Splunk SOAR Reviews

One of our use cases is to automate any kind of process after investigation. When going into an investigation, we want to make sure that we have the right tools to use. Instead of having multiple tools, we can bring them all into one platform, such as Splunk SOAR, to provide us with that information.

Splunk SOAR has not benefited us yet because we are currently in the development process, but I believe that in the future, it will help us streamline our process and our RTR to respond and detect. It is going to help us in the future, but it has not brought us any benefit yet because we are currently building it up.

It is very important that Splunk SOAR has end-to-end visibility into our cloud-native environment. If there is no visibility, then there is no ability for us to detect on time and respond in time. It knocks out a lot of that time discrepancy.

Splunk SOAR has not yet helped reduce our mean time to resolve. It will be helping us in the future due to its playbooks and its compatibility with Mission Control and other Splunk integrations.

It has helped us with our business continuity and our ability to respond to different threats that might be out there.

Splunk SOAR has not saved us time in alert triage. We are still in the early stages of getting Splunk SOAR onboarded and developed, but I believe that it will significantly reduce our time to triage. Similarly, Splunk SOAR has not saved us time in threat response, but it will do so in the future.

Splunk's unified platform has helped consolidate networking, security, and IT observability tools. Splunk's unified platform has been great for every organization. Every analyst has been able to use one unified area.

In Splunk SOAR, I find the playbooks valuable. We get to create multiple playbooks, and within each playbook, there is a different type of investigation attached to it, which helps out an analyst or new analysts coming on board. When they get an incident, they do not need to find out where to start. All they have to do is to go to a particular playbook. It will give them end-to-end specifics on what to do and how to process it.

They can improve what they are currently doing. They can provide more playbooks or at least template playbooks that are in their repository. That is one area.

Another area would probably be related to onboarding different playbooks or different tool sets that new engineers have. Eventually, they will get there to ingest more tools and datasets into their SOAR. 

In terms of additional features, it is hard to say. There can be more integration with other data ingestion platforms out there, not just Splunk.

We have been using it for about one month.

We have not played with it too much yet. Once we are able to play with it more and get more details from it, we can respond to that.

It can be very scalable just because of the number of different apps that the community pushes to it. Right now, it is not there yet, but I believe in the near future, it is going to be the best growing platform out there.

Splunk's customer service is great and impeccable. I believe that they have been a very valuable resource to our organization and our team.

I would rate their support an eight out of ten just because I believe that no one really gets a ten. It is an eight just because the answers that they cannot answer for us, they are able to get from the community. The community really helps out, but they are always there to help, and they are always responsive.

We are using Splunk Cloud, the public cloud, but we also have on-prem. We use AWS.

As the initial start of the Splunk SOAR, we are getting started with developing the playbooks and getting the configurations set up with our users and toolsets. It has been pretty easy so far. I have not had any hiccups, but we will see where that takes us as we finish our development.

We did not use any integrator or reseller.

We have just started getting our metrics developed, ingesting into Splunk, and showing that to the executives.

I would rate Splunk SOAR a nine out of ten just because it does hit all points for the use cases as an analyst, engineer, or developer. It allows us to automate and orchestrate all of our detections and respond to them very quickly.

Splunk SOAR is primarily used for automating security use cases for clients who want to reduce human intervention and personnel involvement. It facilitates end-to-end security workflows and helps to decrease the time spent on manual investigations.

Splunk SOAR can be deployed both in the cloud and on-premises. The cloud deployment comes pre-installed, so if we want to connect to any on-premises applications, we may need an additional server.

Building playbooks using Splunk SOAR is an easy process.

Splunk SOAR's playbook viewer is excellent. The viewer underwent an update a couple of years ago, making it much more streamlined and easier to use.

Splunk SOAR offers end-to-end visibility throughout our environment. The solution provides us with information about the actions being executed, the flow of the playbooks, where failures occur, and everything in between. It also collects logs of the actions in the backend.

Splunk SOAR simplifies the visualization and troubleshooting of our cloud-native environment. We only need to set up an additional server to connect to our cloud-based applications. Once that is done, the process becomes very straightforward.

Splunk SOAR has the ability to integrate with other system applications in our environment. Currently, SOAR is integrated with nearly 300 applications through APIs.

Splunk SOAR, as a whole, has helped numerous clients automate processes, reduce investigation time, and free up personnel to focus on other tasks. It is a highly effective tool for security automation.

Using Splunk SOAR in an investigation is extremely easy.

Splunk SOAR has significantly reduced our mean time to detect in a relatively short period.

