Splunk SOAR Reviews

Name: Splunk SOAR
Brand: Splunk
Rating: 4.1 (58 reviews)

Vendor: Splunk

4.1 out of 5

58 reviews
89% willing to recommend

Leave a review

What is Splunk SOAR?

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.

Get the Splunk SOAR Buyer's Guide and find out what your peers are saying about Splunk SOAR, IBM Security QRadar, Microsoft Sentinel and more!

Splunk SOAR is the #2 ranked solution in SOAR tools. PeerSpot users give Splunk SOAR an average rating of 8.2 out of 10. Splunk SOAR is most commonly compared to IBM Security QRadar: Splunk SOAR vs IBM Security QRadar. Splunk SOAR is popular among the large enterprise segment, accounting for 55% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 12% of all views.

Helped 886,719 peers since 2012

Featured Splunk SOAR reviews

Shiboo Suren

Manager cybersecurity at Hexion Inc.

From my perspective, the best thing that I perceive with Splunk SOAR is where it is able to consolidate the data from the different log sources, and that helps me to investigate any incident. I am ingesting from multiple log sources. If there is an incident that has been logged, I will have visibility about all the different data that are required to investigate that incident in the single pane. In the single dashboard, I should be able to visualize it. I am able to see what has happened with this incident and what action has to be taken. Automatic recommendations also come from Splunk SOAR. These are the few things that we value very much on a day-to-day basis. Splunk SOAR has improved our MTTD and MTTR both with the consolidation with a unified platform with Splunk. Mean Time to Detect and Mean Time to Resolve were trending high before Splunk SOAR. Once we finalized and fine-tuned Splunk SOAR platform, it started trending within the limit that is defined for our organization. That's the first thing. The second thing that we have started observing is that there used to be a quality issue when it comes to investigating the incident. If an analyst investigated by looking at and correlating the data from the different sources, they always tended to make some mistake where they were overlooking some of the aspects for the incident investigation. We have improved this a lot. Since we have Splunk SOAR, where things are being automated and we are able to visualize things, we have zero or maybe no chance of missing things. That is helping us to improve the incident investigation quality. These are a few things that I will call out that has helped and that are helping on a day-to-day basis.

Read full review

Jabez Daniel

Advance Data Engineer(Cyber Security) at Novo Nordisk

The best features of Splunk SOAR include its multiple capabilities. For example, if there is a malicious IP, such as from a phishing mail, we can find out the sender IP and take action based on the verdict by using multiple app connectors in Splunk SOAR. It sends an API call to check the IP reputation and informs us if it's malicious and what actions we should take, either blocking the IP address from the perimeter firewall or storing it for future threat hunting. It connects with multiple apps such as ServiceNow and reduces the burden on the analyst by automating processes that don't require much investigation, allowing us to generate monthly reports on tasks performed by Splunk SOAR.

Read full review

Hamada Elewa

System Engineer - Security Presales at Raya Integration

I would assess Splunk SOAR's ability to integrate with other systems and applications as very relevant in my environment. I view Splunk as a platform; I can definitely consider Splunk as a platform. It is not only a SIEM or a SOAR; it is a complete platform. They are increasing the modules integrated with it, so I can give them a rating between 80 to 90%. My experience with the pricing of Splunk has been that in the past, they were very expensive, but now they can compete with even FortiSOAR or FortiSIEM. The difference in pricing is very good right now. I would usually recommend Splunk SOAR for customers who do not have the knowledge or the maturity level required for acquiring a native SOAR. If companies are new to SOAR technology, they can use Splunk SOAR, but if they are at a very good maturity level, they can use something such as Palo Alto. I would rate this review at 7 out of 10.

Read full review

Splunk SOAR mindshare

As of April 2026, the mindshare of Splunk SOAR in the Security Orchestration Automation and Response (SOAR) category stands at 7.6%, up from 7.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Orchestration Automation and Response (SOAR) Mindshare Distribution
Product	Mindshare (%)
Splunk SOAR	7.6%
Microsoft Sentinel	11.2%
Palo Alto Networks Cortex XSOAR	8.6%
Other	72.6%

Security Orchestration Automation and Response (SOAR)

PeerResearch reports based on Splunk SOAR reviews

Type	Title	Date
Category	Security Orchestration Automation and Response (SOAR)	Apr 17, 2026	Download
Product	Reviews, tips, and advice from real users	Apr 17, 2026	Download
Comparison	Splunk SOAR vs Microsoft Sentinel	Apr 17, 2026	Download
Comparison	Splunk SOAR vs Palo Alto Networks Cortex XSOAR	Apr 17, 2026	Download
Comparison	Splunk SOAR vs Torq	Apr 17, 2026	Download

Valuable Features

Splunk SOAR's key advantages include seamless third-party integrations, robust automation capabilities, and the ease of creating customizable playbooks. Its Python-based customization empowers users to develop sophisticated workflows. The visual playbook editor enhances user experience, while pre-built integrations streamline connectivity across security and IT applications. Effective in reducing mean time to detect and resolve, it improves incident management and investigation quality. It centralizes alerts management and supports diverse app integrations for efficient threat response.

