Splunk SOAR Reviews

Name: Splunk SOAR
Brand: Splunk
Rating: 4.0 (46 reviews)

4.0 out of 5

46 reviews
86% willing to recommend

What is Splunk SOAR?

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.

Get the Splunk SOAR Buyer's Guide and find out what your peers are saying about Splunk SOAR, Microsoft Sentinel, IBM Security QRadar and more!

Splunk SOAR is the #3 ranked solution in SOAR tools. PeerSpot users give Splunk SOAR an average rating of 8.0 out of 10. Splunk SOAR is most commonly compared to Microsoft Sentinel: Splunk SOAR vs Microsoft Sentinel. Splunk SOAR is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 13% of all views.

Helped 865,738 peers since 2012

Featured Splunk SOAR reviews

Hamada Elewa

System Engineer - Security Presales at Raya Integration

We work with Splunk SOAR from a security perspective, focusing on User Behavior Analytics (UBA) and Security Orchestration, Automation, and Response (SOAR) The customization of the playbook in Splunk SOAR is very beneficial. After building the playbook, it operates professionally. There is an AI…

Read full review

Jay-Panchal

Information Security Analyst at a healthcare company with 1,001-5,000 employees

Splunk has many features that make work easier, and it's simple to implement in a large production environment. Splunk collects a massive amount of data from cloud servers and handles it perfectly. It manages the whole thread of data security logs and visualizes the data, making it easier to view everything. Splunk gives you end-to-end visibility of your on-prem environment, enabling you to troubleshoot issues easily. Splunk integrates easily with the AWS cloud and also other clouds like GCP and Azure. It quickly and efficiently captures all the logs from the cloud just like it was capturing logs from your on-premises environment.

Read full review

Rodrigo Scorsatto

Senior Principal Site Reliability Engineer at Dell Technologies

Splunk SOAR has a user-friendly interface that simplifies playbook creation. While some initial training is helpful, the drag-and-drop functionality and pre-built code generation features make it accessible even for those without extensive coding experience. This ease of use allows teams to quickly automate incident response tasks, reducing the business impact. Splunk SOAR helps us improve our data collection and automate operational tasks. While it enriches data, some actions require approval or additional information. For application outages, immediate action is crucial to avoid business impact, and time to respond is key to be able to identify the root cause of issues. For example, if a database server goes down, if the analyst doesn't check the issue right after it occurs, they may end up losing precious logs, which would help them identify the issue and avoid reoccurrence. Additionally, manual database tasks like service restarts or log checks are time-consuming. Splunk SOAR automates these tasks, enriching our log collection, running health checks, and generating reports for the database team. This allows for faster issue identification and resolution, ultimately contributing to high system availability and minimal customer impact. It provides a comprehensive solution for our environment's health. Splunk offers two key products: Splunk as an observability tool that detects critical issues, and Splunk SOAR, an automation platform that enriches data and even automates remediation actions. SOAR offers easy integration with various tools. We can leverage pre-built apps for common integrations or create custom ones. While Splunk integrations are automatic, SOAR's API allows us to send data from any observability tool using the SOAR API. This API offers different options to manage the platform, and one of the options is to create a container in SOAR, which can trigger the appropriate playbook based on a label name, simplifying integration with new tools and accelerating proof-of-concept deployments. Implementing a SOAR platform significantly improved our IT operations. Previously, frequent application downtime overwhelmed our busy operations team, forcing them to prioritize and leave some issues unresolved. SOAR automation relieved this pressure by allowing us to create playbooks that automatically detect and fix recurring problems. While the initial setup required developing playbooks and standards, the resulting reduction in alerts and faster issue resolution freed up the operations team's time and had a major positive impact on our overall IT environment. Our mean time to detect is within seconds. Before SOAR, manually detecting and resolving server issues was slow and unreliable. It could take hours for an overloaded team to identify a problem, and even longer to fix it, potentially impacting customers. SOAR automates this process, triggering immediate responses that take seconds, minimizing downtime, and ensuring a smooth customer experience. Our mean time to resolution is improved. SOAR helps resolve issues quickly by automating tasks through playbooks. When an issue is detected, SOAR can run a playbook to fix it or provide more information to analysts, expediting resolution. SOAR has significantly improved our efficiency by automating manual tasks. This frees our IT staff to focus on resolving issues faster and tackling more complex projects.

