Try our new research platform with insights from 80,000+ expert users
Splunk SOAR Logo

Splunk SOAR pros and cons

Vendor: Splunk
4.0 out of 5
Badge Leader
Leave a review

Pros & Cons summary

Splunk SOAR offers robust automation, seamless integration with security applications, and customizable playbooks for tailored workflows. Its advanced AI-driven insights enhance operational efficiency while risk-based access control strengthens security. However, API enhancements and better integration with Microsoft and IAM solutions are needed. Playbook management can improve, and only iOS support limits mobile access. Pricing may not suit smaller organizations. Splunk SOAR remains a compelling choice for tech buyers despite these areas for improvement.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Splunk SOAR offers excellent integration capabilities, allowing easy connection with various systems and applications.
Risk-based access control is a valuable feature in Splunk SOAR, enhancing security measures.
The platform supports extensive customization, notably through automated playbooks that reduce manual work.
Splunk SOAR efficiently enhances productivity and workflow management through pre-built integrations and capability to customize workflow.
The automation and orchestration module in Splunk SOAR is highly mature, supporting advanced analytics like user entity and behavioral analytics (UEBA).

CONS

Improvements are needed in APIs to connect with various systems and data sources.
The integration with Microsoft products and IAM solutions exhibits gaps.
Simulation tools and features are lacking, essential for creating playbooks.
Playbook creation is complex, and the editor is cumbersome and inefficient.
Pricing is considered expensive, particularly for small-sized customers and specific regions.
 

Splunk SOAR Pros review quotes

reviewer2499567 - PeerSpot reviewer
Jun 12, 2024
The most valuable features are the Splunk SOAR apps and playbooks.
Read full review
reviewer2239809 - PeerSpot reviewer
Jul 20, 2023
The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it.
Read full review
Shubham Sinha. - PeerSpot reviewer
Jun 9, 2023
When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved.
Read full review
Buyer's Guide
Splunk SOAR
July 2025
Free Report: Splunk SOAR Reviews and More
Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
DOWNLOAD NOW
865,295 professionals have used our research since 2012.
reviewer2182467 - PeerSpot reviewer
May 12, 2023
I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work.
Read full review
SB
Jul 20, 2023
The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable.
Read full review
reviewer2499171 - PeerSpot reviewer
Jun 11, 2024
Surprisingly, the mobile app is valuable because it is very convenient for our on-call analysts to respond and get alerted to security alerts and events wherever they are. We are able to harness the power of Splunk SOAR and everything that we are doing, and we are also able to alert our on-call analysts 24/7. From their mobile phone, they can respond to those alerts.
Read full review
Rodrigo Scorsatto - PeerSpot reviewer
Jun 25, 2024
SOAR allows custom code to be written and integrates with various technologies through pre-built apps like Windows Remote Management or custom apps we can build ourselves like a secret retrieval app from our vault.
Read full review
MD MASRURUL HODA - PeerSpot reviewer
Jan 30, 2023
Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task.
Read full review
MK
Jul 4, 2023
The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools.
Read full review
Siddharth Matalia - PeerSpot reviewer
Jan 27, 2023
The customizable playbook is the most valuable aspect of the solution.
Read full review
Show 10 more reviews (out of 45)
 

Splunk SOAR Cons review quotes

reviewer2499567 - PeerSpot reviewer
Jun 12, 2024
Providing Splunk app developers and playbook developers Python Stub files so that way when they create custom code through their IDE, they can have IntelliCode suggestions.
Read full review
reviewer2239809 - PeerSpot reviewer
Jul 20, 2023
SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks.
Read full review
Shubham Sinha. - PeerSpot reviewer
Jun 9, 2023
Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch..
Read full review
Buyer's Guide
Splunk SOAR
July 2025
Free Report: Splunk SOAR Reviews and More
Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
DOWNLOAD NOW
865,295 professionals have used our research since 2012.
reviewer2182467 - PeerSpot reviewer
May 12, 2023
We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them.
Read full review
SB
Jul 20, 2023
have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning.
Read full review
reviewer2499171 - PeerSpot reviewer
Jun 11, 2024
Unfortunately, not all of our analysts are iPhone users or iOS users. The mobile app is only supported on iOS. Our analysts who have Android do not have that benefit. That would be a nice thing to have so that we can have it across the board and not just for iOS.
Read full review
Rodrigo Scorsatto - PeerSpot reviewer
Jun 25, 2024
While there have been improvements to the investigation process, particularly with the playbook data, the current log review method is cumbersome.
Read full review
MD MASRURUL HODA - PeerSpot reviewer
Jan 30, 2023
The technical support for the Splunk SIEM solution was average.
Read full review
MK
Jul 4, 2023
There is a lot of room for improvement with the UI.
Read full review
Siddharth Matalia - PeerSpot reviewer
Jan 27, 2023
What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed.
Read full review
Show 10 more reviews (out of 46)

