Splunk Phantom Room for Improvement

Al Sedghi
Chief Technology Officer at a tech consulting company with 51-200 employees
Phantom was only recently acquired by Splunk so it is not fully integrated yet. Our area of concern is that Splunk Phantom works with the other Splunk products. At this point, there are certain things that are not fully operational across the rest of the product line. The extension of the product to allow for better integration with other data sources is something that needs attention. We want to see improvements made to the APIs such that we can connect to many different systems and data sources. The search capability could be improved by way of better indexing and also integration with third-party solutions such as Elasticsearch. I would like to see escalation management and integration with communication tools like Slack. I would like to have more capability around analytics. There needs to be a better facility for documenting and storing issues, as well as being able to find those issues. Splunk does a good job of that, so I think that it will be done. View full review »
Abhinav Roy
Senior Data Analyst at a financial services firm with 10,001+ employees
We haven't had too much experience on the solution. The solution is relatively new in the market. It would be ideal if we could automate processes even more. The interface is great, however, they could still keep refining it to make it even more user friendly. View full review »
Find out what your peers are saying about Splunk, Palo Alto Networks, IBM and others in Security Orchestration Automation and Response (SOAR). Updated: October 2020.
441,726 professionals have used our research since 2012.