Splunk SOAR has helped reduce our mean time to resolve.

Splunk SOAR has helped free up our IT staff's time to work on other projects.

Splunk SOAR has saved our organization a good amount of time overall.

With Splunk SOAR, we have been able to consolidate tools in our environment, such as Radius and CrowdStrike.

The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me.

The UI can be more customizable for the clients.

I have been using Splunk SOAR for almost five years.

Splunk SOAR is highly stable. The benefits that Resilience offers to SIEM are crucial at the moment, given the vast amount of data and other factors. It aids us in efficiently handling that data, and, with these additional tools, it helps to manage the data with minimal human intervention. As a result, we can reduce the mean time to resolve, the mean time to detect, and save money as well.

Splunk SOAR's scalability is great. I have never had a client complain about the solution's ability to scale.

The technical support team prioritizes all the tickets based on their criticality. They genuinely provide end-to-end support and contact us via email before scheduling calls. If it's a cloud instance, they simply attempt to push changes over the stack, making them extremely helpful.

Positive

The initial deployment is straightforward. It can be completed by a single person, who handles the installation and setup.

I've heard from clients that they are receiving more value from the fit than they initially expected. They are also pleased with how much Splunk SOAR has been assisting them with various tasks. Additionally, a couple of companies have reduced the number of personnel in their security team due to the implementation of SOAR.

For completely new users, it may take some time to perceive the benefits. However, for those who are already familiar with the solution and hold certifications, they can quickly recognize the advantages.

The licensing cost is reasonable.

I give Splunk SOAR a ten out of ten.

I started looking into security automation at that time. Initially, it was Phantom, which was quite popular five years ago. Splunk bought it and changed it to SOAR, so it became pretty easy to use. It's a relatively new concept, which is why we wanted to see how it works.

Once Splunk SOAR is deployed, it takes a couple of weeks to train the SOC team of our clients to use the playbooks.

Splunk SOAR requires maintenance if we plan to scale up the database, increase the number of users involved, and expand our development efforts. Additionally, the amount of data processed and other factors should be considered. For a premium user who actively uses it daily and is heavily involved in development, the solution may need regular maintenance. However, apart from such cases, I believe it doesn't require significant maintenance.

For those considering using Splunk SOAR, there is ample documentation available on the Splunk website. Additionally, they can download a free trial version, which can be installed on their server for experimentation.

We utilize Splunk SOAR to automate our incident response process. I am the sole engineer in my current organization, responsible for working on Splunk to automate the incident response process followed by our team. This involves investigating various incident response procedures established within our security operations center.

The main problem we want to solve is the time it takes to invoice tickets and remediate incidents. Therefore, we aim to reduce that time. If our analysts manually handle and investigate each incident, it will take longer compared to using this solution, which automates most of the processes. Whenever an incident occurs, the playbook and Splunk automatically initiate the necessary actions to gather the required data, enabling the analyst to make informed decisions and address the incident promptly.

Creating a playbook using the Solutions Playbook Editor, is relatively easy if we possess some knowledge of Python code and the ability to write various types of flow diagrams.

The visibility of the solution's playbook viewer is excellent. There is adequate documentation that assists individuals in learning how to utilize the playbook to construct solutions.

Splunk SOAR's ability to integrate with other systems and applications in our environment is straightforward. It has numerous capabilities to integrate with various security tools, as it supports open APIs. If the solution supports the API, we only need to write the corresponding APIs in the pipeline code and utilize those API tools to construct the integration, enabling us to take action accordingly.

The most significant improvement I have observed is time-saving in the Security Operations Center incidents. We receive approximately a thousand to eleven hundred incidents per day, and if we were to manually investigate these incidents, we would require a team of ten to twelve people. However, by utilizing Splunk SOAR, we are able to handle the investigation of these thousand alerts with just six or seven people.

Splunk SOAR is not difficult to use in an investigation; it depends on the use case. I haven't encountered any issues with the implementation of the case solution, and there don't seem to be any limitations in that regard.

Splunk SOAR assists us in reducing the volume of security events. Whenever an incident occurs, the playbook initiates actions simultaneously with its generation in our security operations center. These incidents are automatically handled by the playbook, while incidents requiring manual intervention are assigned to our analysts. All other incidents are handled automatically through Splunk SOAR playbooks. Splunk SOAR has reduced the security event volume by forty-five percent.

