Try our new research platform with insights from 80,000+ expert users

IBM Resilient vs Splunk SOAR comparison

IBM and Splunk are both solutions in the Security Orchestration Automation and Response (SOAR) category. IBM is ranked #17 with an average rating of 7.0, while Splunk is ranked #3 with an average rating of 8.4. IBM holds a 2.0% mindshare in SOAR, compared to Splunk’s 7.6% mindshare. Additionally, 75% of IBM users are willing to recommend the solution, compared to 87% of Splunk users who would recommend it.
IBM Resilient
Read 18 IBM Resilient reviews
  • 1,230 Views
  • 1,046 Comparison Views
75% willing to recommend
Splunk SOAR
Read 50 Splunk SOAR reviews
  • 4,447 Views
  • 3,380 Comparison Views
87% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jun 15, 2025

IBM Resilient and Splunk SOAR are prominent players in the field of incident response and security orchestration. Splunk SOAR appears to have an advantage due to its extensive integration capabilities and mature automation modules.

Features: IBM Resilient provides comprehensive incident response capabilities with dynamic playbooks for quick actions. It integrates well with other IBM products like QRadar, offering a mature solution requiring fewer third-party products. Splunk SOAR excels in integration with non-Splunk solutions, has a vast library of pre-built integrations, and supports advanced automation and orchestration modules, allowing for scalable security management with customizable playbooks.

Room for Improvement: IBM Resilient could improve by enhancing integration with third-party products and offering more built-in connectors. Users suggest better technical support and documentation for smoother deployment. Pricing strategies also need reevaluation. Splunk SOAR could benefit from improved case management, reporting capabilities, and better support for emerging technologies like IoT/OT security while also addressing high pricing concerns.

Ease of Deployment and Customer Service: IBM Resilient primarily supports on-premises deployment, with users noting complex initial configurations. Customer support experiences are mixed. Splunk SOAR offers flexible deployment options, including hybrid and cloud, serving different organizational needs but receiving average ratings in technical support, with noted delays. Both solutions have opportunities to enhance response times in customer service.

Pricing and ROI: IBM Resilient is considered expensive, with user-based licensing. Some users see moderate ROI in time savings. Splunk SOAR is similarly priced high, posing a challenge for smaller organizations. Despite the cost, many users justify the investment given Splunk's powerful integration and automation. There is a call for more competitive and flexible pricing models for both to accommodate various organizational sizes and budgets.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed IBM Resilient vs. Splunk SOAR Report (Updated: September 2025).
Buyer's Guide
IBM Resilient vs. Splunk SOAR
September 2025
Download the complete report
Helped 873,085 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

IBM Resilient
Ranking in Security Orchestration Automation and Response (SOAR)
17th
Average Rating
7.4
Reviews Sentiment
6.6
Number of Reviews
18
Ranking in other categories
Security Incident Response (3rd)
Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.2
Reviews Sentiment
6.6
Number of Reviews
50
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of November 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of IBM Resilient is 2.0%, down from 2.5% compared to the previous year. The mindshare of Splunk SOAR is 7.6%, down from 7.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Market Share Distribution
ProductMarket Share (%)
Splunk SOAR7.6%
IBM Resilient2.0%
Other90.4%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Usman Bhatti - PeerSpot reviewer
Simple deployment, scalable, but lacking third-party solution compatibility
Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution. It's worth noting that many third-party add-on applications needed to be purchased separately to integrate with IBM Resilient. While there were built-in applications available for incident remediation, the selection was limited. Additionally, integrating third-party applications was often a difficult and time-consuming process due to the technical complexity involved.
Read full review
Hamada Elewa - PeerSpot reviewer
Creating automation workflows has reduced detection time but integration and visibility challenges remain
The visibility of Splunk SOAR's playbook viewer is rather unclear to me; I wonder what the visibility is for. There are indeed some problems with integrating Splunk SOAR with other Splunk products or other vendors in my system, and it took a while after implementing Splunk SOAR to train my SOC team on how to use the playbooks. Splunk SOAR does not help me reduce my security event volume; in fact, it makes them massive. Splunk SOAR does not help me free up resources to work on other projects; they are not good in this regard. I have not seen time to value with Splunk SOAR; I am curious about what time to value means. I believe Splunk SOAR can be improved by adding more integrations and out-of-the-box integrations, and by increasing the number of admins that can access the solution simultaneously. I see the need to inject more AI in creating the playbooks. I think they can inject more threat intelligence into the solution.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's really simple and has a flexible interface."
"The UBA, User Behavior Analytics, is very good."
"Its flexibility is the most valuable."
"The product is very good at incident response."
"It is a stable solution...It is a scalable solution."
"As a whole, the product is stable...Technical support is very good."
"The solution is easy to use."
"The solution is very easy to use."
More IBM Resilient pros
"The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me."
"Surprisingly, the mobile app is valuable because it is very convenient for our on-call analysts to respond and get alerted to security alerts and events wherever they are. We are able to harness the power of Splunk SOAR and everything that we are doing, and we are also able to alert our on-call analysts 24/7. From their mobile phone, they can respond to those alerts."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work."
"Workflow management is most valuable. It is easily customizable"
"The product provides 100% automation for certain processes."
"The most valuable feature is the risk-based access control."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
More Splunk SOAR pros
 

