Splunk SOAR Reviews

Splunk SOAR streamlines the handling of common customer scenarios that arise across diverse situations. Even when specific expertise within our team varies, Splunk SOAR empowers all users with pre-built playbooks, guiding them through the required actions in any circumstance.

Splunk SOAR's UI is user-friendly for managing workflows.

The integration of Splunk SOAR is good.

When we implemented Splunk SOAR we were able to reduce our team of five down to three.

Splunk SOAR's quick response to incidents is the most valuable part.

The cost of Splunk SOAR has room for improvement.

I have been using Splunk SOAR for a couple of years.

Splunk SOAR is stable. We have not heard of any issues from our customers.

Splunk SOAR is scalable.

The cost is high and the licensing is on an annual basis.

I would rate Splunk SOAR an eight out of ten.

We use Splunk SOAR mainly for security.

The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time. The results that are returned provide additional context that we would have to look up manually in different tools. Splunk SOAR provides it in one pane of glass.

Splunk SOAR should improve its ease of upgrade, which is a pain point for us right now. Each upgrade to the version requires expertise and time commitment. Then, we usually have to troubleshoot it with support.

I have been using Splunk SOAR for two years.

Except for the upgrade challenges, Splunk SOAR is stable when it's operational.

Splunk SOAR is a scalable solution.

Splunk SOAR's technical support has been responsive. We have to go through tiers to get to the correct person for support.

Positive

Splunk SOAR's initial setup is complex.

The solution's deployment requires Splunk's outsourced professional services, who take care of the complexity for you. The professional services were good, and they knew what needed to be done for the solution's implementation.

Two people were required for the solution's deployment. These two people were responsible for administration, the use cases we needed to develop, our integration with the platforms, and integration with Splunk Enterprise.

We've had some challenges justifying our return on investment because of the development work and the continual efforts to maintain the solution. We haven't seen the return on investment yet, but I'm hopeful it can get us there.

Splunk SOAR is an expensive solution for an organization of our size. I don't like the solution's licensing model.

Before choosing Splunk SOAR, we evaluated other options. Splunk SOAR easily integrated with our Splunk solution, which was our main key. We are already a Splunk customer, which made the contracting easy.

Our organization monitors multiple cloud environments. Monitoring multiple cloud environments using Splunk SOAR is fairly easy when the integrations work. Some apps within Splunk SOAR require you to configure them and ensure they maintain their connection and that they're updated. We've had several issues with third-party ones and those developed by Splunk.

It is important for your organization that Splunk SOAR has end-to-end visibility into your cloud-native environment. We're security-focused, and we want to be able to look at the logs that are in our native applications.

For the use cases we've implemented, Splunk SOAR has helped reduce our mean time to resolve. However, there's been a lot of time to develop that. Overall, I haven't seen that I've saved time yet, but I expect we will in the future. Splunk SOAR can save the analyst up to 30 minutes for a single malware analysis playbook.

Overall, I rate Splunk SOAR a six out of ten.

Splunk SOAR can be deployed on the cloud, on-premise, and hybrid. If you want to put it to your cellphone or public cloud to use cloud services, such as Amazon AWS or Google Cloud Platform it is possible.

The main usage is for security monitoring, insider threat protection, user and entity behavioral analytics (UEBA), Security orchestration, automation, privileged user and account protection, and security against attacks, such as phishing and advanced malware attacks.

The most valuable feature of Splunk SOAR that stands out is it has a great SOAR. The automation and orchestration module is highly mature. A lot of use cases are on user entity and behavioral analytics (UEBA), which is artificial intelligence and machine learning-based (AIML).

Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much.

I have been using Splunk SOAR for approximately 10 years.

The stability of Splunk SOAR is good.

Splunk SOAR is highly scalable.

I rate the support from Splunk SOAR a three out of five.

The support knowledge of use cases from the telecom industry, and IoT industry are good. They're good at accommodating normal IT use cases, but when it comes to operating our OT devices, or telecom-related use cases, they're not really flexible or good at it. In terms of developing use cases for them, they are not that good. For example, if they are approached by some vendor and they say, "Devise up some use cases for Nokia and Huawei", these are our basic telecom providers, it's really difficult for Splunk SOAR to make use cases for them. They're good at IT, but they're not good at OT and IoT.

