Splunk SOAR vs Stellar Cyber Open XDR comparison

Splunk and Stellar Cyber are both solutions in the Security Orchestration Automation and Response (SOAR) category. Splunk is ranked #3 with an average rating of 8.0, while Stellar Cyber is ranked #25. Splunk holds a 7.2% mindshare in SOAR, compared to Stellar Cyber’s 0.8% mindshare. Additionally, 85% of Splunk users are willing to recommend the solution.

Splunk SOAR

Read 44 Splunk SOAR reviews

4,577 Views
2,761 Comparison Views

85% willing to recommend

Stellar Cyber Open XDR

Read 2 Stellar Cyber Open XDR reviews

183 Views
148 Comparison Views

0% willing to recommend

Splunk SOAR

Stellar Cyber Open XDR

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Splunk SOAR and Stellar Cyber Open XDR based on real PeerSpot user reviews.

Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Splunk SOAR vs. Stellar Cyber Open XDR Report (Updated: March 2025).

Buyer's Guide

Splunk SOAR vs. Stellar Cyber Open XDR

March 2025

Download the complete report

Helped 846,617 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Splunk SOAR

Ranking in Security Orchestration Automation and Response (SOAR)

3rd

Average Rating

8.0

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

No ranking in other categories

Stellar Cyber Open XDR

Ranking in Security Orchestration Automation and Response (SOAR)

25th

Average Rating

0.0

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (52nd), Endpoint Detection and Response (EDR) (61st), Network Detection and Response (NDR) (21st), Extended Detection and Response (XDR) (34th)

Mindshare comparison

As of April 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Splunk SOAR is 7.2%, down from 8.7% compared to the previous year. The mindshare of Stellar Cyber Open XDR is 0.8%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Orchestration Automation and Response (SOAR)

Featured Reviews

Shubham Sinha.

Senior Principal Information Security Analyst at Veritas Technologies LLC

Helped eliminate repetitive and redundant tasks, but custom functions and reporting need a lot of work

The visibility of the solution’s playbook viewer depends on the right you assign to the analyst. SOAR has the flexibility to distinguish between the roles of analyst and owner. If the analyst's role is to just work on a ticket, they cannot view the playbook design platform. That is limited to the owner. That can be both a good and bad thing. A major problem I have faced in SOAR's rights distribution is roles and responsibilities. Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch, just to amend the rights and responsibilities of one role. This bug was not fixed. Also, the latest GUI is terrible. The previous one was better. Another point is that while using Splunk SOAR in an investigation is not difficult, there are some complex parameters. We have SOAR case management, but the licensing is going to put a big hole in your pocket. Also, there is an issue with investigation node addition. When you are doing node additions you cannot grant the entire environment to have SOAR visibility into the incident. So when you integrate it with an ITSM tool, like ServiceNow or Jira for ticketing purposes, there is a challenge. When you do nodes for investigation on a regular basis, sometimes it does not update our ServiceNow platform, which is terrible. It is a redundant activity for an analyst to update that in the case management as well as in the ITSM tool. Although SOAR provides integration, the functionality of investigation and nodes is terrible when it comes to integration. An additional area for improvement is custom function creation. It's terrible. A newbie cannot create custom functions right away. They would require a solid understanding first. Also, the reporting is really awful. If I want to do a report for a customized time period, such as the last three days or the last four days, or from the 10th to the 12th of June, that is not available in SOAR at all. That kind of feature is available in Cortex XSOAR. Reporting is a real challenge.

