Splunk SOAR Reviews & Insights

Score9 out of 10

84 Reviews and Ratings

Community insights

TrustRadius Insights for Splunk SOAR are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Effective Automation and Optimization: Many users have found that the automation and optimization features of the security system have been effective in reducing the probability of security incidents.

Seamless Integration with Other Security Tools: Reviewers appreciate the seamless integration of the security system with other security tools and systems, which allows them to address their specific needs and requirements. This integration enhances overall efficiency and effectiveness in managing security operations.

Centralized Platform for Managing Security Operations: The centralized platform for managing and coordinating security operations is considered a valuable feature by many users. It provides a unified interface to monitor, manage, and respond to security issues, streamlining workflows and enhancing productivity.

Splunk SOAR Reviews

41 Reviews

Awesome tool for Security Monitoring.

Rating: 9 out of 10

Incentivized

October 29, 2023

Use Cases and Deployment Scope

Splunk SOAR has helped us to monitor and manage the security alerts and notifications for our various applications. After setting up Splunk SOAR, investigation and resolution of incidents have become much easier and less time-consuming. We also monitor our cloud environments for vulnerability checks and prevention with the help of this awesome tool.

Pros

Incident reporting and management.
Orchestration
Security Monitoring.

Cons

Documentation can be improved.
Room for improvement in UI. (Can be confusing for beginners).

Likelihood to Recommend

Well Suited: Integration of Splunk with other internal tools has been really helpful, especially when we integrated Splunk with our internal support and incident management portal. Less suited: Some processes can be completed using small scripts; it is recommended not to use this as this can be confusing and time-consuming for small tasks.

Verified User

Engineer in Engineering (201-500 employees)

Vetted Review

1 year of experience

Splunk SOAR Robust and efficient.

Rating: 8 out of 10

Incentivized

September 12, 2023

Use Cases and Deployment Scope

We're using it for Automation to address different clients to help them reduce their working time on certain things, which helps them increase their efficiency and thereby help them meet the SLA. Splunk SOAR helps us with a lot of customization to include custom codes in the playbook, which is a deal breaker.

Pros

Playbook Design.
Robust and Speed.
Flexibility

Cons

Integration with On-Prem.
Access to more APIs in the apps section.
Improving API actions.

Likelihood to Recommend

If anyone is from a consulting background catering to multiple clients they can monitor all the clients by developing certain custom playbook which helps them to keep track of all these clients, thereby helping the team to monitor without putting in a lot of effort But Splunk SOAR has to develop cross-platform capabilities.

Gaurav S

Senior Security Specialist in Customer Service at Ernst and young (10,001+ employees)

Vetted Review

2 years of experience

View profile

Splunk SOAR Review

Rating: 9 out of 10

Incentivized

September 11, 2023

Use Cases and Deployment Scope

We are uing SOAR playbooks to automate the alerting mechanism for the Operations

Pros

Prioritize alerts
Improve operational efficiency and productivity
Automate response and remediation actions

Cons

It's specifically geared for SOC and not broader automation
The artifact filtering that's forced on everything inside the platform is pretty awful
the documentation and support could be improved

Likelihood to Recommend

The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work.

Verified User

Employee in Information Technology (5001-10,000 employees)

Vetted Review

1 year of experience

Great tool, wish for more documentation

Rating: 7 out of 10

Incentivized

September 8, 2023

Use Cases and Deployment Scope

Writing automation for our Product and Security Incident Response team to make certain processes easier.

Pros

Easy to use
Nice visual

Cons

Missing documentation
view is hard to see in one

Likelihood to Recommend

When writing an automation to make certain processes it's nice to use SOAR, but if there is much customization that needs to be done, it's not very good to use.

Verified User

Engineer in Information Technology (5001-10,000 employees)

Vetted Review

A product that although has some qwirks, is one of the more flexible SOAR platforms to work with

Rating: 6 out of 10

Incentivized

September 4, 2023

Use Cases and Deployment Scope

As part of a security orchestration team, we build automations to help not only in our incident response capabilities, but we also utilize it for data movement and reporting purposes. This helps streamline our business objectives to keep a consistent and actively tracked means to assets, vulnerability management, our cloud environment monitoring, SIEM solutions, and much more.

Pros

REST API calls to other products for orchestration
Incident Response (if utilized correctly)
Monitoring and Logging efforts

Cons

Incident Response capabilities and features
Apps and streamlining the build process
real time syntax linting
Available Documentation and online Learnings

Likelihood to Recommend

Well Suited: Splunk SOAR helps provide a accurate understanding of events that trigger different workflows. Although a bit confusing to navigate the UI in some situations, it can provide metrics based on the type of events it looks for when triggering automations. Less Appropriate: Recently, our teams have been working on orchestration efforts that utilize a lot of API calls that the apps in Splunk SOAR don't necessarily support right out of the box. some custom functions are needed to do whats necessary. The main objective for Splunk SOAR is to drag and drop and with little configuration build playbooks and workflows to get solutions up and running. However, it seems in these scenarios where we are manipulating data and working a lot with API's and other data streams, its better off to just build a python script, run it in a cronjob or something similar, and let python do the rest. Splunk SOAR in this case can become quite difficult to setup to do whats needed and a simple python script could fix it.

