Splunk SOAR Reviews

Name: Splunk SOAR
Brand: Splunk
Rating: 4.1 (58 reviews)

Vendor: Splunk

4.1 out of 5

58 reviews
89% willing to recommend

Leave a review

What is Splunk SOAR?

Splunk SOAR focuses on automating security operations with seamless third-party integrations and customizable workflows, enhancing incident response and threat management.

Get the Splunk SOAR Buyer's Guide and find out what your peers are saying about Splunk SOAR, IBM Security QRadar, Microsoft Sentinel and more!

Splunk SOAR is the #2 ranked solution in SOAR tools. PeerSpot users give Splunk SOAR an average rating of 8.2 out of 10. Splunk SOAR is most commonly compared to IBM Security QRadar: Splunk SOAR vs IBM Security QRadar. Splunk SOAR is popular among the large enterprise segment, accounting for 54% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 12% of all views.

Helped 890,088 peers since 2012

Featured Splunk SOAR reviews

Shiboo Suren

Manager cybersecurity at Hexion Inc.

From my perspective, the best thing that I perceive with Splunk SOAR is where it is able to consolidate the data from the different log sources, and that helps me to investigate any incident. I am ingesting from multiple log sources. If there is an incident that has been logged, I will have visibility about all the different data that are required to investigate that incident in the single pane. In the single dashboard, I should be able to visualize it. I am able to see what has happened with this incident and what action has to be taken. Automatic recommendations also come from Splunk SOAR. These are the few things that we value very much on a day-to-day basis. Splunk SOAR has improved our MTTD and MTTR both with the consolidation with a unified platform with Splunk. Mean Time to Detect and Mean Time to Resolve were trending high before Splunk SOAR. Once we finalized and fine-tuned Splunk SOAR platform, it started trending within the limit that is defined for our organization. That's the first thing. The second thing that we have started observing is that there used to be a quality issue when it comes to investigating the incident. If an analyst investigated by looking at and correlating the data from the different sources, they always tended to make some mistake where they were overlooking some of the aspects for the incident investigation. We have improved this a lot. Since we have Splunk SOAR, where things are being automated and we are able to visualize things, we have zero or maybe no chance of missing things. That is helping us to improve the incident investigation quality. These are a few things that I will call out that has helped and that are helping on a day-to-day basis.

Read full review

Jabez Daniel

Advance Data Engineer(Cyber Security) at Novo Nordisk

The best features of Splunk SOAR include its multiple capabilities. For example, if there is a malicious IP, such as from a phishing mail, we can find out the sender IP and take action based on the verdict by using multiple app connectors in Splunk SOAR. It sends an API call to check the IP reputation and informs us if it's malicious and what actions we should take, either blocking the IP address from the perimeter firewall or storing it for future threat hunting. It connects with multiple apps such as ServiceNow and reduces the burden on the analyst by automating processes that don't require much investigation, allowing us to generate monthly reports on tasks performed by Splunk SOAR.

Read full review

Hamada Elewa

System Engineer - Security Presales at Raya Integration

I would assess Splunk SOAR's ability to integrate with other systems and applications as very relevant in my environment. I view Splunk as a platform; I can definitely consider Splunk as a platform. It is not only a SIEM or a SOAR; it is a complete platform. They are increasing the modules integrated with it, so I can give them a rating between 80 to 90%. My experience with the pricing of Splunk has been that in the past, they were very expensive, but now they can compete with even FortiSOAR or FortiSIEM. The difference in pricing is very good right now. I would usually recommend Splunk SOAR for customers who do not have the knowledge or the maturity level required for acquiring a native SOAR. If companies are new to SOAR technology, they can use Splunk SOAR, but if they are at a very good maturity level, they can use something such as Palo Alto. I would rate this review at 7 out of 10.