Read full review

Splunk SOAR mindshare

As of August 2025, the mindshare of Splunk SOAR in the Security Orchestration Automation and Response (SOAR) category stands at 7.8%, down from 8.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Orchestration Automation and Response (SOAR) Market Share Distribution
Product	Market Share (%)
Splunk SOAR	7.8%
Microsoft Sentinel	16.9%
Palo Alto Networks Cortex XSOAR	10.1%
Other	65.2%

Security Orchestration Automation and Response (SOAR)

PeerResearch reports based on Splunk SOAR reviews

Type	Title	Date
Category	Security Orchestration Automation and Response (SOAR)	Aug 25, 2025	Download
Product	Reviews, tips, and advice from real users	Aug 25, 2025	Download
Comparison	Splunk SOAR vs Microsoft Sentinel	Aug 25, 2025	Download
Comparison	Splunk SOAR vs Palo Alto Networks Cortex XSOAR	Aug 25, 2025	Download
Comparison	Splunk SOAR vs IBM Security QRadar	Aug 25, 2025	Download

Title	Rating	Mindshare	Recommending
Microsoft Sentinel	4.1	16.9%	93%	98 interviews Add to research
IBM Security QRadar	4.0	7.2%	91%	209 interviews Add to research

Valuable Features

Splunk SOAR's most valuable features include risk-based access control, team collaboration, flexible integration with other tools, and user-friendly design. It excels in automating tasks with customizable playbooks, reducing manual work, and saving time. The platform supports extensive third-party integrations, enhancing security operations. It provides strong incident response capabilities through automation and orchestration, improving mean time to detection and resolution. Splunk SOAR's API connectors and search functionality further enhance its versatility and efficiency.

"Splunk SOAR has made a huge impact across security operations and the business overall."
"The best feature in Splunk SOAR is the visual Playbook Editor. The drag-and-drop interfaces make visualizations and understanding workflows easy."
"The customization of the playbook in Splunk SOAR is very beneficial."

Room for Improvement

Splunk SOAR users report integration challenges, with difficulties related to APIs, Microsoft products, and IAM solutions. Enhancements are needed in automation, indexing, escalation management, and analytics. Navigation and documentation require updates, and the interface could be more user-friendly. Configuration and setup need simplification; pricing is seen as high. Customization is limited in playbooks, the playbook editor is cumbersome, and reporting functionality is lacking. Additional integrations, improved training, and better upgrade processes are recommended.

"It would be nice if we could put it on other search heads, not just Enterprise Security."
"There are areas in Splunk SOAR that have room for improvement. To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced lifecycle management."
"To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced lifecycle management."

ROI

Organizations report significant time savings with Splunk SOAR and recognize its value for automating tasks. While many see a positive return, some face challenges in justifying it due to ongoing development efforts and staffing issues. The implementation phase may delay the realization of benefits. Entities observe roughly a forty-five percent return, though perceptions vary regarding immediate effectiveness. Clients appreciate its efficiency in streamlining operations, allowing teams to reduce staffing and gain unexpected value.

Pricing

Splunk SOAR employs a subscription-based, consumption-driven licensing model often considered expensive, particularly for smaller enterprises. Licensing costs can range substantially, and additional fees may apply for modules, support, or setup. Volume discounts and user-based pricing options exist, but costs remain a significant consideration for many. Despite high fees, users generally find value in the product's capabilities and performance, which justify the investment for medium to large enterprises seeking robust automation solutions.

"Splunk SOAR is moderately priced, neither cheap nor overly expensive."
"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."
"I found the price of Splunk SOAR to be good."

Popular Use Cases

Consulting firms utilize Splunk SOAR for orchestration across diverse data sources and to automate threat analysis and incident response. Users leverage it for phishing detection, malware investigation, and enriching alerts within SOCs. Deployment is possible on-premises or in the cloud, supporting user activity monitoring, privileged account protection, and security automation. Playbooks automate tasks in cybersecurity, optimizing workflows and integrations across third-party applications. Automation improves efficiency by reducing manual intervention and time spent on investigations.

Service and Support

Customers find Splunk SOAR's support generally positive, noting improvements post-acquisition. Documentation is praised, often negating the need for direct contact. Some experience varied responsiveness; while telecom and IoT scenarios reveal gaps, IT support is strong. Support is rated mostly above average, with dedicated assistance and quick ticket handling appreciated. Community resources enhance problem-solving, sometimes outperforming direct support. Playbook assistance is valued, contributing to better platform performance and adaptability.

Deployment

Splunk SOAR's initial setup varies in complexity; some find it straightforward, while others experience challenges due to integrations and configurations. Deployment times can differ significantly, with some completing it in days and others taking months. A skilled team is often required. Documentation is helpful, yet issues such as licensing and customizations may arise. Training users on playbooks is generally quick, and configurations often depend on the existing infrastructure and specific needs.

Scalability

Splunk SOAR is largely scalable, adaptable to various user needs, and effective across both small and large environments. Many users find it easy to manage, supporting enterprises with up to thousands of users, but some note challenges in specific configurations. With flexibility to expand and handle large data volumes, it garners high ratings. Though some experience occasional bottlenecks or hardware issues, it remains a preferred choice for automation and administrative efficiency.