"I have saved much time thanks to Splunk SOAR's impact, where earlier, without autonomous monitoring, users took almost one day or two days; now, a twenty-four hour job is done in almost thirty minutes."
"Splunk SOAR is really saving my time."
"The most valuable feature of Splunk SOAR that stands out is it has a great SOAR, the automation and orchestration module is highly mature, and a lot of use cases are on user entity and behavioral analytics (UEBA), which is artificial intelligence and machine learning-based (AIML)."

Room for Improvement

Users find that Splunk SOAR has integration gaps and difficulties in creating playbooks due to limited functionalities and cumbersome interfaces. Many mention high costs and a steep learning curve, particularly for beginners. Enhancements in integration, UI/UX, and automation options are expected. The lack of advanced features like AI integration, better debugging tools, and detailed training materials are further areas needing improvement. The absence of efficient support and flexible customization is frequently highlighted.

"From the improvement point of view regarding Splunk SOAR, I suggest including more types of LLM models such as autonomous AI models including Anthropic and Opus 4.6, as well as creating a playground for new users to work on these, which will significantly help solve complex problems and assist new companies in understanding how Splunk works easily."
"Splunk SOAR follows very flat pricing and most of the time it's very high when compared to the other competitors."
"The Splunk SOAR case management feature lacks some of the functionalities like the possibility to fully customize the fields for the tickets/events and create custom statuses."

ROI

Organizations experienced enhanced efficiency with Splunk SOAR, automating tasks and reducing security personnel needs. Some took months to see value, but Splunk SOAR showed strong returns, saving significant time and costs. Users noted improved business resilience and proactive issue prediction. Those skilled with the system recognized its benefits quickly. Challenges included quantifying returns and ongoing maintenance efforts, but many appreciated Splunk SOAR's significant impact on phishing alert management and false positive reduction.

Pricing

Enterprise buyers report that Splunk SOAR is priced on the higher side, especially for smaller organizations. Costs are based on subscription and user count, with built-in volume discounts. Users find the pricing model to be justified by the tool’s ability to enhance efficiency through advanced automation, integration, and workflow customization. However, some consumers experience pricing changes as abrupt and non-negotiable, which can be challenging for budgeting. Despite this, many acknowledge the long-term return on investment.

"Splunk SOAR is moderately priced, neither cheap nor overly expensive."
"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."
"I found the price of Splunk SOAR to be good."

Popular Use Cases

Organizations primarily utilize Splunk SOAR for security automation and incident response. It helps reduce manual intervention by automating workflows for threat detection, incident investigation, and remediation. Key applications include risk management, managing phishing attacks, implementing third-party integrations, enhancing the Security Operations Center's efficiency, and orchestrating security tasks. Additionally, it streamlines response processes by employing playbook automation, integrating with external services, and supporting various deployment options on cloud or on-premises.

Service and Support

Customers generally find Splunk SOAR's support effective, emphasizing its responsiveness and helpful professional services. Many prefer engaging with its robust community for quicker resolutions, noting the support's slower prioritization based on ticket criticality. Users acknowledge support's dedication and appreciate their thorough, proactive assistance. Despite varying experiences with ticket response times and expertise in niche cases, they value the knowledgeable team and commend its playbook and automation capabilities, rating support mostly between eight and nine out of ten.

Deployment

Splunk SOAR's initial setup varies in complexity depending on the environment and experience level. For some, it is straightforward, taking just a few hours or days with good documentation and ready integrations. Others find it medium effort, requiring a team and technical knowledge in cases of complex deployments. Some describe it as challenging, needing specialized support, particularly for extensive customization or multiple server configurations. The process requires planning and support.

Scalability

Many users highlight that Splunk SOAR is highly scalable, accommodating various user bases from small to large enterprises. It supports automation in complex environments and can handle significant workloads, but some experience hardware bottlenecks at higher nodes. Despite a few scalability challenges, it generally receives high praise for scalability and flexibility. Its design allows tailored expansion by adding hardware and managing workloads, proving effective for many organizations.