Cons

"IBM Resilient could integrate better with my tools."
"The implementation could be a bit simpler."
"What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products."
"One thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading."
"There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future."
"IBM Resilient is quite complex, including its configuration."
"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution."
"It is not very straightforward to set up custom integrations, especially with services like Azure. You need an additional server for integration."
More IBM Resilient cons
"Unfortunately, not all of our analysts are iPhone users or iOS users. The mobile app is only supported on iOS. Our analysts who have Android do not have that benefit. That would be a nice thing to have so that we can have it across the board and not just for iOS."
"The cost of Splunk SOAR has room for improvement."
"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."
"The number of playbooks on offer should be increased."
"The tool's response is slower because it has to search through a huge dataset, which can be improved for latency."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."
"The scalability could be better."
More Splunk SOAR cons
 

Pricing and Cost Advice

"I would rate the tool’s pricing a three out of ten. The tool’s pricing is on a yearly basis."
"There are no costs except for the support services that our company pays in addition to the licensing charges attached to the solution."
"Pricing for the solution is good, in my opinion."
"I feel it is an expensive product when my company pays annually for renewal, support, and follow-up."
"The cost of the product is quite high."
"We could create unlimited users using the license we had purchased."
"There is a license you need to pay for in order to use this product."
"The licensing cost for IBM Resilient is not too expensive, but it's not affordable, so it's moderately expensive. Regarding price, I'm rating the solution seven out of ten. The company pays for the license yearly, based on the number of users. Apart from the cost of the license you need to pay for each user, you also need to spend an initial investment for the base platform. You also have to pay for IBM Resilient support."
More IBM Resilient pricing and cost advice
"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."
"Splunk SOAR is more expensive compared to other options for SOAR."
"I don't know the exact price, but for my region, it is very expensive."
"The cost is high and the licensing is on an annual basis."
"The tool is not cheap."
"Splunk SOAR is moderately priced, neither cheap nor overly expensive."
"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."
"I found the price of Splunk SOAR to be good."
More Splunk SOAR pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
See recommendations
873,085 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
35%
Government
7%
Computer Software Company
6%
Manufacturing Company
6%
Financial Services Firm
12%
Computer Software Company
11%
Manufacturing Company
9%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise2
Large Enterprise7
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise7
Large Enterprise30
 

Questions from the Community

What do you like most about IBM Resilient?
It is a stable solution...It is a scalable solution.
See all answers
What is your experience regarding pricing and costs for IBM Resilient?
I am not the one in charge of pricing, so I am not sure about the costs.
See all answers
What needs improvement with IBM Resilient?
Integration with some devices, including Cisco PowerPower and certain antivirus products, has limitations.
See all answers
What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
See all answers
What is your experience regarding pricing and costs for Splunk Phantom?
I don't have experience with costs; management handles that aspect.
See all answers
What needs improvement with Splunk Phantom?
I'm not an expert on Splunk SOAR, but I'm sure our team members know what areas could be improved. I haven't spoken to them specifically about what could be improved or what they would want Splunk ...
See all answers
 

Comparisons

Palo Alto Networks Cortex XSOAR vs IBM Resilient Logo
Palo Alto Networks Cortex XSOAR vs IBM Resilient
Compared 25% of the time
IBM Security QRadar vs IBM Resilient Logo
IBM Security QRadar vs IBM Resilient
Compared 13% of the time
Fortinet FortiSOAR vs IBM Resilient Logo
Fortinet FortiSOAR vs IBM Resilient
Compared 10% of the time
Proofpoint Threat Response vs IBM Resilient Logo
Proofpoint Threat Response vs IBM Resilient
Compared 9% of the time
ServiceNow Security Operations vs IBM Resilient Logo
ServiceNow Security Operations vs IBM Resilient
Compared 8% of the time
More IBM Resilient Competitors
Palo Alto Networks Cortex XSOAR vs Splunk SOAR Logo
Palo Alto Networks Cortex XSOAR vs Splunk SOAR
Compared 18% of the time
Fortinet FortiSOAR vs Splunk SOAR Logo
Fortinet FortiSOAR vs Splunk SOAR
Compared 11% of the time
ServiceNow Security Operations vs Splunk SOAR Logo
ServiceNow Security Operations vs Splunk SOAR
Compared 10% of the time
Tines vs Splunk SOAR Logo
Tines vs Splunk SOAR
Compared 9% of the time
Swimlane vs Splunk SOAR Logo
Swimlane vs Splunk SOAR
Compared 4% of the time
More Splunk SOAR Competitors
 

Product Reports

Buyer's Guide
IBM Resilient
October 2025
IBM Resilient reportDownload IBM Resilient product report
Buyer's Guide
Splunk SOAR
October 2025
Splunk SOAR reportDownload Splunk SOAR product report
 

Also Known As

No data available
Phantom
 

Overview

The Resilient Incident Response Platform (IRP) is the leading platform for orchestrating and automating incident response processes.

The Resilient IRP quickly and easily integrates with your organization’s existing security and IT investments. It makes security alerts instantly actionable, provides valuable intelligence and incident context, and enables adaptive response to complex cyber threats.

IBM

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Splunk
 

Sample Customers

Golden Living, Health Equity, USA Funds
Recorded Future, Blackstone
Buyer's Guide
IBM Resilient vs. Splunk SOAR
September 2025
Free Report: IBM Resilient vs. Splunk SOAR
Find out what your peers are saying about IBM Resilient vs. Splunk SOAR and other solutions. Updated: September 2025.
DOWNLOAD NOW
873,085 professionals have used our research since 2012.
See our IBM Resilient vs. Splunk SOAR report.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.