Try our new research platform with insights from 80,000+ expert users

Splunk SOAR vs ThreatConnect Threat Intelligence Platform (TIP) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
44
Ranking in other categories
No ranking in other categories
ThreatConnect Threat Intell...
Ranking in Security Orchestration Automation and Response (SOAR)
17th
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
6
Ranking in other categories
Threat Intelligence Platforms (6th)
 

Mindshare comparison

As of March 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Splunk SOAR is 7.3%, down from 8.7% compared to the previous year. The mindshare of ThreatConnect Threat Intelligence Platform (TIP) is 1.7%, down from 2.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Shubham Sinha. - PeerSpot reviewer
Helped eliminate repetitive and redundant tasks, but custom functions and reporting need a lot of work
The visibility of the solution’s playbook viewer depends on the right you assign to the analyst. SOAR has the flexibility to distinguish between the roles of analyst and owner. If the analyst's role is to just work on a ticket, they cannot view the playbook design platform. That is limited to the owner. That can be both a good and bad thing. A major problem I have faced in SOAR's rights distribution is roles and responsibilities. Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch, just to amend the rights and responsibilities of one role. This bug was not fixed. Also, the latest GUI is terrible. The previous one was better. Another point is that while using Splunk SOAR in an investigation is not difficult, there are some complex parameters. We have SOAR case management, but the licensing is going to put a big hole in your pocket. Also, there is an issue with investigation node addition. When you are doing node additions you cannot grant the entire environment to have SOAR visibility into the incident. So when you integrate it with an ITSM tool, like ServiceNow or Jira for ticketing purposes, there is a challenge. When you do nodes for investigation on a regular basis, sometimes it does not update our ServiceNow platform, which is terrible. It is a redundant activity for an analyst to update that in the case management as well as in the ITSM tool. Although SOAR provides integration, the functionality of investigation and nodes is terrible when it comes to integration. An additional area for improvement is custom function creation. It's terrible. A newbie cannot create custom functions right away. They would require a solid understanding first. Also, the reporting is really awful. If I want to do a report for a customized time period, such as the last three days or the last four days, or from the 10th to the 12th of June, that is not available in SOAR at all. That kind of feature is available in Cortex XSOAR. Reporting is a real challenge.
Aadarsh Dawn - PeerSpot reviewer
Offers features like response capabilities and automation response and automation orchestration
ThreatConnect aggregates and operationalizes Threat intelligence data and sources across internal client environments. It leverages Automation and built in Case Management to streamline and automate threat intelligence-driven processes and investigations within client environments ThreatConnect…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Splunk integrates with so many products. It provides us with good information for us to be able to do our jobs."
"I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful."
"My understanding is the initial setup isn't too hard."
"Surprisingly, the mobile app is valuable because it is very convenient for our on-call analysts to respond and get alerted to security alerts and events wherever they are. We are able to harness the power of Splunk SOAR and everything that we are doing, and we are also able to alert our on-call analysts 24/7. From their mobile phone, they can respond to those alerts."
"Very flexible integration with other tools"
"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."
"The product provides 100% automation for certain processes."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"The tool's installation, integration, and playbooks are very straightforward."
"The product automatically generated a threat score based on the maliciousness of an IP."
"We have been able to see a return on investment as our clients believe in us more."
"ThreatConnect has a highly user-friendly interface."
"I like their customer support."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
"The most valuable features are ease of use and the ability to customize it."
 

Cons

"have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning."
"The tool's response is slower because it has to search through a huge dataset, which can be improved for latency."
"Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient."
"Portability is one thing that is currently lacking. The open-source product that I evaluated had portability. It would require a lot of development effort, but it will save the cost of rewriting all the playbooks."
"The algorithm and machine learning have room for improvement and can be more user-friendly."
"Providing Splunk app developers and playbook developers Python Stub files so that way when they create custom code through their IDE, they can have IntelliCode suggestions."
"Splunk's support for integration is subpar and has room for improvement."
"The UI can be more customizable for the clients."
"Support is an area with which nobody is ever fully satisfied, so it can be improved."
"I would like to see improvements in the time zone support of their customer service, considering users are from different time zones."
"Sometimes, when using the solution, it slows down, affecting our ability to mitigate threats."
"Integration is an area that could use some improvement."
"I couldn’t get any training videos online when I was working with the tool."
"They should make it a little bit easier to generate events and share them with the community"
"It would be good to have more feeds and more integrated sources for enrichment."
 

Pricing and Cost Advice

"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."
"I found the price of Splunk SOAR to be good."
"I don't know the exact price, but for my region, it is very expensive."
"The tool is not cheap."
"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."
"The licensing cost is reasonable."
"Splunk SOAR is more expensive compared to other options for SOAR."
"It's very overpriced because it is based on the number of users. There is no bulk licensing."
"The price of this product is in the mid-range, not too expensive, nor inexpensive."
"The price could be better."
"I rate the product price as six on a scale of one to ten, where one is extremely expensive, and ten means it is cheap."
"The tool is expensive."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
842,651 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
11%
Government
9%
Financial Services Firm
16%
Computer Software Company
14%
Government
10%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
What is your experience regarding pricing and costs for Splunk Phantom?
Splunk SOAR is affordable cost-wise only, but not competitive from a technical perspective compared to Palo Alto SOAR and FortiSOAR.
What needs improvement with Splunk Phantom?
The creation of playbooks is complex in Splunk SOAR ( /categories/security-orchestration-automation-and-response-soar ), and the number of integrations needs enhancement. Although it enhances alert...
What do you like most about ThreatConnect Threat Intelligence Platform (TIP)?
The product automatically generated a threat score based on the maliciousness of an IP.
What is your experience regarding pricing and costs for ThreatConnect Threat Intelligence Platform (TIP)?
The pricing seems a bit high for smaller companies. It would be beneficial if they had pricing tailored to different client sizes.
What needs improvement with ThreatConnect Threat Intelligence Platform (TIP)?
I would like to see improvements in the time zone support of their customer service, considering users are from different time zones. Additionally, the pricing is high for smaller organizations, so...
 

Also Known As

Phantom
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Recorded Future, Blackstone
Oracle, IBM, General Dynamics, Scotiabank, Sony, Athena Health, Berkshire Hathaway Energy, Workday, TikTok
Find out what your peers are saying about Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP) and other solutions. Updated: March 2025.
842,651 professionals have used our research since 2012.