Read full review

Hrishiraj Bhattacharjee

Founder & CEO at Team Karimganj

Correlates incidents, allows for quicker identification and helps prioritize investigations

The only challenge is, and that’s where we come into play, it’s a pretty high-tech platform. So, it’s difficult for small and medium-sized organizations to manage it on their own. It’s a very complex system. It requires a lot of expertise. All my guys who work on it have gone through certification from Stellar itself. There are three different certifications that you need to complete. Only then are you certified by Stellar to work on it. It’s a very complex platform. Not everyone can use it. A simple IT engineer or system admin won’t be able to handle it because it’s quite complex. You need to have an understanding of the industry, the subject, and the tool. So, just purchasing this tool or license and then using it on your own would be very difficult to configure and manage on a day-to-day basis. The pricing model is not suitable for small and medium companies, particularly small companies. The minimum pricing model they have is suitable for companies with more than one thousand users. So, if someone has 50 to 100 users, like typical small companies, it’s difficult for them because the cost involved is high. Stellar would charge you for those thousand users, but you do not need all those users. So what are they going to do? I guess Stellar does not want to target small companies directly and maybe relies on resellers and MSPs like us to sell it. So, that is something I would recommend changing. Otherwise, it’s a great tool, but because of the pricing model, small companies are unable to leverage the advantage of this beautiful tool. So, the pricing model should be suitable for small and medium businesses. The product currently has vulnerability monitoring and everything. But if they could also do something about vulnerability management and maybe patch management, that would be nice.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time."

"SOAR allows custom code to be written and integrates with various technologies through pre-built apps like Windows Remote Management or custom apps we can build ourselves like a secret retrieval app from our vault."

"Splunk SOAR's quick response to incidents is the most valuable part."

"When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved."

"The most valuable feature is the risk-based access control."

"It's pretty easy when it comes to setting up assets. If you want to fetch emails or call a REST API, you can set up an asset and grab that information."

"Splunk has many features that make work easier, and it's simple to implement in a large production environment. Splunk collects a massive amount of data from cloud servers and handles it perfectly."

"The customization of the playbook in Splunk SOAR is very beneficial."

More Splunk SOAR pros

"It can integrate with almost any cybersecurity tool available in the market."

"Stellar Cyber Open XDR offers these functionalities at a more affordable price, making it easier for me to position it with price-sensitive customers."

Cons

"Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch.."

"Unfortunately, not all of our analysts are iPhone users or iOS users. The mobile app is only supported on iOS. Our analysts who have Android do not have that benefit. That would be a nice thing to have so that we can have it across the board and not just for iOS."

"We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them."

"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."

"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."

"The algorithm and machine learning have room for improvement and can be more user-friendly."

"The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginners to learn. It's hard for a new user to figure out how to visualize old threat data. It took two to three months to learn with hands-on experience how to use the dashboard, visualize events, and analyze threats."

"They can improve on what they are currently doing. They can provide more playbooks or at least template playbooks that are in their repository."

More Splunk SOAR cons

"I would rate the stability at about five to six. The platform requires some fine-tuning, especially when integrating data sources and creating connectors."

"Support is an issue because they have a limited number of resources."

Pricing and Cost Advice

"The cost is high and the licensing is on an annual basis."

"Splunk SOAR is an expensive solution for an organization of our size."

"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."

"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."

"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."

"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."

"The licensing cost is reasonable."

"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."

More Splunk SOAR pricing and cost advice

"It’s a single license platform."

See which vendors are best for you

Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.

See recommendations

846,617 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

14%

Financial Services Firm

13%

Manufacturing Company

11%

Government

Computer Software Company

15%

Comms Service Provider

12%

Manufacturing Company

Financial Services Firm

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What do you like most about Splunk Phantom?

Splunk SOAR's quick response to incidents is the most valuable part.

See all answers

What is your experience regarding pricing and costs for Splunk Phantom?

Splunk SOAR is affordable cost-wise only, but not competitive from a technical perspective compared to Palo Alto SOAR and FortiSOAR.

See all answers

What needs improvement with Splunk Phantom?

The creation of playbooks is complex in Splunk SOAR ( /categories/security-orchestration-automation-and-response-soar ), and the number of integrations needs enhancement. Although it enhances alert...

See all answers

What is your experience regarding pricing and costs for Stellar Cyber Open XDR?