Stability

Splunk SOAR is generally reliable, though some users mention occasional challenges such as crashing during high loads or compatibility issues. Most users find it stable with minimal downtime. They appreciate the High Availability/Disaster Recovery features. Rating varies from seven to nine out of ten. Issues typically arise from external factors, and the built-in stability is praised. Minor bugs are managed efficiently, contributing to consistently positive feedback regarding stability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Splunk SOAR Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	11
Midsize Enterprise	7
Large Enterprise	24

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	214
Midsize Enterprise	129
Large Enterprise	540

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

13%

Financial Services Firm

12%

Manufacturing Company

11%

University

Government

Construction Company

Comms Service Provider

Educational Organization

Retailer

Healthcare Company

Insurance Company

Energy/Utilities Company

Outsourcing Company

Real Estate/Law Firm

Media Company

Performing Arts

Hospitality Company

Aerospace/Defense Firm

Non Profit

Recreational Facilities/Services Company

Legal Firm

Transportation Company

Consumer Goods Company

Pharma/Biotech Company

Wholesaler/Distributor

Compare Splunk SOAR with alternative products

Learn more about Splunk SOAR

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Splunk SOAR was previously known as Phantom.

Splunk SOAR customers

Recorded Future, Blackstone

Product Categories

Security Orchestration Automation and Response (SOAR)

Popular Comparisons

Microsoft Sentinel vs Splunk SOAR

IBM Security QRadar vs Splunk SOAR

Elastic Security vs Splunk SOAR

AWS Security Hub vs Splunk SOAR

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Exabeam vs Splunk SOAR

Tines vs Splunk SOAR

ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR

ServiceNow Security Operations vs Splunk SOAR

Sumo Logic Security vs Splunk SOAR

Torq vs Splunk SOAR

Fortinet FortiSOAR vs Splunk SOAR

Logpoint vs Splunk SOAR

Swimlane vs Splunk SOAR

Google Security Operations vs Splunk SOAR

See all alternatives

Splunk SOAR Reviews Summary
Author info	Rating	Review Summary
Splunk/SOAR Engineer	4.0	My focus with Splunk SOAR is on data deployment, configuration, and integration with various platforms. The visual Playbook Editor is a standout feature. Improvements could include better debugging tools and collaboration features. It's more flexible than other SOAR solutions I've used.
System Engineer - Security Presales at Raya Integration	2.5	I work with Splunk SOAR for security, notably user behavior analytics and orchestration. Its playbook customization is beneficial, despite being hardware-intensive and complex. While Splunk enhances alerts, it needs better integrations to rival Palo Alto SOAR and FortiSOAR.
Information Security Analyst at a healthcare company with 1,001-5,000 employees	4.0	I use Splunk to detect and analyze threats, benefiting from its vast data collection and visualization features. While it's expensive and challenging for beginners, its integration capabilities and effectiveness surpass previous solutions like Wazoo, though the dashboard could improve.
Senior Principal Site Reliability Engineer at a tech vendor with 10,001+ employees	4.5	Splunk SOAR is a versatile automation platform that excels in security and general tasks. It integrates with various technologies and offers customizable playbooks. While user-friendly and comprehensive, improvements in log review and AI assistance could enhance its development efficiency.
Information Security Architect at UMMS	4.0	We've used Splunk SOAR with Mission Control for a year, improving alert handling and efficiency. Integration with Enterprise Security is key, setup was easy, and while minor issues exist, overall performance and ROI have been very positive.
SOAR Engineer at Accenture Federal Services	4.0	As an MSSP focused on detection and response, we use Splunk SOAR for alert processing and playbook automation to minimize manual SOC tasks, although case management could improve. We chose it for integration with our existing Splunk ecosystem.
SOC analyst at Bkav Corp.	4.5	I use Splunk SOAR primarily for incident investigations due to its effective Playbook feature and automation, which significantly reduces investigation time. Its integration with various tools enhances security, and customers prefer it over IBM for its usability and reputation.
Consultant at HCL Technologies	4.0	I use Splunk SOAR for incident response and automation, effectively reducing false positives and improving resolution times with seamless integration of tools like VirusTotal and ServiceNow, though I see room for AIOps enhancement to boost predictability.

Splunk SOAR Reviews

What is Splunk SOAR?

Featured Splunk SOAR reviews

Splunk SOAR mindshare

PeerResearch reports based on Splunk SOAR reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Splunk SOAR with alternative products

Learn more about Splunk SOAR

Go from overwhelmed to in-control

Force multiply your team

From 30 minutes to 30 seconds

End-to-end security operations made easy

Splunk SOAR customers

Related questions

Product Categories

Popular Comparisons