Read full review

Splunk SOAR mindshare

As of April 2026, the mindshare of Splunk SOAR in the Security Orchestration Automation and Response (SOAR) category stands at 7.6%, up from 7.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Orchestration Automation and Response (SOAR) Mindshare Distribution
Product	Mindshare (%)
Splunk SOAR	7.6%
Microsoft Sentinel	11.2%
Palo Alto Networks Cortex XSOAR	8.6%
Other	72.6%

Security Orchestration Automation and Response (SOAR)

PeerResearch reports based on Splunk SOAR reviews

Type	Title	Date
Category	Security Orchestration Automation and Response (SOAR)	Apr 27, 2026	Download
Product	Reviews, tips, and advice from real users	Apr 27, 2026	Download
Comparison	Splunk SOAR vs Microsoft Sentinel	Apr 27, 2026	Download
Comparison	Splunk SOAR vs Palo Alto Networks Cortex XSOAR	Apr 27, 2026	Download
Comparison	Splunk SOAR vs Torq	Apr 27, 2026	Download

Valuable Features

Splunk SOAR's most valuable features include seamless third-party integrations, extensive playbook library, automation capabilities, and the impressive Splunk Store. Users find it easy to create playbooks with Python, automate processes, and increase productivity. The system efficiently reduces mean time to detect and resolve, consolidates tools, enables end-to-end visibility, and boosts incident response speed. It supports custom apps, offers extensive API integrations, and enhances workflow management and threat intelligence enrichment, significantly benefiting organizations.

"I have saved much time thanks to Splunk SOAR's impact, where earlier, without autonomous monitoring, users took almost one day or two days; now, a twenty-four hour job is done in almost thirty minutes."
"Splunk SOAR is really saving my time."
"The most valuable feature of Splunk SOAR that stands out is it has a great SOAR, the automation and orchestration module is highly mature, and a lot of use cases are on user entity and behavioral analytics (UEBA), which is artificial intelligence and machine learning-based (AIML)."

Room for Improvement

Splunk SOAR requires better integration with Microsoft products and third-party solutions, more built-in playbooks, and enhanced AIOps functionality. Pricing is seen as expensive. Users find the playbook editor cumbersome and the UI could be more customizable. Training materials need depth; the support team could be more efficient. Developers desire API improvements, intuitive coding assistance, and enhanced debugging tools. Enhancing threat intelligence feeds and reducing security event volume are also needed improvements.

"From the improvement point of view regarding Splunk SOAR, I suggest including more types of LLM models such as autonomous AI models including Anthropic and Opus 4.6, as well as creating a playground for new users to work on these, which will significantly help solve complex problems and assist new companies in understanding how Splunk works easily."
"Splunk SOAR follows very flat pricing and most of the time it's very high when compared to the other competitors."
"The Splunk SOAR case management feature lacks some of the functionalities like the possibility to fully customize the fields for the tickets/events and create custom statuses."

ROI

Splunk SOAR has enhanced ROI for many users, with a noticeable time-saving in routine security tasks and improved efficiency in managing resources. Companies reported a reduction in false positives and increased containment in phishing campaigns. Some have integrated it throughout their systems, seeing reduced headcount needs. Although new users may take time to perceive benefits, the automation and strategic focus shift have proven valuable. However, some found challenges in measuring ROI due to ongoing development work.

Pricing

Enterprise buyers find Splunk SOAR pricing relatively high, often feeling it's more expensive than competitors. Costs increase with user count, which small-sized enterprises might find limiting. Despite a potentially higher upfront investment, many enterprises believe the ROI justifies the expense due to the automation capabilities and integration benefits. Licensing follows a subscription-based model, with some organizations noting a shift to user-based pricing that aligns more closely with their needs, allowing enhanced automation without volume constraints.

"Splunk SOAR is moderately priced, neither cheap nor overly expensive."
"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."
"I found the price of Splunk SOAR to be good."

Popular Use Cases

Splunk SOAR is utilized for security automation, incident response, and integration of security tools like firewalls and ticketing systems. Organizations primarily deploy it to streamline Security Operation Center processes, reduce manual investigations, and enhance efficiency through playbook automation and third-party application integration. Its key applications include phishing response, automating threat detection, and orchestrating email security, enabling companies to accelerate response times and manage alerts effectively within cloud and on-premise environments.