Our mean time to detect has been drastically reduced. Before Splunk SOAR our security operation center, analysts worked on a queue. Whenever an alert was received, it was placed in a queue, and the incidents were investigated one by one. However, with the implementation of Splunk SOAR, we now have instant knowledge and analysts can start investigating more effectively. The required data is already gathered by the playbook itself, aiding analysts in making more accurate decisions in less time. This has resulted in a reduction of our mean time to detection by at least eighty percent. Previously, without Splunk SOAR, we experienced significant mean time to detect because analysts had to focus on one incident at a time, leaving other incidents waiting. Now, there is no need for incidents to wait for an analyst to take over. The playbook automatically gathers the data, allowing the analyst to have all the necessary information as soon as they start, enabling them to make prompt decisions.

Splunk SOAR has helped reduce our mean time to resolve. The resolution of incidents sometimes depends on different teams that need to investigate and send notifications for action. However, the notification of those incidents has been significantly reduced, and we can confidently say that we have achieved a fifty percent reduction in our mean time to resolve.

Fifty percent of our IT staff's time is saved through using Splunk SOAR, and we can utilize that time to work on the other project we have.

Splunk SOAR has saved our organization forty-five percent of our time.

The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools. Additionally, we can write our own Python code, which can be used and embedded in a Splunk SOAR playbook, enabling us to utilize that code directly within the solution itself.

There is a lot of room for improvement with the UI. 

I would like to have more integrations with cloud technologies and functionalities such as AI within Splunk SOAR.

I have been using Splunk SOAR for five years.

Splunk SOAR is stable.

Splunk SOAR is a hundred percent scalable.

The initial setup was straightforward and took approximately three hours. Four individuals from our network team and one individual from the Splunk personal service team were required for the deployment as we needed to configure the server.

We have observed approximately a forty-five percent return on investment with Splunk SOAR.

Splunk SOAR is more expensive compared to other options for SOAR.

We assessed various open-source options prior to choosing Splunk SOAR, such as Securonix SOAR and Shuffle.

I would rate Splunk SOAR a seven out of ten. The solution necessitates expertise in Python coding, which is challenging to find in individuals. Additionally, Splunk SOAR lacks sufficient AI integration.

Before using Splunk SOAR, it took us approximately six hours to block certain IPs on our firewalls. However, after implementing Splunk SOAR, we were able to accomplish the same task within just five minutes.

We deployed Splunk SOAR on a single server.

We have around nine people that use Splunk SOAR in our organization.

Maintenance is sometimes required based on the incident volume we receive. If we experience a higher volume, we need to maintain the RAM and other components in our server. Therefore, it is important for us to exercise caution in this regard.

I highly recommend Splunk SOAR for individuals seeking to automate the incident response process in their security operation centers.

My company has two use cases for Splunk SOAR. We use it to enrich alarms by pulling in outside sources of information. Splunk can also automate actions while ensuring they are structured and reproducible.

With SOAR, you build a workflow, so you think ahead about all the steps that can be automated for a specific type of investigation. You need to do a decent amount of work in advance so that it does exactly what you tell it to. We need to gather a lot of essential details for our incidents. For example, if we're investigating a suspicious email, we need to gather a lot of information about who the user is.

We can enrich alerts by pulling in more information about each user. We can see their locations, roles, etc. Having that knowledge may influence our decisions or analysis. We can also submit files to be reviewed and get the results. It's akin to a doctor ordering diagnostic testing. The doctor can use the results to make decisions. 

Splunk has benefited us from that perspective, but it takes some effort upfront to think about the flow and build it out. It reduces some of our manual research by offering additional context for events. I can pull the files, automatically submit them to a sandbox, have it run, and get the results from the sandbox. I don't have to notify one of my engineers and tell them to get this file I submitted to the sandbox. 

It also improves ticketing because we can notify users when suspicious emails are quarantined and ensure a ticket is associated with it. We constantly track the work. We can close the ticket when the issue is resolved and release the email if it's legitimate. Splunk helps us document the entire process.

Splunk reduced our detection time a little by helping us quickly differentiate between an actual event and a false alarm. I don't view SOAR as a detection mechanism in itself. The events still occur. It helps enrich alerts so we can distinguish between actual events and noise. 

For every event, it saves the responding staffer about 15 to 20 minutes because they need to do less data entry. They need to do the research and follow our procedure for a ticket. It takes time to assign a ticket and make entries. Finally, they need to perform an assessment and close the ticket.  

Splunk SOAR frees up our staff to work on other things to a degree. There is always more than enough work, and somehow the volume still feels like it's always crazy. Still, it allows people to do some other tasks. It will enable my engineers to focus on more thought-provoking problems instead of menial tasks. I want them to spend time learning the underlying mechanism in case SOAR goes down. 