Splunk SOAR is easy to deploy. It has a lot of already built-in use cases, and it is very easy to customize. For the deployment of Splunk SOAR, it takes approximately two engineers. For a medium complexity, 3000 DPS-sized deployments, it will take a half month. If there are a lot of custom use cases, you can add another month for those customizations to be completed.

We need approximately four to five engineers for maintenance for a dedicated sizing. If you are going for a shared model, then two to three engineers would be sufficient. Both have 24 hours a day seven days a week operating windows.

I won't say ROI's not there for Splunk SOAR. It's a value-for-money solution, but if they charge less, then it will bring more value. Currently, the ROI is flat, you will hardly have an ROI.

Splunk SOAR follows very flat pricing and most of the time it's very high when compared to the other competitors. They can improve their pricing. The licensing model is a subscription and is consumption-based.

I rate Splunk SOAR an eight out of ten.

Security Operations and Incident response processes automation and alerts enrichment.

I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful.

The Splunk SOAR case management feature lacks some of the functionalities like the possibility to fully customize the fields for the tickets/events and create custom statuses. 

I have used Splunk SOAR within the last 12 months.

Splunk SOAR is a stable solution.

The scalability of Splunk SOAR is good.

We have approximately 100 people using this solution in my organization.

The technical support is good.

Positive

The initial setup of Splunk SOAR is complex. It has multiple integrations, deployable on many different development infrastructure stages of production. It has a full life cycle.

We have approximately two people for the maintenance and support of Splunk SOAR.

The price of Splunk SOAR is reasonable.

My advice to others is they will need some Python developers for Splunk SOAR because it's not possible to only throw some blocks of Python code and it will work. You will need some experienced Python developers if you want to work with this platform.

I rate Splunk SOAR a nine out of ten.

We use Splunk SOAR internally.

We are resellers and an integration company.

Our customers find it easy to conduct searches and consider it an excellent content management system.

The initial setup could be simplified.

In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration.

I have been familiar with Splunk SOAR for six years.

In our experience, Splunk is very good. When it comes to stability, it's the best of the best. 

We have worked with many other products, and we have not encountered any issues or received any negative feedback regarding Splunk's stability.

Splunk SOAR is a scalable product.

Splunk is used by 20 of our customers. They are large enterprises such as banks and government agencies.

My engineer recently stated that there was no need to reach out to Splunk support because the product is very stable and well-documented.

We work with both Splunk Enterprise and Splunk Enterprise Security.

We only have limited expertise with Splunk SOAR.

We work with various other products besides Symantec. Around six or seven years ago, we also worked with Symantec, where we evaluated Symantec Closet, our Configuration Management (CM) solution. However, we eventually chose Splunk as our preferred product and currently use only Splunk, not any other products.

The initial setup is complex.

We don't have much experience with this project as we have only been working with it for a year. I may not be able to provide you with extensive information about it.

In my opinion, the price is high, but if you want good products, you have to be willing to pay for them.

There is a licensing fee required.

I believe that the cost per customer typically ranges from one hundred thousand to one million US Dollars.

I believe that Splunk is essential for us and our customers, and we require qualified engineers to use it effectively. However, if we have a skilled engineer, they will likely not have any further questions or issues with the solution.

I would rate Splunk SOAR a nine out of ten.

This is a DevOps product.

We use the solution to monitor the activity of users and integrate Splunk UEBA, monitoring traffic, packages, external attacks, left movement, and lateral movements. We also use it maybe inside the person's C2 servers, and for exercise and SQL injections. Basically, we use the solution for any type of attack that can happen regarding the meter attack grid.

The solution is very versatile.

It's a multi-functioning solution.

My understanding is the initial setup isn't too hard. 

The version control is excellent. 

Technical support is extremely helpful and responsive. 

The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations. 

I've been using the solution for two years now as a part of the bigger Splunk Enterprise deployment.

The stability is great. It offers easy version control. There are no bugs and glitches. It doesn't crash or freeze. The team is doing great managing releases. 

