Try our new research platform with insights from 80,000+ expert users

LogicHub SOAR+ [EOL] vs Splunk SOAR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 30, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

LogicHub SOAR+ [EOL]
Average Rating
9.6
Reviews Sentiment
7.6
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Splunk SOAR
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
45
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (3rd)
 

Featured Reviews

Reviewer32109 - PeerSpot reviewer
Integrated with hundreds of tools, analyzes data automatically, and has few false positives
The ability to analyze data automatically to make decisions automatically is what I like the most. It is also fully integrated with hundreds of other tools. Our SIEM has the search capability but it cannot save the dataset for me to merge with the result set of another query. In LogicHub, to join two resultant datasets is super easy because they use SQL operators that I can do left join, right join, inner join, or full cross join. Besides some reporting tools that I used in the past, no other SOAR can do this easily. We automated that whole analytic logic so I don’t need to repeat.
Shubham Sinha. - PeerSpot reviewer
Helped eliminate repetitive and redundant tasks, but custom functions and reporting need a lot of work
The visibility of the solution’s playbook viewer depends on the right you assign to the analyst. SOAR has the flexibility to distinguish between the roles of analyst and owner. If the analyst's role is to just work on a ticket, they cannot view the playbook design platform. That is limited to the owner. That can be both a good and bad thing. A major problem I have faced in SOAR's rights distribution is roles and responsibilities. Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch, just to amend the rights and responsibilities of one role. This bug was not fixed. Also, the latest GUI is terrible. The previous one was better. Another point is that while using Splunk SOAR in an investigation is not difficult, there are some complex parameters. We have SOAR case management, but the licensing is going to put a big hole in your pocket. Also, there is an issue with investigation node addition. When you are doing node additions you cannot grant the entire environment to have SOAR visibility into the incident. So when you integrate it with an ITSM tool, like ServiceNow or Jira for ticketing purposes, there is a challenge. When you do nodes for investigation on a regular basis, sometimes it does not update our ServiceNow platform, which is terrible. It is a redundant activity for an analyst to update that in the case management as well as in the ITSM tool. Although SOAR provides integration, the functionality of investigation and nodes is terrible when it comes to integration. An additional area for improvement is custom function creation. It's terrible. A newbie cannot create custom functions right away. They would require a solid understanding first. Also, the reporting is really awful. If I want to do a report for a customized time period, such as the last three days or the last four days, or from the 10th to the 12th of June, that is not available in SOAR at all. That kind of feature is available in Cortex XSOAR. Reporting is a real challenge.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"This solution allows us to easily investigate malicious events, system alerts etc."
"It has improved my detection coverage in areas lacking by the SIEM."
"I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks."
"The most valuable features are the Splunk SOAR apps and playbooks."
"I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work."
"My understanding is the initial setup isn't too hard."
"So far, the interface is very easy to use."
"In Splunk SOAR, I find the playbooks valuable. We get to create multiple playbooks, and within each playbook, there is a different type of investigation attached to it, which helps out an analyst or new analysts coming on board."
"The best feature in Splunk SOAR is the visual Playbook Editor. The drag-and-drop interfaces make visualizations and understanding workflows easy."
"It's pretty easy when it comes to setting up assets. If you want to fetch emails or call a REST API, you can set up an asset and grab that information."
 

Cons

"We would like this solution to have a higher level of support for SaaS applications."
"UI coloring can be improved."
"They can improve on what they are currently doing. They can provide more playbooks or at least template playbooks that are in their repository."
"It could be easier to implement."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
"The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."
"have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
"Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch.."
"Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient."
 

Pricing and Cost Advice

Information not available
"I don't know the exact price, but for my region, it is very expensive."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
"The tool is not cheap."
"It's very overpriced because it is based on the number of users. There is no bulk licensing."
"The cost is high and the licensing is on an annual basis."
"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
"I found the price of Splunk SOAR to be good."
"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
848,989 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
No data available
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
11%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
What is your experience regarding pricing and costs for Splunk Phantom?
Splunk SOAR is affordable cost-wise only, but not competitive from a technical perspective compared to Palo Alto SOAR and FortiSOAR.
What needs improvement with Splunk Phantom?
The creation of playbooks is complex in Splunk SOAR ( /categories/security-orchestration-automation-and-response-soar ), and the number of integrations needs enhancement. Although it enhances alert...
 

Comparisons

No data available
 

Also Known As

No data available
Phantom
 

Overview

 

Sample Customers

motorola, McAfee, RSA, Splunk>,Anomali
Recorded Future, Blackstone
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: April 2025.
848,989 professionals have used our research since 2012.