If Splunk is unavailable for whatever reason, I always want to have someone who understands the mechanics of what it does. At the same time, it improves retention if you can eliminate some mind-numbing work and allow them to focus on challenging items. Your employees will be happier in general. They can do some more unusual, engaging work that enables them to learn and grow. 

We couldn't consolidate any tools by using Splunk SOAR because everything was manual before we implemented it. We didn't have an automation tool. 

I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work.

Sometimes we flag events based on conditions in the app or service that is sending us the feed, and we focused on a couple. We get some normal events, but we also see some security issues occasionally in the same feed. I don't know if they injected this or if this was the first time we saw it. There was another type that was security-related, but we didn't know about it before. 

We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them.

It was a unique time. That goes back to an inability to detect these kinds of events. API documentation is typically a weak spot. Many vendors focus on the product first and save the API information for the very last. 

Splunk's integration isn't bad. However, it comes down to which APIs are available. For example, I would like to automate file extraction, and a particular vendor seems to have an API that should do that, but I can't. You're at the mercy of the vendors. While APIs probably leverage more than ever, it's still like pulling teeth to get some vendors to support it correctly. Nevertheless, it's highly beneficial when it works.

Depending on the playbook, it can sometimes get a little crazy and overwhelming, but I think it's generally okay.

I have used Splunk SOAR for about a year. 

Splunk is relatively stable. We had an issue early on. It was a bug. Splunk sorted it out. Our uptime has been consistent. 

We haven't had any issues with scalability. 

It took a little time before we realized Splunk SOAR's value. I have one engineer who dedicated himself to building many of our playbooks and a lot of the automation that we have. Another engineer is only starting out. 

You need to have the right mindset so that you don't get scope creep. It's critical to manage what you want to do because you're dealing with a blank slate. There are costs like computation time, but it's relatively straightforward. You need to be thoughtful and take your time to do everything in small chunks. It took us a while to get going with SOAR because we have to integrate our devices. It isn't a turnkey solution. 

I don't remember Splunk SOAR's price off the top of my head. Still, I believe it was a solid value because of the time saved, consistent results that are reproducible, integration with multiple systems, etc. The benefits justify the cost. 

We didn't seriously consider other options. We looked at what was happening in our environment, and our SIEM is a hub for our security operations. Palo Alto is another vendor we use, so we briefly looked at their SOAR solution. However, it wasn't in the right position to work with the Splunk piece. Splunk gathers all the log material. We can act on that and interface with all of our key security devices because they have rich associations with multiple security vendors. It made more sense for us to focus on that.

I rate Splunk SOAR a nine out of ten. If you're thinking about implementing the solution, you should consider which events will save you the most time. Think about the procedures you're following today and where you can benefit the most from automation. 

The second piece is thinking about the other solutions involved and the capabilities they offer. Do you have the API access to automate what you want? Your success depends on those vendors and sorting that stuff out. You must also approach your SOAR playbooks and workflows in a modular way. Don't try to handle everything upfront. 

It's best to automate piece by piece. You don't need to tackle an entire ecosystem right off the bat. Take what you can and constantly improve it as you grow more comfortable. Splunk SOAR's strength comes from its interactions with other systems. Ensure that you're fully leveraging that.

I am the CTO of a startup. We evaluated this product.

Our major requirement was to open APIs to our product. I felt that the open-source product that I evaluated was better in terms of open APIs to integrate into the existing product because Splunk SOAR is an enterprise product and not an open-source one. However, after evaluating the go-to-market time and how soon we can implement things, the customer preferred Splunk SOAR because it could be easily integrated. Over time, they may choose to have the capabilities inside the in-house product instead of using Splunk SOAR, but at this point, they are using Splunk SOAR.

We have our own product. We were developing our in-house engine based on user analytics and behaviors, but because of funding issues, we stopped working on that. During that time, I started looking at Splunk SOAR to compare its features, and that is how I was able to recommend it to the customer. I told them that instead of creating these capabilities in the in-house product, they could start using Splunk SOAR. In the future, we will be able to import the workflow from Splunk SOAR into the product. We would need a standardized backend to be able to import the workflows. At this point, it is not available, but in the future, just like JSON or XML, it should happen. There should be portability. I am not sure if it is in their roadmap. It is their loss in one aspect, but it is a gain in another aspect because they can claim that workflows are portable across platforms.