Verified User

Professional in Information Technology (1001-5000 employees)

Vetted Review

1 year of experience

General feedback

Rating: 8 out of 10

Incentivized

July 20, 2023

Use Cases and Deployment Scope

We use Splunk SOAR to manage our security alerts for internal detections as well as external reports. Thanks to the automation our analysts don’t have to spend as much time doing the basics of investigation and can spend more time resolving incidents. We also utilize Splunk SOAR to reduce alert fatigue grouping similar alerts and provide analyst tools to suppress some alerts.

Pros

Automate detail collection for incidents
Provide the tools to quickly resolve incidents

Cons

User prompts aren’t fully featured
The ui can be a bit overwhelming to use at first

Likelihood to Recommend

Splunk SOAR is well suited to any incident resolution that involves interacting with multiple third party platform apis. It’s not the best at any process that involves a lot of user input along the way.

Verified User

Engineer in Information Technology (10,001+ employees)

Vetted Review

1 year of experience

Leading security automated orchestration platform

Rating: 8 out of 10

Incentivized

May 2, 2023

Use Cases and Deployment Scope

We use SOAR to orchestrate our security workflows from end-to-end so all our usually daily time consuming tasks are automated. That way, we gain time and efficiency. Alerts let us stay on top of all security issues, and keep us reactive when we need to respond to threats in no time.

Pros

workflows orchestration
security threat detections
security threat alerts

Cons

SPL Intelligence
Support

Likelihood to Recommend

We use it to automate our SecOps main tasks such as:
- monitoring (website monitoring, application monitoring, API monitoring, database monitoring, network monitoring, etc.)
- troubleshooting site issues
- analyzing phishing emails
- reducing manual tasks
- streamlining incident response process,
etc.
It's basically a no brainer tool to use to ease our life and free us time.

Verified User

Employee in Sales (51-200 employees)

Vetted Review

2 years of experience

Splunk SOAR: A great orchestration and automation tool

Rating: 8 out of 10

Incentivized

March 29, 2023

Use Cases and Deployment Scope

There are only few really good SOAR available in market which excel at automation and Splunk SOAR is one of them. We used Splunk SOAR to automate blue team operations (SOC team). We have used playbooks for lots of repetitive task such as forwarding alerts to other 3rd party tools, open/close cases in case management tool, analyzing phishing emails etc.

Pros

Excellent UI
Easy to make playbooks
Very good collaboration tools
Lots of integrations

Cons

Price
Splunk SOAR has lots of integration, still needs more
Should be easy to scale

Likelihood to Recommend

I my experience I have found Splunk SOAR very well suited when you're looking to reduce response time of a SOC analyst. i.e. Splunk SOAR does very well job when looking to forward alerts or events / incidents to various communication channel, analyse events to determine if its false positive or not etc. Also I personally think dashboard can be little better.

Verified User

Administrator in Information Technology (51-200 employees)

Vetted Review

2 years of experience

"SOAR" your return on investments.

Rating: 9 out of 10

Incentivized

December 20, 2022

Use Cases and Deployment Scope

Splunk SOAR has helped us to improve our overall security posture, efficiency and effectiveness by automating and managing our security operations through streamlining most of our manual processes such as threat detection, incident response and vulnerability management. Therefore, our team has been able to respond more quickly to potential threats and reduce the impact of security incidents on the organization.

Pros

Automation and optimization of security systems which help to reduce the probability of security incidents.
It seamlessly integrates with other security tools and systems to help us address our specific needs and requirements.
Centralized platform for managing and coordinating our security operations.

Cons

Due to its complex nature, it is quite difficult to learn and master.
The cost of purchasing and implementing it is quite high.

Likelihood to Recommend

Our company has very complex and dynamic security operations because of the large number of security tools and systems that we need to manage and coordinate. Moreover, it helps us to meet many regulatory and compliance requirements because it helps us to automate and document our security operations. We also use it to streamline our security operations and improve our response to potential threats.

Priya Kumar

Security Engineer in Engineering at Aphelion Software (501-1000 employees)

Vetted Review

3 years of experience

Splunk SOAR - The CIA of Software Security

Rating: 9 out of 10

Incentivized

December 18, 2022

Use Cases and Deployment Scope

We chose Splunk SOAR because it provides great security and fast response capabilities allowing us work smarter through automating repetitive. Such tasks are response to security incidents faster with automatic detection, response, thorough investigation and efficient and accuracy. Splunk SOAR also supports a wide range of security operation functions for us such as case management and integrated threat intelligence.

Pros

Advanced capabilities for inspection of data for safety issues.
Capability to performing automatic response actions.

Cons

The guided product tour manual does not enclose all usability aspects.
Splunk SOAR is not instant in conception, I had to heed on several sessions to understand how it works.

Likelihood to Recommend

Splunk SOAR is able to mitigate its impact quickly when hit by a system failure. It might be difficult to understand at first, but when you comprehend its features and begin to use it, it is impressive platform for security incident response. It favors more those that have had previous experience with the software than newbies.

Gregory Jones

Cyber Security Engineering in Information Technology at Call Copy Inc (501-1000 employees)

Vetted Review

2 years of experience