Service and Support

Splunk SOAR's customer service and technical support receive positive feedback for responsiveness and helpfulness. Users appreciate the community-based resources for quick solutions. Although some find response times needing improvement, there are dedicated teams for fast issue resolution. Users rate the support between seven and nine out of ten, noting effective assistance for IT use cases but challenges with OT and IoT. The documentation is praised, and premium support offers swift responses with dedicated account managers.

Deployment

Users find Splunk SOAR's initial setup of medium difficulty. Some users report a straightforward experience, citing its user-friendly interface and readily available documentation. However, others encounter complex setups, particularly with newer versions requiring technical expertise, modifications, or escalations. Deployment duration varies widely, spanning from a few hours to several months, influenced by factors like environment size, team size, and specific integrations. Training time for teams also ranges, with some needing weeks or months.

Scalability

Splunk SOAR is known for its scalability, accommodating a wide range of user environments from small to large organizations. Users report no major scaling issues and appreciate its ability to handle increased workloads efficiently. Its flexible and customizable platform supports enterprise-level clients, yet some mention hardware bottlenecks and the need for improvements in complex environments. It integrates well with numerous apps, facilitating growth with user needs while handling substantial data volumes.

Stability

Splunk SOAR is generally stable, with users noting consistent performance, minimal downtime, and reliability. Stability varies based on configuration and resources, with some experiencing minor issues like lag or bugs. Users rate stability between seven to nine out of ten. Concerns include occasional latency, initial bugs, or compatibility issues with backend services. Emphasizing strong stability, Splunk SOAR operates effectively in environments that meet resource recommendations and ensure proper setup, handling vast data efficiently.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Splunk SOAR Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	13
Midsize Enterprise	7
Large Enterprise	32

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	181
Midsize Enterprise	119
Large Enterprise	357

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

12%

Manufacturing Company

10%

Computer Software Company

University

Construction Company

Comms Service Provider

Outsourcing Company

Healthcare Company

Educational Organization

Insurance Company

Government

Energy/Utilities Company

Performing Arts

Retailer

Media Company

Marketing Services Firm

Transportation Company

Aerospace/Defense Firm

Real Estate/Law Firm

Hospitality Company

Legal Firm

Non Profit

Pharma/Biotech Company

Consumer Goods Company

Recreational Facilities/Services Company

Wholesaler/Distributor

Local Government

Compare Splunk SOAR with alternative products

Learn more about Splunk SOAR

Splunk SOAR offers robust playbook automation and powerful API connectivity, allowing organizations to streamline workflows and integrate extensively with tools like Salesforce and ServiceNow. With its capabilities in real-time data visualization and automated threat responses, it significantly enhances security and reduces manual efforts. Users appreciate the ease of creating playbooks, which reduces mean time to detect and resolve. However, attention to its integration challenges with Microsoft products, the need for more playbooks, and improved customization tools is necessary. Enhancements in the development process, visibility, scalability, and case management options are also beneficial. Improving documentation and training resources would add more depth and accessibility.

What are the top features of Splunk SOAR?

Third-party integrations: Supports extensive integration with tools like Salesforce and ServiceNow.
Playbook automation: Facilitates easy creation and management of automated workflows.
Customizable workflows: Offers Python-based customization for tailored security operations.
API connectivity: Powerful API support for seamless tool consolidation and streamlined workflows.
Data visualization: Provides real-time data visualization for enhanced situational awareness.

What benefits or ROI users should consider?

Operational efficiency: Reduces mean time to detect and resolve incidents through automation.
Manual effort reduction: Automates threat responses, minimizing manual workload in security operations.
Enhanced security: Offers end-to-end visibility and automated threat mitigation processes.
Time savings: Optimizes processes and improves response efficiency in cybersecurity operations.

