Splunk SOAR

What differentiates Splunk SOAR from other similar products?

One of the most practical applications has been automating our incident response workflows. For instance, when an unusual login attempt occurred outside of business hours, Splunk SOAR flagged the activity, triggered an automated playbook, and blocked the IP before any damage could occur. It also sent our team a detailed report so we could review it the next morning. Talk about peace of mind.

What is your favorite aspect of this product?

I’m particularly impressed by how easy it is to customize playbooks. Instead of manually responding to repetitive tasks, we’ve set up automated responses for phishing emails, endpoint anomalies, and even compliance checks. It’s like giving the team superpowers—they can now focus on more strategic initiatives rather than firefighting.

What do you dislike most about this product?

Absolutely nothing.

What recommendations would you give to someone considering this product?

By cutting down on response times and automating repetitive tasks, we’ve significantly improved our cybersecurity posture without needing to expand our IT team. It’s also helped us reduce human error, which is especially valuable when dealing with sensitive production data.

What differentiates Splunk SOAR from other similar products?

As an IT professional responsible for managing SQL databases and securing our infrastructure, I’ve seen how this tool transforms our response strategy. It doesn’t just alert you about issues—it takes action, pulling the strings behind the scenes to neutralize threats before they escalate.

What is your favorite aspect of this product?

Splunk SOAR connects with virtually everything we use—firewalls, endpoint detection tools, and even our SQL servers. It doesn’t just monitor but actively leverages these systems to act. For example, we’ve configured it to monitor for SQL injection attempts; when one is flagged, Splunk SOAR locks down the compromised database account and logs detailed analytics for review.

What do you dislike most about this product?

There’s a learning curve to crafting effective playbooks.

What recommendations would you give to someone considering this product?

I’d recommend Splunk SOAR to peers in IT and security roles—it’s a force multiplier that turns a reactive strategy into a proactive one, making your team smarter, faster, and more effective.

What differentiates Splunk SOAR from other similar products?

One of the big advantages Splunk SOAR has over competitors is its ability to create and execute complex automation routines. This means they are very well integrated with 3rd party security tools, which form a unified security operations center. Visual Designer allows you to create and edit automation workflows without the substantial art of coding.

What is your favorite aspect of this product?

Intelligent event correlation and automated response actions are among the things the software excels at: reducing alert fatigue. But what's more impressive is it can do it with the ability to handle many of these incidents at once and maintain detailed audit trails.

What do you dislike most about this product?

The productiveness of the development environment could be improved to be less susceptible to running into problems in the actual production environment. Some of the integrations you need to do have to be tightly customized before they work well, and you may also have to manually fine-tune the event correlation logic to minimize false positives.

What recommendations would you give to someone considering this product?

After starting to use Splunk SOAR, we have seen massive improvements in our security response times. Time period dashboards of customizable security operations allow real tracking of and management of incidents.