What needs improvement with Splunk Phantom?

Please share with the community what you think needs improvement with Splunk Phantom.

What are its weaknesses? What would you like to see changed in a future version?

11 Answer

author avatar
Top 5LeaderboardReal User

Phantom was only recently acquired by Splunk so it is not fully integrated yet. Our area of concern is that Splunk Phantom works with the other Splunk products. At this point, there are certain things that are not fully operational across the rest of the product line. The extension of the product to allow for better integration with other data sources is something that needs attention. We want to see improvements made to the APIs such that we can connect to many different systems and data sources. The search capability could be improved by way of better indexing and also integration with third-party solutions such as Elasticsearch. I would like to see escalation management and integration with communication tools like Slack. I would like to have more capability around analytics. There needs to be a better facility for documenting and storing issues, as well as being able to find those issues. Splunk does a good job of that, so I think that it will be done.

Find out what your peers are saying about Splunk, Palo Alto Networks, IBM and others in Security Orchestration Automation and Response (SOAR). Updated: January 2021.
456,812 professionals have used our research since 2012.