Product Categories

Product Categories
Security Orchestration Automation and Response (SOAR)

Popular Comparisons

Popular Comparisons
Microsoft Sentinel vs Splunk SOAR Logo
Microsoft Sentinel vs Splunk SOAR
IBM Security QRadar vs Splunk SOAR Logo
IBM Security QRadar vs Splunk SOAR
Elastic Security vs Splunk SOAR Logo
Elastic Security vs Splunk SOAR
AWS Security Hub vs Splunk SOAR Logo
AWS Security Hub vs Splunk SOAR
Palo Alto Networks Cortex XSOAR vs Splunk SOAR Logo
Palo Alto Networks Cortex XSOAR vs Splunk SOAR
Exabeam vs Splunk SOAR Logo
Exabeam vs Splunk SOAR
Tines vs Splunk SOAR Logo
Tines vs Splunk SOAR
ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR
ServiceNow Security Operations vs Splunk SOAR Logo
ServiceNow Security Operations vs Splunk SOAR
Sumo Logic Security vs Splunk SOAR Logo
Sumo Logic Security vs Splunk SOAR
Torq vs Splunk SOAR Logo
Torq vs Splunk SOAR
Fortinet FortiSOAR vs Splunk SOAR Logo
Fortinet FortiSOAR vs Splunk SOAR
Logpoint vs Splunk SOAR Logo
Logpoint vs Splunk SOAR
Swimlane vs Splunk SOAR Logo
Swimlane vs Splunk SOAR
Google Security Operations vs Splunk SOAR Logo
Google Security Operations vs Splunk SOAR
See all alternatives

Product Categories

Product Categories
Security Orchestration Automation and Response (SOAR)

Popular Comparisons

Popular Comparisons
Microsoft Sentinel vs Splunk SOAR Logo
Microsoft Sentinel vs Splunk SOAR
IBM Security QRadar vs Splunk SOAR Logo
IBM Security QRadar vs Splunk SOAR
Elastic Security vs Splunk SOAR Logo
Elastic Security vs Splunk SOAR
AWS Security Hub vs Splunk SOAR Logo
AWS Security Hub vs Splunk SOAR
Palo Alto Networks Cortex XSOAR vs Splunk SOAR Logo
Palo Alto Networks Cortex XSOAR vs Splunk SOAR
Exabeam vs Splunk SOAR Logo
Exabeam vs Splunk SOAR
Tines vs Splunk SOAR Logo
Tines vs Splunk SOAR
ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR
ServiceNow Security Operations vs Splunk SOAR Logo
ServiceNow Security Operations vs Splunk SOAR
Sumo Logic Security vs Splunk SOAR Logo
Sumo Logic Security vs Splunk SOAR
Torq vs Splunk SOAR Logo
Torq vs Splunk SOAR
Fortinet FortiSOAR vs Splunk SOAR Logo
Fortinet FortiSOAR vs Splunk SOAR
Logpoint vs Splunk SOAR Logo
Logpoint vs Splunk SOAR
Swimlane vs Splunk SOAR Logo
Swimlane vs Splunk SOAR
Google Security Operations vs Splunk SOAR Logo
Google Security Operations vs Splunk SOAR
See all alternatives
Related questions
  • 37
Which Do You Recommend, Phantom or Demisto?
  • 81
What are the Top 5 cybersecurity trends in 2022?
  • 993
What is the difference between SIEM and SOAR platforms?
  • 243
What is an incident response playbook and how is it used in SOAR?
  • 62
What are the latest trends in Security Operations Center (SOC)?
  • 48
What tools and solutions do you use for automated incident response in an enterprise in 2022?
  • 82
How to evaluate SIEM detection rules?
  • 41
Why a Security Operations Center (SOC) is important?
  • 26
What types of Security Operations Center (SOC) deployment models do exist?
  • 82
Why is Security Orchestration Automation and Response (SOAR) important for companies?