The scalability is very high. It is easy to expand as needed. 

I use it in a very large organization with well over one million users worldwide. 

We have a premium and dedicated team for tech support as well as a dedicated account manager. Everything is dedicated to the deployment. I can't say I'm not satisfied. Their response is usually very fast - within 30 minutes - and we have good experience with them.

Positive

While I use other products as well, 90% of my day is on Splunk.

While I didn't handle the implementation directly, I understand it's pretty easy.

While the pricing is high, I don't care as long as the enterprise pays for it. For developers, it is free for 6 months and 500 GBs of ingestion per day.

From an enterprise standpoint, I'd rate the pricing ten out of ten as they are doing a great job and we are getting value for what we pay.

I'm an end-user.

I'd advise new users to spend some time at the outset learning the commands. It will make it very easy to deal with.

I'd rate the solution ten out of ten.

We primarily use the solution for supporting or automating the email spam items and some ISMS monitoring items, et cetera. 

I'm not implementing the solution. I'm selling the concept. Therefore, my technical knowledge is limited. 

The solution is stable. 

It is very scalable. 

Technical support is helpful. 

There are only problems if the customer is not ready with emergency plans or standard procedures if something breaks. There is some homework to be done before you can really properly use Splunk SOAR.

Resolution times could be faster in terms of support.

It could be easier to implement. 

We've used the solution for two to three years. 

The stability of the product is pretty good. It's really stable and the customers are satisfied with the solution, however, they must be always aware that it's a living project. It's always run against hackers.

It's pretty scalable. It's outstanding in administration, so you don't have to put too many HR resources on it. That's one of the advantages. The implementation must be proper and thoroughly thought through. However, afterwards it's really working very well and with less administration compared to QRadar or something like that.

We have customers that have users that range from 100 to 10,000 people. 

The support is quite good. Sometimes, of course, you want to have a shorter resolution time, however, it also depends on the service that you buy.

The initial setup requires some work. It may not be easy for everyone to implement. 

The deployment times differ. You can't say, for example, every time you need 100 days or 10 days or something like that. It's specific due to the use case and what you want to implement or automate.

We have around five and up to ten people in the core security team that deal with the product in terms of deployment and maintenance. 

We are able to implement the solution for our clients. 

Usually, you have a yearly license. However, Splunk must be more flexible and they have to be more sensitive about this topic. My understanding is that they're working on a new pricing model.

We install the solution for our customers and use the solution as well. We're an implementor. 

I'd advise new users to start at a small scale, since you have to learn about it. You can't implement it with a big bang. You must really go through it and do your homework. You have to have your backup plans, you have to have a real transparent view of your IT landscape. If you have this and your logs are quite good and the playbooks are implemented properly, then you can really scale up. You just have to do it step by step, as it's a bit of a learning curve that you have to go through.

I'd rate the solution eight out of ten. 

We use the solution to search the logs, check the threat indicators, threat tasks, etc. It helps us check any alerts that we get in the alert report. Based on that, we react to that particular alert.

The tool's most valuable feature is its searchability and ease of action on the logs. I can easily search within the logs and take action on them, and I can trace them back to my environment because the way the logs are written is very helpful for us.

Overall, if any incident or anything happens in terms of security, then Splunk SOAR is the tool we look at first.We have a nice dashboarding and alerting system when we see an alert. It gives us direct access to the specific alert, detailing what happened when it occurred and where it originated. It helps us to identify the affected site faster. 

Splunk SOAR helps us to save a lot of time. We have integrated it with some SIEM tools. 

The tool's response is slower because it has to search through a huge dataset, which can be improved for latency.

I have been using the product for three years. 

The only issue I've noticed is the latency when accessing data for longer periods. Sometimes, fetching data from the API can take a lot of time. However, apart from that, everything else seems stable.

The tool is scalable. We have scaled it to about thousands of assets. 

I haven't had much direct interaction with customer service and technical support. Our central Splunk team manages those aspects for us. I have heard that the response time is good. 

The tool's deployment is done in-house. 

I rate the overall solution an eight to nine out of ten. It's helpful from both an operations and product security perspective.