Try our new research platform with insights from 80,000+ expert users

Splunk SOAR vs ThreatConnect Threat Intelligence Platform (TIP) comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 28, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Torq
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
6th
Average Rating
8.6
Reviews Sentiment
6.4
Number of Reviews
6
Ranking in other categories
AI-SOC (7th), AI-Powered Security Automation (2nd)
Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
2nd
Average Rating
8.0
Reviews Sentiment
6.5
Number of Reviews
54
Ranking in other categories
No ranking in other categories
ThreatConnect Threat Intell...
Ranking in Security Orchestration Automation and Response (SOAR)
15th
Average Rating
8.2
Reviews Sentiment
6.5
Number of Reviews
8
Ranking in other categories
Threat Intelligence Platforms (TIP) (6th)
 

Mindshare comparison

As of February 2026, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Torq is 4.5%, down from 4.8% compared to the previous year. The mindshare of Splunk SOAR is 8.0%, up from 7.3% compared to the previous year. The mindshare of ThreatConnect Threat Intelligence Platform (TIP) is 2.5%, up from 1.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Market Share Distribution
ProductMarket Share (%)
Splunk SOAR8.0%
Torq4.5%
ThreatConnect Threat Intelligence Platform (TIP)2.5%
Other85.0%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Nimrod Vardi - PeerSpot reviewer
Global IT Director at OpenWeb
Automation workflows have transformed our IT, enabling secure just-in-time access control
We work with them quite often, so we have a direct line regarding areas in Torq that have room for improvement. If we have a feature request, we can request it. I do not have anything in mind at the moment. We were a design partner for a short while, so we feel that they listen and that users of the system have an impact on the way the system is designed for the better. They have a new community, which is something that I personally suggested years ago. There are many people like me in different places and they might have already built the workflow that I need. Having the option to share workflows or to jump on a thread and say I have this need, did anyone ever build a workflow for it, is amazing. Someone would jump in and say yes, sure, here, take this workflow. I think this is an amazing thing and I really hope that the community will come alive because I think this is really powerful. This is something that I already suggested and it did happen eventually, and I am quite happy with it. I do not have any specific feature in mind that I have a need for at the moment.
SS
Manager cybersecurity at Hexion Inc.
Automates threat response and reduces investigation time but needs better threat intelligence integration
One thing that we would like to see with Splunk SOAR is the expandability to the threat intelligence feed. Currently, we have limited ingestion to the threat intelligence feed for the correlation purpose. We would like to see it being integrated, with license cost or without license cost, to leading threat intelligence sources such as Recorded Future, Feedly, or Flare. That is something we would appreciate having integrated. The second thing on the improvement side is about exposed credential-related information. If we start ingesting those data to Splunk SOAR or SIEM with some sort of integration with threat intelligence feed, that will also improve our detection and prediction method or help us with the investigation.
Vyas Shubham - PeerSpot reviewer
Product Analyst at MA
Centralized threat insights have streamlined detection and automated phishing response
Based on my experience, ThreatConnect Threat Intelligence Platform (TIP) is already doing a great job in the market by decreasing threats from external sources. A few improvements I would suggest include integration enhancements, as users report that some integrations could be tighter or easier to configure. Additionally, plug and play connectors for popular security tools and threat feeds could streamline operations. There could also be easier event generation and sharing, as some reviewers mentioned that generating and sharing events or intelligence with internal teams or external partners is not as smooth as it could be. Improved pricing or tiered options could make it more accessible, especially for smaller organizations that do not require all enterprise features. Some users find the interface complex, particularly for everyday tasks such as filtering, tagging, or navigating playbooks. A more intuitive UI that aligns with typical analyst workflows would reduce the learning curve and boost productivity. To improve my rating closer to ten, the user interface can be simplified, as it is complex. Enhancing user experience and providing richer enrichment sources would further increase its value. Addressing these areas would make the platform more intuitive, comprehensive, and easier to adopt across all teams.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Any request that comes in, regardless of how complex it is, I can accomplish it with Torq."
"Once I started to use the system and I saw the potential, it changed all of our work in IT."
"As an analyst, it has demonstrated potential to reduce workforce requirements and time needed for related activities."
"Using that one piece of AI, we auto-closed 511 cases in quarter four alone."
"If I review about 100 vendors that I might work with, Torq is definitely in the top five that gave me personally investment back, just because every bit of effort I put into Torq eventually became a workflow that gave it back to me."
"What I appreciate most about Torq is that it is an essential part of our system."
"The best feature in Splunk SOAR is the visual Playbook Editor. The drag-and-drop interfaces make visualizations and understanding workflows easy."
"The product’s integration with other Splunk products is valuable."
"Workflow management is most valuable. It is easily customizable"
"The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me."
"We are not a 24/7 SOC, so the most valuable feature of Splunk SOAR is the auto-response to threats when we are not in the office and the notifications that it sends to the on-call engineer."
"In terms of time savings in threat responses, as a team, we save more than 30%, estimated around 30-40%."
"Surprisingly, the mobile app is valuable because it is very convenient for our on-call analysts to respond and get alerted to security alerts and events wherever they are. We are able to harness the power of Splunk SOAR and everything that we are doing, and we are also able to alert our on-call analysts 24/7. From their mobile phone, they can respond to those alerts."
"The tool's most valuable feature is its searchability and ease of action on the logs. I can easily search within the logs and take action on them, and I can trace them back to my environment because the way the logs are written is very helpful for us."
"ThreatConnect Threat Intelligence Platform (TIP) has positively impacted our organization by significantly reducing response times and improving detection accuracy by ensuring only high-confidence, context-rich indicators are pushed to security controls."
"We have been able to see a return on investment as our clients believe in us more."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
"The most valuable features are ease of use and the ability to customize it."
"ThreatConnect Threat Intelligence Platform (TIP) has a significant positive impact on our organization by improving our ability to detect, prioritize, and respond to threats quickly through centralized and enriched threat intelligence."
"The tool's installation, integration, and playbooks are very straightforward."
"The product automatically generated a threat score based on the maliciousness of an IP."
"I like their customer support."
 