Pricing is a major benefit of Stellar Cyber Open XDR. I rate it between three and four on the cost scale. It offers functionalities at a significantly lower cost than rival products, enabling me to...

See all answers

What needs improvement with Stellar Cyber Open XDR?

I am currently evaluating Stellar Cyber Open XDR in terms of their support. I do not see any major areas for improvement as of now. Their support is good, and the team is small, enabling them to ca...

See all answers

What is your primary use case for Stellar Cyber Open XDR?

I use Stellar Cyber Open XDR ( /products/stellar-cyber-open-xdr-reviews ) as a 24/7 security monitoring tool, especially for customers with large and medium networks. It eliminates the need for a d...

See all answers

Comparisons

Cortex XSIAM vs Splunk SOAR

Compared 24% of the time

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Compared 19% of the time

Tines vs Splunk SOAR

Compared 10% of the time

Fortinet FortiSOAR vs Splunk SOAR

Compared 9% of the time

Torq vs Splunk SOAR

Compared 8% of the time

More Splunk SOAR Competitors

Wazuh vs Stellar Cyber Open XDR

Compared 18% of the time

CrowdStrike Falcon vs Stellar Cyber Open XDR

Compared 10% of the time

Lumu vs Stellar Cyber Open XDR

Compared 8% of the time

Fortinet FortiSIEM vs Stellar Cyber Open XDR

Compared 7% of the time

Splunk Enterprise Security vs Stellar Cyber Open XDR

Compared 7% of the time

More Stellar Cyber Open XDR Competitors

Product Reports

Buyer's Guide

Splunk SOAR

March 2025

Download Splunk SOAR product report

Buyer's Guide

Extended Detection and Response (XDR)

March 2025

Download Stellar Cyber Open XDR product report

Also Known As

Phantom

No data available

Overview

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Splunk

Stellar Cyber’s AI-driven Security Operations Platform powered by Open XDR delivers comprehensive, unified security without complexity, empowering lean security teams of any skill to secure their environments successfully. With Stellar Cyber, Enterprises, MSSPs and MSPs reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering a 20X improvement in MTTD and an 8X improvement in MTTR.

What are the standout features?

Ease of Deployment: Quick and straightforward implementation process.
Comprehensive Security Analytics: Deep insights into security threats through advanced analytics.
Automated Threat Detection: Proactive identification and mitigation of threats.
Intuitive Dashboard: User-friendly interface for efficient security management.
Seamless Tool Integration: Compatibility with diverse security tools.
Real-Time Reporting: Immediate insights into threat activity.
Scalability: Adapts to growing security needs.
Responsive Customer Support: Timely assistance to resolve any issues.

What benefits should users look for?

Improved Threat Visibility: Comprehensive insights into potential cyber threats.
Streamlined Incident Management: Efficient handling and resolution of security incidents.
Reduced False Positives: Enhanced accuracy in threat identification.
Faster Threat Identification: Quick recognition and response to security threats.
Enhanced Data Integration: Unified view of security data from multiple sources.

Stellar Cyber Open XDR is especially beneficial in industries that demand state-of-the-art cybersecurity measures, such as finance, healthcare, and retail. Users in these sectors rely on it for its comprehensive data integration, real-time threat detection, and seamless tool compatibility, enabling them to maintain high-security standards while dealing with sensitive information.

Stellar Cyber

Sample Customers

Recorded Future, Blackstone

Sumitomo Chemical USA, PlastiPak Packaging, University of Denver, Large California State Agency, Large Midwestern American City

Buyer's Guide

Splunk SOAR vs. Stellar Cyber Open XDR

March 2025

Free Report: Splunk SOAR vs. Stellar Cyber Open XDR

Find out what your peers are saying about Splunk SOAR vs. Stellar Cyber Open XDR and other solutions. Updated: March 2025.

DOWNLOAD NOW

846,617 professionals have used our research since 2012.

See our Splunk SOAR vs. Stellar Cyber Open XDR report.

See our list of best Security Orchestration Automation and Response (SOAR) vendors.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.