Try our new research platform with insights from 80,000+ expert users

Splunk SOAR vs ThreatConnect Threat Intelligence Platform (TIP) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
43
Ranking in other categories
No ranking in other categories
ThreatConnect Threat Intell...
Ranking in Security Orchestration Automation and Response (SOAR)
16th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
5
Ranking in other categories
Threat Intelligence Platforms (6th)
 

Mindshare comparison

As of February 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Splunk SOAR is 7.2%, down from 8.7% compared to the previous year. The mindshare of ThreatConnect Threat Intelligence Platform (TIP) is 1.8%, down from 2.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Shubham Sinha. - PeerSpot reviewer
Helped eliminate repetitive and redundant tasks, but custom functions and reporting need a lot of work
The visibility of the solution’s playbook viewer depends on the right you assign to the analyst. SOAR has the flexibility to distinguish between the roles of analyst and owner. If the analyst's role is to just work on a ticket, they cannot view the playbook design platform. That is limited to the owner. That can be both a good and bad thing. A major problem I have faced in SOAR's rights distribution is roles and responsibilities. Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch, just to amend the rights and responsibilities of one role. This bug was not fixed. Also, the latest GUI is terrible. The previous one was better. Another point is that while using Splunk SOAR in an investigation is not difficult, there are some complex parameters. We have SOAR case management, but the licensing is going to put a big hole in your pocket. Also, there is an issue with investigation node addition. When you are doing node additions you cannot grant the entire environment to have SOAR visibility into the incident. So when you integrate it with an ITSM tool, like ServiceNow or Jira for ticketing purposes, there is a challenge. When you do nodes for investigation on a regular basis, sometimes it does not update our ServiceNow platform, which is terrible. It is a redundant activity for an analyst to update that in the case management as well as in the ITSM tool. Although SOAR provides integration, the functionality of investigation and nodes is terrible when it comes to integration. An additional area for improvement is custom function creation. It's terrible. A newbie cannot create custom functions right away. They would require a solid understanding first. Also, the reporting is really awful. If I want to do a report for a customized time period, such as the last three days or the last four days, or from the 10th to the 12th of June, that is not available in SOAR at all. That kind of feature is available in Cortex XSOAR. Reporting is a real challenge.
Aadarsh Dawn - PeerSpot reviewer
Offers features like response capabilities and automation response and automation orchestration
ThreatConnect aggregates and operationalizes Threat intelligence data and sources across internal client environments. It leverages Automation and built in Case Management to streamline and automate threat intelligence-driven processes and investigations within client environments ThreatConnect…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools."
"The product provides 100% automation for certain processes."
"So far, the interface is very easy to use."
"The tool's most valuable feature is its searchability and ease of action on the logs. I can easily search within the logs and take action on them, and I can trace them back to my environment because the way the logs are written is very helpful for us."
"I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work."
"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."
"Scalability is the best feature of the solution."
"In Splunk SOAR, I find the playbooks valuable. We get to create multiple playbooks, and within each playbook, there is a different type of investigation attached to it, which helps out an analyst or new analysts coming on board."
"ThreatConnect has a highly user-friendly interface."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
"The product automatically generated a threat score based on the maliciousness of an IP."
"The tool's installation, integration, and playbooks are very straightforward."
"The most valuable features are ease of use and the ability to customize it."
 

Cons

"Splunk's support for integration is subpar and has room for improvement."
"The font used in the interface could be changed and made easier to read."
"Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch.."
"The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginners to learn. It's hard for a new user to figure out how to visualize old threat data. It took two to three months to learn with hands-on experience how to use the dashboard, visualize events, and analyze threats."
"The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."
"It would be ideal for us if Splunk SOAR could integrate with Teams."
"There is a lot of room for improvement with the UI."
"have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning."
"It would be good to have more feeds and more integrated sources for enrichment."
"Integration is an area that could use some improvement."
"Support is an area with which nobody is ever fully satisfied, so it can be improved."
"I couldn’t get any training videos online when I was working with the tool."
"They should make it a little bit easier to generate events and share them with the community"
 

Pricing and Cost Advice

"I found the price of Splunk SOAR to be good."
"The cost is high and the licensing is on an annual basis."
"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."
"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."
"The licensing cost is reasonable."
"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
"I don't know the exact price, but for my region, it is very expensive."
"Splunk SOAR is an expensive solution for an organization of our size."
"The price could be better."
"The tool is expensive."
"The price of this product is in the mid-range, not too expensive, nor inexpensive."
"I rate the product price as six on a scale of one to ten, where one is extremely expensive, and ten means it is cheap."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
838,640 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
11%
Government
9%
Financial Services Firm
15%
Computer Software Company
14%
Government
11%
Manufacturing Company
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
What is your experience regarding pricing and costs for Splunk Phantom?
I rate Splunk SOAR two out of 10 for affordability. Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all ...
What needs improvement with Splunk Phantom?
The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginne...
What do you like most about ThreatConnect Threat Intelligence Platform (TIP)?
The product automatically generated a threat score based on the maliciousness of an IP.
What is your experience regarding pricing and costs for ThreatConnect Threat Intelligence Platform (TIP)?
The tool's prices are at par when compared to the other products in the market, so it is not uber-premium or too pricey. I rate the product price as six on a scale of one to ten, where one is extre...
What needs improvement with ThreatConnect Threat Intelligence Platform (TIP)?
ThreatConnect Threat Intelligence Platform (TIP) needs to develop its SOAR platform because it currently doesn't position or connect itself as a SOAR tool, even though it has at least 60 percent of...
 

Also Known As

Phantom
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Recorded Future, Blackstone
Oracle, IBM, General Dynamics, Scotiabank, Sony, Athena Health, Berkshire Hathaway Energy, Workday, TikTok
Find out what your peers are saying about Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP) and other solutions. Updated: January 2025.
838,640 professionals have used our research since 2012.