Splunk SOAR Primary Use Case
SB
Steven Bochniewicz
Security Architect at University of Maryland
We have a couple of different use cases. A lot of it started out in our security space, and we have use cases related to our legal and withhold process. We manage and handle our phishing and spam activity as well as our digital or any copyright act complaints.
We have a multi-cloud implementation, but most of our use cases that are currently implemented tend to not be specific to monitoring our cloud environments.
View full review »GG
reviewer2195199
Senior Technical Specialist at a financial services firm with 10,001+ employees
We use it for risk management. And, we're trying to automate our L1 and L2 agents' functionalities. Through automation, we're trying to reduce the effort that is put in by an agent.
View full review »We wanted to automate the process of creating playbooks, orchestrating events, customizing integrations, and deploying applications such as Thread Connect and Wireless Total for enrichment and threat hunting. We have tailored these applications to meet our specific needs and redeployed them.
View full review »Buyer's Guide
Splunk SOAR
March 2024
Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,578 professionals have used our research since 2012.
PW
reviewer2182467
Director of Security Engineering and Operations at a legal firm with 1,001-5,000 employees
My company has two use cases for Splunk SOAR. We use it to enrich alarms by pulling in outside sources of information. Splunk can also automate actions while ensuring they are structured and reproducible.
View full review »Basically, we are using it for most of our automation, and not as per the SOAR, although it is a SOAR application. We are not using it just for security purposes. We are using it for various purposes like maintenance.
We do have our own data center where we have our maintenance on the infrastructure side, and the application has to be brought down. Here it has done exceptionally well. We shut down all our different applications by writing our code in the shell languages, and we upload through GitHub. It means that we can just call that script, and it gets triggered on the particular server, and it shuts down. It's like a workflow.
The workflow has been created in such a way that it helps us. Earlier, when we used to have to manage it manually, when we shut down the application, it used to take a lot of time. Now it is done within 30 minutes. In our environment, we have SAP applications, and SAP has its own commands to shut down the applications, databases, et cetera. So it is just not limited to all those shutdowns and this. We do have various other stuff as well, like upgrades. So we have written the upgrade codes, and now we can upgrade X number of SAP applications and databases as needed.
View full review »The solution provides information on user accounts. The solution has playbooks that check the user with server ID. It checks the domain name and IP address of the web page.
View full review »We primarily use the solution for security automation. It's used to investigate and remediate threats.
View full review »FH
reviewer2238954
Cybersecurity Analyst at a energy/utilities company with 10,001+ employees
We use the solution to automate some of our legacy processes. We review items like phishing and emails.
AM
reviewer2241480
SOAR PS Consultant at a tech vendor with 11-50 employees
Splunk SOAR is primarily used for automating security use cases for clients who want to reduce human intervention and personnel involvement. It facilitates end-to-end security workflows and helps to decrease the time spent on manual investigations.
Splunk SOAR can be deployed both in the cloud and on-premises. The cloud deployment comes pre-installed, so if we want to connect to any on-premises applications, we may need an additional server.
View full review »MS
reviewer2137659
Assistant Director - Lead IT Security Engineer at a financial services firm with 501-1,000 employees
We have around 95 different use cases for Splunk SOAR that help secure our environment.
View full review »As part of the cybersecurity incident response team, we were responsible for handling phishing emails related to business-as-usual operations. It was a manual process that would include five to six checks to determine the category of the email, its legitimacy, if it was malicious, and if it was an impersonation or a phishing email. We also worked on a use case for our infrastructure's proxy solutions. End users would request that certain websites be unblocked, as they had been blocked by the proxy's default policy or categorically blocked by the proxy. For this, we evaluated publicly available information about the website and the justification provided by the users, to determine whether the website should be whitelisted or made accessible.
Then, we implemented the automation process to simplify such tedious processes. In addition, we had a manual process in place for our threat hunting and threat intelligence platform, where we monitored leaked data on the dark web. This was documented as a use case. Our account management team also conducted weekly checks on the status of accounts. The process also made the team check if they were logged in on their accounts and if the account was disabled, which were manual processes that were later integrated into Splunk SOAR.
View full review »MK
Manish Kumar.
Principal Security Engineer at a tech company with 51-200 employees
We utilize Splunk SOAR to automate our incident response process. I am the sole engineer in my current organization, responsible for working on Splunk to automate the incident response process followed by our team. This involves investigating various incident response procedures established within our security operations center.