Stability

Splunk SOAR is generally stable. Users report minimal issues and find it efficient with data handling. Many rate its stability between seven and nine out of ten, noting rare downtime. Early concerns involved configuration, but most have resolved. Some experience latency in data access, especially over prolonged periods. Stability depends on setup and technical specs. Problems often stem from external services, not Splunk SOAR directly. Despite minor challenges, it's highly reliable.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Splunk SOAR Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	13
Midsize Enterprise	7
Large Enterprise	32

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	183
Midsize Enterprise	119
Large Enterprise	364

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

12%

Manufacturing Company

11%

Computer Software Company

University

Construction Company

Comms Service Provider

Outsourcing Company

Healthcare Company

Insurance Company

Educational Organization

Government

Energy/Utilities Company

Retailer

Performing Arts

Marketing Services Firm

Media Company

Aerospace/Defense Firm

Transportation Company

Real Estate/Law Firm

Hospitality Company

Legal Firm

Non Profit

Consumer Goods Company

Pharma/Biotech Company

Recreational Facilities/Services Company

Local Government

Compare Splunk SOAR with alternative products

Learn more about Splunk SOAR

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Splunk SOAR was previously known as Phantom.

Splunk SOAR customers

Recorded Future, Blackstone

Product Categories

Security Orchestration Automation and Response (SOAR)

Popular Comparisons

IBM Security QRadar vs Splunk SOAR

Microsoft Sentinel vs Splunk SOAR

Elastic Security vs Splunk SOAR

AWS Security Hub vs Splunk SOAR

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Exabeam vs Splunk SOAR

Torq vs Splunk SOAR

Stellar Cyber Open XDR vs Splunk SOAR

Sumo Logic Security vs Splunk SOAR

Logpoint vs Splunk SOAR

Tines vs Splunk SOAR

Google Security Operations vs Splunk SOAR

ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR

ServiceNow Security Operations vs Splunk SOAR

Fortinet FortiSOAR vs Splunk SOAR

See all alternatives

Splunk SOAR Reviews Summary
Author info	Rating	Review Summary
Manager cybersecurity at Hexion Inc.	3.5	Splunk SOAR significantly improved our incident response, automating resolutions and consolidating data to cut MTTD/MTTR, saving 300+ hours monthly. I value its improved investigation quality, but desire better threat intelligence integration.
Advance Data Engineer(Cyber Security) at Novo Nordisk	3.5	I use Splunk SOAR for SOC orchestration, automating tasks like notifications and saving 30-40% time. It's stable and scalable, yet needs more code customization, AI integration, faster app integration, and better customer support.
System Engineer - Security Presales at Raya Integration	3.5	I find Splunk SOAR's easy playbook creation drastically cuts my MTTR/MTTD by 70%. However, I face integration problems, increased event volume, and an unclear playbook viewer. It needs more out-of-the-box integrations, AI, and threat intelligence, despite its seamless setup and good support.
Identity and Access Management Specialist at a university with 10,001+ employees	4.0	I rely on Splunk SOAR for ITDR automation, drastically reducing manual security tasks by 95% and efficiently handling incidents like MFA attacks. Its visual editor and orchestration are valuable, though CI/CD for playbooks needs improvement.
Cyber Security Network Security Engineer at Cirrus Logic	4.5	I value Splunk SOAR for automating security response like phishing, praising its seamless deployment, integrations, and real-time capabilities that deliver strong ROI. While reliable, I'd appreciate better on-prem integration and more accessible official support beyond community resources.
Global Head Of Security Architecture Digital & Technology at Aramex	4.5	I value Splunk SOAR for automating security tasks, like phishing response and malware detection, significantly saving time and boosting resilience. It's stable with good support, though I suggest more advanced LLM integration and alert cost optimization.
Splunk/SOAR Engineer	4.0	I find Splunk SOAR significantly boosts security operations, automating 60% of tasks and reducing MTTR/MTTD by 30-40%. Its visual Playbook Editor and extensive integrations are highly valuable, though it needs better debugging and reporting. It's a flexible, moderately-priced solution.
Senior Information Security Engineer at a tech company with 10,001+ employees	3.5	I find Splunk SOAR excellent for SOC automation, using its custom apps for integrations that save time and boost accuracy. My main concerns are the lack of coding IntelliSense and slow AI adoption, though it offers broad automation potential.

Title	Rating	Mindshare	Recommending
IBM Security QRadar	4.0	5.7%	90%	217 interviews Add to research
Microsoft Sentinel	4.1	11.2%	93%	108 interviews Add to research

Splunk SOAR Reviews

What is Splunk SOAR?

Featured Splunk SOAR reviews

Splunk SOAR mindshare

PeerResearch reports based on Splunk SOAR reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Splunk SOAR with alternative products

Learn more about Splunk SOAR

Go from overwhelmed to in-control

Force multiply your team

From 30 minutes to 30 seconds

End-to-end security operations made easy

Splunk SOAR customers

Related questions

Product Categories

Popular Comparisons