Splunk Phantom Valuable Features

Al Sedghi
Chief Technology Officer at a tech consulting company with 51-200 employees
The most valuable feature is the risk-based access control. The team collaboration when it comes to detecting a threat is helpful. I like the fact that we can leverage the API to be able to establish a connection and share information across different repositories. The flexibility that it has when using different protocols, like TLP, for communicating, is fairly good. This solution supports the automated handling of phishing attempts through the collection of potentially malicious emails from end-users. It analyzes them, identifies threats, and assesses risk. View full review »
Abhinav Roy
Senior Data Analyst at a financial services firm with 10,001+ employees
We're in the POC phase. We need more time to get used to the solution and to understand it better to discover the most useful features. So far, the interface is very easy to use. The GUI is great. The features in the Phantom playbook are all very good. You can build different playbook and you can play with the playbook. One playbook can give you insights into URL applications, one playbook you can give the reputation about the file access. You can build different playbooks and after integrating all the playbooks you can come up with some organizational directions and decisions. It will give you very good insights into various incidents. The solution is great for automating redundant work. It's difficult sometime to manage the amount of reported suspicious emails. Using an intervention like this solution helps make that task easier. View full review »
Technical Lead at Paladion Networks
The most valuable feature of Splunk is a very flexible integration with other tools. Compared to other products in the market, Splunk is very user friendly, and not very complicated. It integrates with most of the endpoints and that's a very positive side of the solution. There's no need to remember a lot of things and documentation is great. I really appreciate that aspect. Since it is cloud-based there is a lot of flexibility. And most of the challenges that I have faced with the solution can be found in the documentation itself. At this point, I'm very happy with the solution. There's nothing there that disturbs me. Security orchestration is a new emerging issue in the market. If I have to compare with other security orchestration tools, Splunk is a good solution. Many vendors have opted for Splunk because of easy usability and connectivity to radius devices. View full review »
Find out what your peers are saying about Splunk, Palo Alto Networks, IBM and others in Security Orchestration Automation and Response (SOAR). Updated: October 2020.
442,141 professionals have used our research since 2012.