. The manual efforts required have been reduced. It contributes to optimization. The extent of workflow reduction varies depending on the instance. Manual intervention is required for critical processes. If it is not critical, we can automate it.

I use Splunk to detect threats and conduct threat analysis. The solution monitors, models, and analyzes all security events in our cloud environment's production areas and mitigates threats.

Before we used Splunk SOAR, we didn't know how much traffic was coming in or what security threats were happening on our servers. We could not monitor the entire production environment. Splunk enables us to perform monitoring, threat hunting, threat analysis, and reporting on the risks and impact on our business. 

Splunk improves our business resilience because it's a powerful tool that can monitor our servers and improve our web business by reducing security threats.  Before Splunk, security threats heavily impacted our production environments. 

In the past, we had to monitor all our servers manually, but now that we have implemented SOAR in our production environment, we no longer need to monitor everything 24/7. It sends alerts to our emails, saving us time that we can spend on other tasks. It reduces our monitoring time by about 50 percent. Splunk speeds up our response time by 20 percent. 

Splunk can integrate and manage multiple solutions simultaneously. It has reduced our alert volume and improved our security. We can show our clients that we're monitoring all the production environments and mitigating events as they happen. It has improved our security posture and reduced the risk.

We use it for risk management. And, we're trying to automate our L1 and L2 agents' functionalities. Through automation, we're trying to reduce the effort that is put in by an agent.

The amount of time that our L1 and L2 agents used to take to do a simple task was about 40 hours per week. Using SOAR and automation we have reduced that to 10 to 15 hours per week. That is a big win. Building up the playbooks helps with the daily investigations for our agents and risk management team.

It has also helped to reduce our mean time to detection. Something that used to take, on average, 30 minutes now takes about five minutes. It really depends on the kind of event it is. And it has definitely helped free up our IT staff for other projects.

Splunk SOAR has also reduced our dependency on UBA, although we still use it. And similarly, while we still use Splunk Enterprise Security (ES) for threat detection, SOAR has reduced our dependency on that by using it for investigation. Of course, ES has to be there as it is receiving feeds, but the SOAR/ES collaboration is just a better way to function.

I use Splunk SOAR to create automation for our SOC team. These automations integrate with third-party applications, which is a key requirement for our SOC.

Splunk makes creating playbooks simple with its GUI. We can build playbooks by dragging and dropping different elements, eliminating the need for complex coding.

The visibility of the playbook viewer is good. We can add custom code while developing the playbook if required.

Splunk SOAR provides end-to-end visibility into our environment.

Troubleshooting our cloud-native environment with Splunk SOAR is a breeze thanks to its intuitive graphical interface. Unlike traditional tools requiring command lines, Splunk SOAR lets us manage integrations and cloud access entirely within the user-friendly GUI, streamlining the process.

Splunk SOAR has significantly reduced our manual workload by automating many previously time-consuming processes. We only began to see the full benefits after about five months.

Splunk simplifies security investigations by offering pre-built processes and leveraging the rich functionality embedded within Phantom's alerts. This combination provides a powerful toolkit for investigators.

Splunk SOAR has significantly improved our security alert resolution efficiency. While the specific time saved depends on the individual case, we've seen a general reduction in resolution time from around 20 minutes to five minutes thanks to the variety of use cases it supports.

Splunk has reduced our mean time to detection by 15 minutes.

Our mean time to resolution is now down to five minutes.

Splunk SOAR streamlined our security operations by consolidating multiple tools. We've successfully integrated and replaced approximately 15 individual applications into a more unified environment.

Splunk SOAR, formerly Splunk Phantom, is a powerful automation platform with a high security focus, but it is also usable for any other general tasks such as putting a server off the network, restarting services, performing health checks, performing data enrichment by collecting information from different sources and combining, analyzing, and providing precise information about several topics. It has a variety of options, and what can stop you is just your creativity.

Splunk SOAR has a user-friendly interface that simplifies playbook creation. While some initial training is helpful, the drag-and-drop functionality and pre-built code generation features make it accessible even for those without extensive coding experience. This ease of use allows teams to quickly automate incident response tasks, reducing the business impact.

Splunk SOAR helps us improve our data collection and automate operational tasks. While it enriches data, some actions require approval or additional information. For application outages, immediate action is crucial to avoid business impact, and time to respond is key to be able to identify the root cause of issues. For example, if a database server goes down, if the analyst doesn't check the issue right after it occurs, they may end up losing precious logs, which would help them identify the issue and avoid reoccurrence. Additionally, manual database tasks like service restarts or log checks are time-consuming. Splunk SOAR automates these tasks, enriching our log collection, running health checks, and generating reports for the database team. This allows for faster issue identification and resolution, ultimately contributing to high system availability and minimal customer impact.

It provides a comprehensive solution for our environment's health. Splunk offers two key products: Splunk as an observability tool that detects critical issues, and Splunk SOAR, an automation platform that enriches data and even automates remediation actions.

SOAR offers easy integration with various tools. We can leverage pre-built apps for common integrations or create custom ones. While Splunk integrations are automatic, SOAR's API allows us to send data from any observability tool using the SOAR API. This API offers different options to manage the platform, and one of the options is to create a container in SOAR, which can trigger the appropriate playbook based on a label name, simplifying integration with new tools and accelerating proof-of-concept deployments.

Implementing a SOAR platform significantly improved our IT operations. Previously, frequent application downtime overwhelmed our busy operations team, forcing them to prioritize and leave some issues unresolved. SOAR automation relieved this pressure by allowing us to create playbooks that automatically detect and fix recurring problems. While the initial setup required developing playbooks and standards, the resulting reduction in alerts and faster issue resolution freed up the operations team's time and had a major positive impact on our overall IT environment.

Our mean time to detect is within seconds. Before SOAR, manually detecting and resolving server issues was slow and unreliable. It could take hours for an overloaded team to identify a problem, and even longer to fix it, potentially impacting customers. SOAR automates this process, triggering immediate responses that take seconds, minimizing downtime, and ensuring a smooth customer experience.

Our mean time to resolution is improved. SOAR helps resolve issues quickly by automating tasks through playbooks. When an issue is detected, SOAR can run a playbook to fix it or provide more information to analysts, expediting resolution.

SOAR has significantly improved our efficiency by automating manual tasks. This frees our IT staff to focus on resolving issues faster and tackling more complex projects.