Splunk Phantom Overview

Splunk Phantom is the #3 ranked solution in our list of SOAR tools. It is most often compared to Palo Alto Network Cortex XSOAR: Splunk Phantom vs Palo Alto Network Cortex XSOAR

What is Splunk Phantom?

Phantom enables teams to work smarter by executing automated actions across their security infrastructure in seconds, versus hours or more if performed manually. Teams can codify workflows into Phantom’s automated playbooks using the visual editor (no coding required) or the integrated Python development environment. By offloading these repetitive tasks, teams can focus their attention on making the most mission-critical decisions.
Phantom is the connective tissue that lets existing security tools work better together. By connecting and coordinating complex workflows across the SOC’s team and tools, Phantom ensures that each part of the SOC’s layered defense is actively participating in a unified defense strategy. Powerful abstraction allows teams to focus on what they need to accomplish, while the platform translates that into tool-specific actions.
Incident Response
Phantom helps security teams investigate and respond to threats faster. Using Phantom’s automated detection, investigation, and response capabilities, teams can execute response actions at machine speed, reduce malware dwell time and lower their overall mean time to resolve (MTTR). And now with Phantom on Splunk Mobile, analysts can use their mobile device to respond to security incidents while on-the-go. Phantom’s event and case management functionality can further streamline security operations. Case-related data and activity are easily accessible from one central repository. It’s easy to chat with other team members about an event or case, and assign events and tasks to the appropriate team member.

Splunk Phantom is also known as Phantom.

Splunk Phantom Buyer's Guide

Download the Splunk Phantom Buyer's Guide including reviews and more. Updated: December 2020

Splunk Phantom Customers

Recorded Future, Blackstone

Splunk Phantom Video

Splunk Phantom Reviews

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Al Sedghi
Chief Technology Officer at a tech consulting company with 51-200 employees
Real User
Top 5Leaderboard
Feb 17, 2020
Good protocol flexibility and team collaboration for threat detection, but the API integration needs to be expanded

What is our primary use case?

We are a consulting firm and this is a solution that we use for ourselves, as well as implement it for our customers. Our use case is to establish a platform for threat analysis across different data sources that we have in the company. Essentially, it is an orchestration platform and we want to make sure that we can tie into different endpoints or data sources from which traffic originates. We need to then detect and analyze threats.

Pros and Cons

  • "The most valuable feature is the risk-based access control."
  • "We want to see improvements made to the APIs such that we can connect to many different systems and data sources."

What other advice do I have?

My advice to anybody who is considering this solution is to first really understand the requirements that you have, well enough. You need to identify and understand the data sources that you need, prior to purchase, to ensure that there is a need and also that there are no issues with incompatibility or connectivity. You also need to have the right resources to assess, implement, or oversee the implementation. You're going into an environment that requires a little bit of understanding of artificial intelligence because the SOAR platform requires setting up some rules. You also need to have a…
Abhinav Roy
Senior Data Analyst at a financial services firm with 10,001+ employees
Real User
Top 20
Aug 24, 2020
Great automation capabilities, easy to use, and offers good GUI

What is our primary use case?

We're not really creating the use cases. Our internal team is developing the use cases. Right now, we have automated the whole phishing process. After that we are still planning to automate a few more things like malware investigation and then from there other processes.

Pros and Cons

  • "So far, the interface is very easy to use."
  • "It would be ideal if we could automate processes even more."

What other advice do I have?

I'm not sure which version of the solution we're currently using. If a company wants to automate redundant work, this solution is perfect for that. Very specific processes can be easily automated to save time. That way, analysts can invest their time elsewhere. Phantom is one of the great tools for reducing redundancies. I'd rate the solution eight out of ten.
Find out what your peers are saying about Splunk, Palo Alto Networks, IBM and others in Security Orchestration Automation and Response (SOAR). Updated: December 2020.
455,962 professionals have used our research since 2012.
Technical Lead at Paladion Networks
Real User
Top 10
May 13, 2020
Good security orchestration and when we face challenges with it we can find a solution in the documentation

What is our primary use case?

Our primary use case of the solution is for fine tuning. We provide professional services for our customers to enhance their ability to use the functionalities of Splunk. We're integrators of the solution.

Pros and Cons

  • "Very flexible integration with other tools"
  • "And most of the challenges that I have faced with the solution can be found in the documentation itself."

What other advice do I have?

It's important to know your customer's requirements so you can choose the correct solution. The budget also needs to be taken into account. Most customer's budgets suit a Splunk solution whereas RSA is much more expensive. I would rate Splunk Phantom a seven out of 10.