Organizations implement Splunk SOAR in industries to automate tasks in Security Operation Centers, addressing incidents such as phishing, brute force, and ransomware. It integrates with third-party applications for threat intelligence enrichment, commonly deployed both on-premise and cloud, enhancing cybersecurity efforts.

Splunk SOAR was previously known as Phantom.

Splunk SOAR customers

Recorded Future, Blackstone

Product Categories

Security Orchestration Automation and Response (SOAR)

Popular Comparisons

IBM Security QRadar vs Splunk SOAR

Microsoft Sentinel vs Splunk SOAR

Elastic Security vs Splunk SOAR

AWS Security Hub vs Splunk SOAR

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Torq vs Splunk SOAR

Exabeam vs Splunk SOAR

Stellar Cyber Open XDR vs Splunk SOAR

Sumo Logic Security vs Splunk SOAR

Logpoint vs Splunk SOAR

Tines vs Splunk SOAR

Google Security Operations vs Splunk SOAR

ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR

ServiceNow Security Operations vs Splunk SOAR

Fortinet FortiSOAR vs Splunk SOAR

See all alternatives

Splunk SOAR Reviews Summary
Author info	Rating	Review Summary
Manager cybersecurity at Hexion Inc.	3.5	Splunk SOAR significantly improved our incident response, automating resolutions and consolidating data to cut MTTD/MTTR, saving 300+ hours monthly. I value its improved investigation quality, but desire better threat intelligence integration.
Advance Data Engineer(Cyber Security) at Novo Nordisk	3.5	I use Splunk SOAR for SOC orchestration, automating tasks like notifications and saving 30-40% time. It's stable and scalable, yet needs more code customization, AI integration, faster app integration, and better customer support.
System Engineer - Security Presales at Raya Integration	3.5	I find Splunk SOAR's easy playbook creation drastically cuts my MTTR/MTTD by 70%. However, I face integration problems, increased event volume, and an unclear playbook viewer. It needs more out-of-the-box integrations, AI, and threat intelligence, despite its seamless setup and good support.
Identity and Access Management Specialist at a university with 10,001+ employees	4.0	I rely on Splunk SOAR for ITDR automation, drastically reducing manual security tasks by 95% and efficiently handling incidents like MFA attacks. Its visual editor and orchestration are valuable, though CI/CD for playbooks needs improvement.
Cyber Security Network Security Engineer at Cirrus Logic	4.5	I value Splunk SOAR for automating security response like phishing, praising its seamless deployment, integrations, and real-time capabilities that deliver strong ROI. While reliable, I'd appreciate better on-prem integration and more accessible official support beyond community resources.
Global Head Of Security Architecture Digital & Technology at Aramex	4.5	I value Splunk SOAR for automating security tasks, like phishing response and malware detection, significantly saving time and boosting resilience. It's stable with good support, though I suggest more advanced LLM integration and alert cost optimization.
Cybersecurity Consultant at Nnamdi Azikiwe University	4.0	I value Splunk SOAR for its strong automation, extensive integration, and fast incident response, especially with Python customization. It significantly improves ROI and I find it stable with good support. However, its learning curve needs improvement.
Senior Information Security Engineer at a tech company with 10,001+ employees	3.5	I find Splunk SOAR excellent for SOC automation, using its custom apps for integrations that save time and boost accuracy. My main concerns are the lack of coding IntelliSense and slow AI adoption, though it offers broad automation potential.

Title	Rating	Mindshare	Recommending
IBM Security QRadar	4.0	5.7%	90%	217 interviews Add to research
Microsoft Sentinel	4.1	11.2%	93%	109 interviews Add to research

Splunk SOAR Reviews

What is Splunk SOAR?

Featured Splunk SOAR reviews

Splunk SOAR mindshare

PeerResearch reports based on Splunk SOAR reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Splunk SOAR with alternative products

Learn more about Splunk SOAR

Splunk SOAR customers

Related questions

Product Categories

Popular Comparisons