Skip to main content
TrustRadius
Splunk SOAR

Splunk SOAR
Formerly Phantom

Overview

What is Splunk SOAR?

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.

Read more

Learn from top reviewers

Awesome tool for Security Monitoring.

Rating: 9 out of 10
October 29, 2023
IncentivizedVetted ReviewVerified User
Splunk SOAR has helped us to monitor and manage the security alerts and notifications for our various applications. After setting up Splunk SOAR, investigation and resolution ...
Continue reading
Verified user
Engineer
Splunk SOAR1 year of experience

Splunk SOAR Robust and efficient.

Rating: 8 out of 10
September 12, 2023
IncentivizedVetted ReviewVerified User
We're using it for Automation to address different clients to help them reduce their working time on certain things, which helps them increase their efficiency and thereby hel...
Continue reading
Gaurav S
Consultant - Customer Service
Senior Security Specialist
Ernst and young
Splunk SOAR2 years of experience

Splunk SOAR Review

Rating: 9 out of 10
September 11, 2023
IncentivizedVetted ReviewVerified User
We are uing SOAR playbooks to automate the alerting mechanism for the Operations
Continue reading
Verified user
Employee
Splunk SOAR1 year of experience

A product that although has some qwirks, is one of the more flexible SOAR platforms to work with

Rating: 6 out of 10
September 4, 2023
IncentivizedVetted ReviewVerified User
As part of a security orchestration team, we build automations to help not only in our incident response capabilities, but we also utilize it for data movement and reporting p...
Continue reading
Verified user
Professional
Splunk SOAR1 year of experience

Exceptional threat reporting and efficient and robust algorithm based bug handling

Rating: 8 out of 10
May 31, 2023
IncentivizedVetted ReviewVerified User
We were largely depending on Splunk SOAR for active threat detection and alert monitoring .It has a good algorithm based signature handling which efficiently manages threats. ...
Continue reading
Ramu S R
Administrator - Information Technology
Junior Network Administrator
AMRITA VISHWA VIDYAPEETHAM
Splunk SOAR2 years of experience
Log in with LinkedIn to see content from your network
Return to navigation

Pricing

View all pricing
Splunk SOAR

Splunk SOAR

N/A
Unavailable

What is Splunk SOAR?

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.splunk.com/en_us/products/p…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

75 people also want pricing

Alternatives Pricing

KnowBe4 PhishER/PhishER Plus

KnowBe4 PhishER/PhishER Plus

$0.75
per month (billed annually) per seat
What is KnowBe4 PhishER/PhishER Plus?

PhishER is presented as a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage the high volume of potentially malicious email messages reported by users. And, with automatic prioritization of emails, PhishER helps InfoSec and Security…

Trellix Helix

Trellix Helix

Free
What is Trellix Helix?

Trellix Helix (formerly FireEye Helix) is a SIEM solution providing a non-malware threat detection solution.

Return to navigation

Product Details

What is Splunk SOAR?

Splunk SOAR provides security orchestration, automation and response capabilities that allow security analysts to work smarter by automating repetitive tasks; respond to security incidents faster with automated detection, investigation, and response; increase productivity, efficiency and accuracy; and strengthen defenses by connecting and coordinating complex workflows across their team and tools. Splunk SOAR also supports a broad range of security operations center (SOC) functions including event and case management, integrated threat intelligence, collaboration tools and reporting.

Splunk SOAR Competitors

Splunk SOAR Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.

Palo Alto Networks Cortex XSOAR and Google Security Operations are common alternatives for Splunk SOAR.

Reviewers rate Performance highest, with a score of 8.3.

The most common users of Splunk SOAR are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews From Top Reviewers

View all reviews
(1-1 of 1)

This is a review from a consultant not from a final user

Rating: 10 out of 10
Incentivized
November 26, 2022
Use Cases and Deployment Scope
I'm a consultant in Splunk and SOAR implementing for our customers and I'm not a final user. The scope of my Use cases is intervened after an alert from SIEM. I tried to use Phantom, but it was difficult so I did the training about Phantom and now it's more clear.
Pros
  • Ingestion and analysis of data for security issues
  • possibility to perform automaticincident response actions
  • itpermits to SOC analysts to investigate and intervene on systems
Cons
  • The interface isn't immediate in comprehension, I had to follow a training to understand how it works
  • it's expensive: not all the customers can buy it!
  • It needs PostgreSQL as DB, I'd like to have all inside Splunk also data.
Likelihood to Recommend
As I said, it's complicated to initially understand, but when a user understands its features and starts to use it, it's a fantastic platform for security incident response. I configured it for a customer that migrated its SOC from RSA to Splunk Enterprise Security. Now we're trying to propose it to another of our customer's SOC.
Return on Investment
  • Satisfy customers
  • Have an integrated solution for our proposal
  • Avoid the presence (as much as possible) of external products in security management
Performance
9
As I already said, when opportunity trained, it's very easy to use the Phantom interface in Playbook creation. In addition, it's useful to securely access every kind of system and automate all the automatable activities. At the same time, permits a straight control on both manual and automated operations. The number of events and systems to manage isn't so relevant: it's relevant only the number of automatable activities and/or the number of operators.
Alternatives Considered
We are a Splunk Partner and I know Splunk Phantom, for this reason we usually propose it, but I don't deeply know other competitor products.
Other Software Used
Users and Roles
1
I'm the only one involved in Phantom Consultancies activities
Support Headcount Required
1
I'm a Splunk Architect, an expert in Enterprise Security and a CISA
Business Processes Supported
  • Support SIEM in data analysis
  • intervenes on systems after a security incident
  • Automate as many as possibile activities
Innovative Uses
  • Complete Splunk ES offering
Future Planned Uses
  • Complete Splunk ES offerings
Likelihood to Renew
9
It's a fantastic product, even if a little expensive.
Products Replaced
No
Key Differentiators
  • Product Features
  • Product Reputation
We're a Splunk Partners and we have a large knowledge about it in our organization, so we preferred to use a fully integrated SOAR product in out projects, the only limitation we encountered in the integrated offer is the high cost of it.
Evaluation Lessons Learned
I don't change it!
Im satisfied by this product, We'd propose much more it with a lower price.
Implementation Details / Implementation Partner
  • Implemented in-house
Implementation Phases
Yes
Analysis and requirements definition
Design,
Installation,
Configuration
Tuning
Change Management Lessons
Change management was a minor issue with the implementation
It need a well done role definition to maintain a complete control on all the activities (manual and automated).
Implementation Issues
  • No relevant issues
Implementation Rating
9
I already said that the main key insight is the knowledge of Phantom, so a detailed training for all the people involeved.
Training Types Used
  • Online training
In-Person Training
0
I never followed an in-person training, I gave my evaluation based on the online training
Online Training
9
I followed training for Phantom admins and it opened a world for me
Product Configurability
9
Having a training it's well configurable
Configuration Lessons
Always have a development environment to use for testing.
UI Customization
No - we have not done any customization to the interface
Extensibility and Customization
No - we have not done any custom code
Additional Customization Considerations
No additional configurations or customizations
Support Rating
9
Splunk Support is always great! In addition the Community is very efficient and active.
Premium Support
No never, it's expensive!
Bug Resolution
No
Exceptional Examples of Splunk SOAR Support
No they didn't
Usability
9
Not immediate: it always requires a training.
Easy Tasks
  • Playbooks at first
  • External Systems access
  • Atomated activies configuration
Difficult Tasks
  • All without training, non with training
  • Maybe installation
Scalability
9
me and the customers I encountered found it flexible and scalable
Return to navigation