If you were talking to someone whose organization is considering Splunk Phantom, what would you say?
How would you rate it and why? Any other tips or advice?
I would recommend this solution, but it also depends on the price. Splunk is number one for SIEM or SOAR. Another solution that I would recommend is Palo Alto XSOAR. I would rate Splunk Phantom a nine out of ten.
We have a business relationship with Splunk. We're partners. We're using the solution on our VM and also on our database cloud. I'd recommend the solution to other organizations. Compared to other products, Phantom seems to be easy to use and the ability to customize is high. Compared to the older version, the newer version is very customizable. We can very easily create custom functions. The UI looks good and is also improved. I would rate the solution eight out of ten.
I'm not sure which version of the solution we're currently using. If a company wants to automate redundant work, this solution is perfect for that. Very specific processes can be easily automated to save time. That way, analysts can invest their time elsewhere. Phantom is one of the great tools for reducing redundancies. I'd rate the solution eight out of ten.
It's important to know your customer's requirements so you can choose the correct solution. The budget also needs to be taken into account. Most customer's budgets suit a Splunk solution whereas RSA is much more expensive. I would rate Splunk Phantom a seven out of 10.
My advice to anybody who is considering this solution is to first really understand the requirements that you have, well enough. You need to identify and understand the data sources that you need, prior to purchase, to ensure that there is a need and also that there are no issues with incompatibility or connectivity. You also need to have the right resources to assess, implement, or oversee the implementation. You're going into an environment that requires a little bit of understanding of artificial intelligence because the SOAR platform requires setting up some rules. You also need to have a technical support group in-house to be able to help, otherwise, you would be dependent on Splunk for assistance. Overall, this product is fairly good but it's not quite mature yet. It needs some enhancement and some stabilization in some areas. I would rate this solution an eight out of ten.
Hi, I'm looking for a technical comparison between Splunk Phantom SOAR and FireEye SOAR solutions.
Can anyone help with insights?
Let the community know what you think. Share your opinions now!