A major use case for my customer was dealing with DDoS attacks. The customer is in the BFSI industry. The major issue for them was people trying to get access to customer accounts by logging in or generating OTPs from different locations. They wanted to limit access to OTPs and logins from particular geographies because 95% of their customer base is from an Asia-Pacific country. They were able to do that and solve that issue. They were also able to reduce the cost of customer care because when a customer gets a message about an OTP for a withdrawal, they tend to call customer care. Instead of generating an OTP, they created a workflow to avoid generating an OTP when it is requested from other geographies. They developed a workflow to make a call to the customer and confirm if they have requested the OTP for money withdrawal. In our geography, rules are becoming stricter and stricter, and banks are held responsible for such cases. The customer was able to meet the requirements of the government. They were also able to save money and reduce operational costs. They could save 75% of operational costs.

I have used the solution's playbooks and the visual playbook editor to help automate tasks. I am a technical person, so it is easy for me to use the playbooks and visual playbook editor. I also write playbooks at the code level.

Spunk SOAR has saved us time in alert triage.

Spunk SOAR has saved time in threat response. They were able to stop 75% of the cases of sending OTPs to the wrong people.

Spunk SOAR's automation helped reduce tedious manual tasks. Based on the input that I got for the first two quarters, there was somewhere about a 75% reduction.

Workflow management is most valuable. It is easily customizable. 

Portability is one thing that is currently lacking. The open-source product that I evaluated had portability. It would require a lot of development effort, but it will save the cost of rewriting all the playbooks.

Its stability is pretty good. UI is more responsive than other tools for writing playbooks and other things.

When I evaluated, there were just one or two users. They have been using it only for two quarters. I will know its scalability better after a year or so.

It is SaaS-based. Being a BFSI business, most of their core applications are on-premises, but the applications that we have evaluated stay on AWS.

It is much quicker to onboard compared to the open-source tools I have used. We were able to onboard initial applications in a day. It is very fast.

I helped the customer to onboard it. There was also help available from the Splunk team. 

I evaluated Splunk SOAR and a few other SOAR solutions. I evaluated an open-source solution and the IBM solution. I preferred Splunk SOAR because of its log processing and the way it allows you to customize workflows. I felt it was better than any other competitor in the market because it is a next-generation SOAR tool.

I would rate Splunk SOAR a nine out of ten because there is no portability.

We primarily use the solution for security automation. It's used to investigate and remediate threats.

Normally, we would have to manually investigate events. However, with Splunk, everything is automatically investigated. 

The playbooks are great. They are very useful. We can define rules, including what the remediation should be. Everything gets clearly defined. You can set up different types of automation. It helps increase efficiency and productivity.

The solution provides us with end-to-end visibility.

It's easy to visualize and troubleshoot our cloud-native environment using Splunk. There's simple product management and quick detection and response that helps minimize risks. I can handle continuous monitoring from an operation control center. 

We can integrate with other systems. It's helped minimize incident tickets and my overall response time has been lowered. We began to realize benefits within three to four months of deployment. 

Splunk is very easy to use during an investigation. It's very straightforward. 

We've been able to reduce our security event volume by 50%. We've also been able to reduce our mean time to detect by about 25%. It's helped us save time and consolidate tools in our environment so that we can minimize staff appropriately. The automation makes all of this possible.

The number of playbooks on offer should be increased. 

I have been using the solution for two years.

The solution has consistently been stable. 

We have about 300 people using the solution. It's scalable. We may increase usage in the future. We want to get the enterprise license. 

Technical support has been good. 

Positive

We did not previously use a different solution. 

It was easy to implement the solution. It took our team about four months to be trained on how to use the playbooks. 

We had two people managing the deployment process. One handled configuration, and the other handled integration. 

No maintenance is required for the product once implemented. 

We handled the implementation in-house. 

I'm not aware of the exact pricing. 

We did not evaluate other options. 

It's a valuable solution. It enables SIEM capabilities. We're able to orchestrate when events are happening, and this minimizes event tickets. We are able to handle security challenges while gaining good visibility.

I'd rate the solution nine out of ten. 

We have around 95 different use cases for Splunk SOAR that help secure our environment. 

The solution has helped us automate and customize some of our servers.

I give an eight out of ten for the ease of creating a playbook. The visibility of the solutions playbook viewer is user-friendly.

We have integrated 15 plus services with Splunk SOAR. Splunk SOAR is easy to use for investigations as long as they have experience with the solution.

Splunk has helped us reduce our security event volume. The solution has also helped us reduce our mean detection time by 80 percent and has helped our security IT staff save time to work on other projects.