The main problem we want to solve is the time it takes to invoice tickets and remediate incidents. Therefore, we aim to reduce that time. If our analysts manually handle and investigate each incident, it will take longer compared to using this solution, which automates most of the processes. Whenever an incident occurs, the playbook and Splunk automatically initiate the necessary actions to gather the required data, enabling the analyst to make informed decisions and address the incident promptly.
View full review »AM
Adrian Mache
Solution Architect at a tech vendor with 10,001+ employees
This is a DevOps product.
We use the solution to monitor the activity of users and integrate Splunk UEBA, monitoring traffic, packages, external attacks, left movement, and lateral movements. We also use it maybe inside the person's C2 servers, and for exercise and SQL injections. Basically, we use the solution for any type of attack that can happen regarding the meter attack grid.
View full review »TC
reviewer2239809
Staff Security Engineer at a engineering company with 10,001+ employees
My primary use case is for SOC automation but it's used for a lot more than that. Some of the use cases are more or less appropriate for it. It's capable of doing a lot of things.
We use the SOAR platform to ingest alerts and escalations that we get. They do the actual enrichment processing and triaging but we don't use it for detection. We potentially could, but it's not what the product is meant for.
View full review »SA
reviewer2239935
Security Engineer at a university with 501-1,000 employees
We are primarily using it to automate tasks for our incident response team. They use it to block suspicious traffic from our network detection system and for alerts from our endpoint security system. Those are the two major use cases we're using it for right now.
View full review »SS
Shubham Sinha.
Sr. Principal Info Sec Analyst at a tech vendor with 5,001-10,000 employees
I'm using it mainly for SOC automation and reporting. It's for incident and threat modeling, incident reporting, and triage.
I come from a cybersecurity background and I used to work on the tickets for the security alerts we received from various sources, including Splunk and other SIEM tools. The major challenge was that we were occupied with a lot of noise and activities like validation of IP reports, DNS checks, and traffic monitoring. These were redundant activities that every analyst had to do. We wanted to stop these kinds of activities.
View full review »Splunk SOAR can be deployed on the cloud, on-premise, and hybrid. If you want to put it to your cellphone or public cloud to use cloud services, such as Amazon AWS or Google Cloud Platform it is possible.
The main usage is for security monitoring, insider threat protection, user and entity behavioral analytics (UEBA), Security orchestration, automation, privileged user and account protection, and security against attacks, such as phishing and advanced malware attacks.
View full review »SA
reviewer2239854
Cyber Security Architect at a financial services firm with 201-500 employees
We use Splunk SOAR mainly for security.
View full review »Splunk SOAR streamlines the handling of common customer scenarios that arise across diverse situations. Even when specific expertise within our team varies, Splunk SOAR empowers all users with pre-built playbooks, guiding them through the required actions in any circumstance.
View full review »Security Operations and Incident response processes automation and alerts enrichment.
View full review »NF
Norman Freitag
Account-Manager at Consist ITU Environmental Software GmbH
We primarily use the solution for supporting or automating the email spam items and some ISMS monitoring items, et cetera.
View full review »SC
Stanislav Chebotarev
General Manager at Adeline
We are doing some automation on the SIM and we are getting some SIMS and we are looking for some automation to improve the security environment. That's how we are currently using Splunk.
View full review »AS
Al Sedghi
Chief Technology Officer at Globalnet Research Corporation
We are a consulting firm and this is a solution that we use for ourselves, as well as implement it for our customers.
Our use case is to establish a platform for threat analysis across different data sources that we have in the company. Essentially, it is an orchestration platform and we want to make sure that we can tie into different endpoints or data sources from which traffic originates. We need to then detect and analyze threats.
View full review »MP
MarcosPereira
Splunk Consultant at Yssy
Splunk SOAR can be deployed on-premise and in the cloud.
View full review »We're not really creating the use cases. Our internal team is developing the use cases. Right now, we have automated the whole phishing process. After that we are still planning to automate a few more things like malware investigation and then from there other processes.
View full review »SA
SubramanyaAM
Technical Lead at Paladion Networks
Our primary use case of the solution is for fine tuning. We provide professional services for our customers to enhance their ability to use the functionalities of Splunk. We're integrators of the solution.
MO
reviewer1561083
Cyber Security Solution Architect at a tech services company with 11-50 employees
My primary use case was for the MITRE ATT&CK parameters. I have some experience with MITRE ATT&CK for SIEM and SOAR solutions.
View full review »Buyer's Guide
Splunk SOAR
March 2024
Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,578 professionals have used our research since 2012.