Cons

"The initial deployment of Torq was not easy."
"Regarding the pricing of Torq, I would say it is expensive."
"Regarding stability, I have noticed some lagging, crashing, and downtime, which is one of my largest gripes."
"It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet."
"Even now, we have workflows that are in production that use AI steps and I get different results, making it unusable to some degree."
"One thing that we would like to see with Splunk SOAR is the expandability to the threat intelligence feed."
"Unfortunately, not all of our analysts are iPhone users or iOS users. The mobile app is only supported on iOS. Our analysts who have Android do not have that benefit. That would be a nice thing to have so that we can have it across the board and not just for iOS."
"The number of playbooks on offer should be increased."
"In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration."
"The cost of Splunk SOAR has room for improvement."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
"have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning."
"The creation of playbooks is complex in Splunk SOAR, and the number of integrations needs enhancement. Although it enhances alert handling, it still has a journey to compete with Palo Alto SOAR and FortiSOAR."
"They should make it a little bit easier to generate events and share them with the community"
"Sometimes, when using the solution, it slows down, affecting our ability to mitigate threats."
"Some users find the interface complex, particularly for everyday tasks such as filtering, tagging, or navigating playbooks."
"I couldn’t get any training videos online when I was working with the tool."
"It would be good to have more feeds and more integrated sources for enrichment."
"I would like to see improvements in the time zone support of their customer service, considering users are from different time zones."
"ThreatConnect Threat Intelligence Platform (TIP) could be improved by simplifying the user interface to better fit day-to-day analyst workflow and reducing the complexity of configuring playbook and score logic."
"Support is an area with which nobody is ever fully satisfied, so it can be improved."
 

Pricing and Cost Advice

Information not available
"The licensing cost is reasonable."
"I don't know the exact price, but for my region, it is very expensive."
"The cost is high and the licensing is on an annual basis."
"The tool is not cheap."
"It's very overpriced because it is based on the number of users. There is no bulk licensing."
"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
"Splunk SOAR is more expensive compared to other options for SOAR."
"I rate the product price as six on a scale of one to ten, where one is extremely expensive, and ten means it is cheap."
"The price could be better."
"The tool is expensive."
"The price of this product is in the mid-range, not too expensive, nor inexpensive."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
882,606 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Comms Service Provider
8%
Manufacturing Company
8%
Computer Software Company
7%
Financial Services Firm
11%
Manufacturing Company
10%
Computer Software Company
9%
University
7%
Financial Services Firm
16%
Comms Service Provider
7%
Computer Software Company
6%
Retailer
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Midsize Enterprise3
Large Enterprise4
By reviewers
Company SizeCount
Small Business12
Midsize Enterprise7
Large Enterprise34
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise23
Large Enterprise4
 

Questions from the Community

What needs improvement with Torq?
We do not utilize the AI features that much. When it comes to general AI features of Torq, we are just slowly startin...
What is your primary use case for Torq?
Torq markets itself as a security tool, and we do use them for security, but not in the traditional sense they market...
What advice do you have for others considering Torq?
I would rate Torq an eight overall. I feel that Torq is as good as the effort you put into it. The limitations are ve...
What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
What is your experience regarding pricing and costs for Splunk Phantom?
I am familiar with the pricing aspect, setup cost, and licensing cost of Splunk SOAR, and it is pretty much similar t...
What needs improvement with Splunk Phantom?
There are areas for improvement in Splunk SOAR, such as the need for more code-level customizations despite providing...
What is your experience regarding pricing and costs for ThreatConnect Threat Intelligence Platform (TIP)?
My experience with ThreatConnect Threat Intelligence Platform (TIP) pricing, setup cost, and licensing indicates that...
What needs improvement with ThreatConnect Threat Intelligence Platform (TIP)?
Based on my experience, ThreatConnect Threat Intelligence Platform (TIP) is already doing a great job in the market b...
What is your primary use case for ThreatConnect Threat Intelligence Platform (TIP)?
Our main use case for ThreatConnect Threat Intelligence Platform (TIP) is to centralize, analyze, and operationalize ...
 

Also Known As

No data available
Phantom
No data available
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

Information Not Available
Recorded Future, Blackstone
Customer Case Studies & Use Cases
Find out what your peers are saying about Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP) and other solutions. Updated: February 2026.
882,606 professionals have used our research since 2012.