2020-02-12T17:16:43Z

What is your primary use case for Splunk Phantom?

Miriam Tover - PeerSpot reviewer
  • 0
  • 281
PeerSpot user
20

20 Answers

Volodymyr-Savov - PeerSpot reviewer
Real User
Top 10
2024-02-02T09:23:00Z
Feb 2, 2024

Splunk SOAR streamlines the handling of common customer scenarios that arise across diverse situations. Even when specific expertise within our team varies, Splunk SOAR empowers all users with pre-built playbooks, guiding them through the required actions in any circumstance.

Search for a product comparison
Nagendra Nekkala. - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-12-01T10:42:00Z
Dec 1, 2023

We primarily use the solution for security automation. It's used to investigate and remediate threats.

AM
Consultant
Top 20
2023-07-21T15:28:00Z
Jul 21, 2023

Splunk SOAR is primarily used for automating security use cases for clients who want to reduce human intervention and personnel involvement. It facilitates end-to-end security workflows and helps to decrease the time spent on manual investigations. Splunk SOAR can be deployed both in the cloud and on-premises. The cloud deployment comes pre-installed, so if we want to connect to any on-premises applications, we may need an additional server.

SA
Real User
Top 20
2023-07-20T01:11:00Z
Jul 20, 2023

We use Splunk SOAR mainly for security.

TC
Real User
Top 20
2023-07-20T00:30:00Z
Jul 20, 2023

My primary use case is for SOC automation but it's used for a lot more than that. Some of the use cases are more or less appropriate for it. It's capable of doing a lot of things. We use the SOAR platform to ingest alerts and escalations that we get. They do the actual enrichment processing and triaging but we don't use it for detection. We potentially could, but it's not what the product is meant for.

FH
Real User
Top 20
2023-07-19T01:32:00Z
Jul 19, 2023

We use the solution to automate some of our legacy processes. We review items like phishing and emails.

Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
SS
Real User
Top 10
2023-06-09T20:06:00Z
Jun 9, 2023

I'm using it mainly for SOC automation and reporting. It's for incident and threat modeling, incident reporting, and triage. I come from a cybersecurity background and I used to work on the tickets for the security alerts we received from various sources, including Splunk and other SIEM tools. The major challenge was that we were occupied with a lot of noise and activities like validation of IP reports, DNS checks, and traffic monitoring. These were redundant activities that every analyst had to do. We wanted to stop these kinds of activities.

PW
Real User
Top 5
2023-05-12T16:14:00Z
May 12, 2023

My company has two use cases for Splunk SOAR. We use it to enrich alarms by pulling in outside sources of information. Splunk can also automate actions while ensuring they are structured and reproducible.

Pulkit Thakur - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-03-17T18:58:00Z
Mar 17, 2023

The solution provides information on user accounts. The solution has playbooks that check the user with server ID. It checks the domain name and IP address of the web page.

AM
Real User
Top 20
2023-02-23T15:24:00Z
Feb 23, 2023

This is a DevOps product. We use the solution to monitor the activity of users and integrate Splunk UEBA, monitoring traffic, packages, external attacks, left movement, and lateral movements. We also use it maybe inside the person's C2 servers, and for exercise and SQL injections. Basically, we use the solution for any type of attack that can happen regarding the meter attack grid.

Srikanth Nuthalapati - PeerSpot reviewer
Real User
Top 5
2023-01-30T10:43:04Z
Jan 30, 2023

We wanted to automate the process of creating playbooks, orchestrating events, customizing integrations, and deploying applications such as Thread Connect and Wireless Total for enrichment and threat hunting. We have tailored these applications to meet our specific needs and redeployed them.

Siddharth Matalia - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-01-27T17:23:28Z
Jan 27, 2023

Basically, we are using it for most of our automation, and not as per the SOAR, although it is a SOAR application. We are not using it just for security purposes. We are using it for various purposes like maintenance. We do have our own data center where we have our maintenance on the infrastructure side, and the application has to be brought down. Here it has done exceptionally well. We shut down all our different applications by writing our code in the shell languages, and we upload through GitHub. It means that we can just call that script, and it gets triggered on the particular server, and it shuts down. It's like a workflow. The workflow has been created in such a way that it helps us. Earlier, when we used to have to manage it manually, when we shut down the application, it used to take a lot of time. Now it is done within 30 minutes. In our environment, we have SAP applications, and SAP has its own commands to shut down the applications, databases, et cetera. So it is just not limited to all those shutdowns and this. We do have various other stuff as well, like upgrades. So we have written the upgrade codes, and now we can upgrade X number of SAP applications and databases as needed.

NF
Real User
Top 20
2022-08-12T12:06:36Z
Aug 12, 2022

We primarily use the solution for supporting or automating the email spam items and some ISMS monitoring items, et cetera.

Tarun Singh - PeerSpot reviewer
Real User
Top 5Leaderboard
2022-06-02T08:01:54Z
Jun 2, 2022

Splunk Phantom can be deployed on the cloud, on-premise, and hybrid. If you want to put it to your cellphone or public cloud to use cloud services, such as Amazon AWS or Google Cloud Platform it is possible. The main usage of Splunk Phantom is for security monitoring, insider threat protection, user and entity behavioral analytics (UEBA), Security orchestration, automation, privileged user and account protection, and security against attacks, such as phishing and advanced malware attacks.

Filip Stojkovski - PeerSpot reviewer
Real User
Top 10
2022-04-11T12:26:57Z
Apr 11, 2022

Security Operations and Incident response processes automation and alerts enrichment.

MO
Real User
2021-04-26T15:04:26Z
Apr 26, 2021

My primary use case was for the MITRE ATT&CK parameters. I have some experience with MITRE ATT&CK for SIEM and SOAR solutions.

Hari Haran. - PeerSpot reviewer
Real User
Top 10
2021-01-22T22:52:15Z
Jan 22, 2021

We are doing some automation on the SIM and we are getting some SIMS and we are looking for some automation to improve the security environment. That's how we are currently using Splunk.

it_user1404753 - PeerSpot reviewer
Real User
2020-08-23T08:17:28Z
Aug 23, 2020

We're not really creating the use cases. Our internal team is developing the use cases. Right now, we have automated the whole phishing process. After that we are still planning to automate a few more things like malware investigation and then from there other processes.

SA
Real User
2020-04-30T10:58:00Z
Apr 30, 2020

Our primary use case of the solution is for fine tuning. We provide professional services for our customers to enhance their ability to use the functionalities of Splunk. We're integrators of the solution.

AS
Reseller
Top 20
2020-02-12T17:16:43Z
Feb 12, 2020

We are a consulting firm and this is a solution that we use for ourselves, as well as implement it for our customers. Our use case is to establish a platform for threat analysis across different data sources that we have in the company. Essentially, it is an orchestration platform and we want to make sure that we can tie into different endpoints or data sources from which traffic originates. We need to then detect and analyze threats.

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.  Go from overwhelmed to in-control Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business. Force multiply your team Orchestrate and automate repetitive tasks, investigation and response to...
Download Splunk SOAR ReportRead more