Splunk SOAR has as well helped us consolidate tools in our environment. 

Scalability is the best feature of the solution.

The algorithm and machine learning have room for improvement and can be more user-friendly.

The integration with the phone system, price, UI, and performance have room for improvement.

I have been using the solution for one year.

I give the stability a seven out of ten.

I give the scalability an eight out of ten.

I previously used Swimlane which has a better GI than Splunk SOAR.

I give the initial setup an eight out of ten. There is a lot of documentation available online to help with deployment and as long as we know how to configure it, it is straightforward. For basic deployment, we do not require much time.

The implementation was completed in-house.

I give the price a six out of ten. Splunk SOAR is priced higher than most other solutions.

I give the solution a seven out of ten.

I recommend Splunk SOAR for larger organizations.

Basically, we are using it for most of our automation, and not as per the SOAR, although it is a SOAR application. We are not using it just for security purposes. We are using it for various purposes like maintenance. 

We do have our own data center where we have our maintenance on the infrastructure side, and the application has to be brought down. Here it has done exceptionally well. We shut down all our different applications by writing our code in the shell languages, and we upload through GitHub. It means that we can just call that script, and it gets triggered on the particular server, and it shuts down. It's like a workflow.

The workflow has been created in such a way that it helps us. Earlier, when we used to have to manage it manually, when we shut down the application, it used to take a lot of time. Now it is done within 30 minutes. In our environment, we have SAP applications, and SAP has its own commands to shut down the applications, databases, et cetera. So it is just not limited to all those shutdowns and this. We do have various other stuff as well, like upgrades. So we have written the upgrade codes, and now we can upgrade X number of SAP applications and databases as needed.

It has helped us with the SAP kernel upgrade. Recently, due to security fixes, and security bugs, we had to upgrade the various SAP applications. To do it manually, it would have taken around five to six months to complete. However, with this product, we were able to complete it within two months since we just wrote a script, and it got triggered in various systems, and it fixed everything. We were saved from the security perspective as well since it ensured we had less vulnerability for less time. Also, thanks to SOAR, only two people were needed to run all those scripts, and just have to monitor everything. That's less personnel. 

The customizable playbook is the most valuable aspect of the solution. 

With the Splunk vendor itself, the vendor is supporting us in the creation of those playbooks. We have created playbooks in such a way that they are a universal playbook, where we just have to bring in any type of command which needs to be triggered, and it works. If we did things another way, we would have to install our agents to connect the particular application. Here, we don't have to have to do that. It can work in the playbook itself. We just have to give our credentials. The credentials also are in an encrypted format, so we are much more secure.

The solution is stable. 

Technical support is helpful. 

What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed. We have to trigger the entire plan from step one. That is a bit annoying. If something is wrong, we can't just resume stuff. We'd like it to be possible to pause things without having to start from square one. 

Reporting could be better. We are getting reports, yet not in the way we want. Whatever fails, for example, we want all those errors, the logs, in an attachment, which can be sent easily over an email just by the click of a button. Right now, we cannot send over an email. We have to pull everything, and we have to download it.

We've been using the solution for the past two years.

The stability is great. I'd rate it eight out of ten. It's not breaking very often, and the playbook makes things easy for us. 

I'd give the level of scalability seven out of ten. There is still room for improvement. We'd like to have more use cases and automation.

Technical support has been good. I work on technical parts of the product and bring in use cases, et cetera. If there are any problems, my colleagues check with the vendor and so far, we have had good support from them. We haven't had many issues. 

We were using IBM BigFix before this, and we used it for various purposes like patching on the Windows server. The same solution was also used for the automation of shutting down the system, upgrades, and many other things. Ultimately, we decommissioned it, and we moved ahead with the Splunk SOAR.

The vendor was the one who deployed the solution. Later on, they just installed it on our site. We gave everything to the vendor, and the vendor supports everything since it is on the cloud. 

We have witnessed an ROI, and it is good. We've gotten good feedback from senior management. 

I don't handle the pricing aspect of the product.

We are both partners and customers of Splunk. 

If you are a company looking into SOAR and if you are a customer of Splunk, then you should definitely use it. And if your product is most probably looking for security or for some alerting purposes, it will help you to automate your many, many use cases. You can build many, many things with Splunk and on the SOAR side and you can automate your end-to-end process. Also, companies should know that a minimal language knowledge of Python is required.

I'd rate the solution eight out of ten overall. Even for people who are not too technical, it's a good product.