Splunk Phantom Reviews

Filter by:Reset all filters
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Al Sedghi
Real User
Chief Technology Officer at a tech consulting company with 51-200 employees
Feb 17 2020

What is most valuable?

The most valuable feature is the risk-based access control. The team collaboration when it comes to detecting a threat is helpful. I like the fact that we can leverage the API to be able to establish a connection and share information across different repositories. The flexibility that it has when… more»

What needs improvement?

Phantom was only recently acquired by Splunk so it is not fully integrated yet. Our area of concern is that Splunk Phantom works with the other Splunk products. At this point, there are certain things that are not fully operational across the rest of the product line. The extension of the product to… more»

What's my experience with pricing, setup cost, and licensing?

It is a subscription-based licensing model that varies depending on how much data is processed by Spunk. There are built-in volume discounts. There are some additional costs if you want to get some front-end support or installation or setup, which is part of professional services. There are also… more»

What other advice do I have?

My advice to anybody who is considering this solution is to first really understand the requirements that you have, well enough. You need to identify and understand the data sources that you need, prior to purchase, to ensure that there is a need and also that there are no issues with… more»


User Assessments By Topic About Splunk Phantom

Splunk Phantom Questions

What is Splunk Phantom?

Phantom enables teams to work smarter by
executing automated actions across their security
infrastructure in seconds, versus hours or more if
performed manually. Teams can codify workflows
into Phantom’s automated playbooks using the visual
editor (no coding required) or the integrated Python
development environment. By offloading these
repetitive tasks, teams can focus their attention on
making the most mission-critical decisions.
Phantom is the connective tissue that lets existing
security tools work better together. By connecting and
coordinating complex workflows across the SOC’s team
and tools, Phantom ensures that each part of the SOC’s
layered defense is actively participating in a unified
defense strategy. Powerful abstraction allows teams
to focus on what they need to accomplish, while the
platform translates that into tool-specific actions.
Incident Response
Phantom helps security teams investigate and respond
to threats faster. Using Phantom’s automated detection,
investigation, and response capabilities, teams can
execute response actions at machine speed, reduce
malware dwell time and lower their overall mean time
to resolve (MTTR). And now with Phantom on Splunk
Mobile, analysts can use their mobile device to respond
to security incidents while on-the-go. Phantom’s
event and case management functionality can further
streamline security operations. Case-related data and
activity are easily accessible from one central repository.
It’s easy to chat with other team members about an
event or case, and assign events and tasks to the
appropriate team member.