Please share with the community what you think needs improvement with Splunk Phantom.
What are its weaknesses? What would you like to see changed in a future version?
I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region.
In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed. However, lately, it has improved and we are able to find Splunk documents for all the functionalities of Phantom. It would be helpful, on the other hand, if there were videos regarding each functionality. That would make it even easier to work with Phantom. We are able to find some documentation in written form, and that's fine. If it is in a video format, then it would be better due to the fact that, in some environments, we find some other issues or something and it would be nice to have a visualization of the process. The solution is a bit more expensive than other offerings. I'd recommend that the solution add some new apps, or some average services, like bots or G-Suite. We may already have G Suite in Phantom. Bots, like any common VPN service, would be great, however.
We haven't had too much experience on the solution. The solution is relatively new in the market. It would be ideal if we could automate processes even more. The interface is great, however, they could still keep refining it to make it even more user friendly.
Phantom was only recently acquired by Splunk so it is not fully integrated yet. Our area of concern is that Splunk Phantom works with the other Splunk products. At this point, there are certain things that are not fully operational across the rest of the product line. The extension of the product to allow for better integration with other data sources is something that needs attention. We want to see improvements made to the APIs such that we can connect to many different systems and data sources. The search capability could be improved by way of better indexing and also integration with third-party solutions such as Elasticsearch. I would like to see escalation management and integration with communication tools like Slack. I would like to have more capability around analytics. There needs to be a better facility for documenting and storing issues, as well as being able to find those issues. Splunk does a good job of that, so I think that it will be done.
Hi, I'm looking for a technical comparison between Splunk Phantom SOAR and FireEye SOAR solutions.
Can anyone help with insights?
Let the community know what you think. Share your opinions now!