Splunk SOAR Reviews

Name: Splunk SOAR
Brand: Splunk
Rating: 4.0 (53 reviews)

Vendor: Splunk

4.0 out of 5

53 reviews
88% willing to recommend

Leave a review

What is Splunk SOAR?

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.

Get the Splunk SOAR Buyer's Guide and find out what your peers are saying about Splunk SOAR, Microsoft Sentinel, IBM Security QRadar and more!

Splunk SOAR is the #2 ranked solution in SOAR tools. PeerSpot users give Splunk SOAR an average rating of 8.0 out of 10. Splunk SOAR is most commonly compared to Microsoft Sentinel: Splunk SOAR vs Microsoft Sentinel. Splunk SOAR is popular among the large enterprise segment, accounting for 60% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 12% of all views.

Helped 880,745 peers since 2012

Featured Splunk SOAR reviews

Shiboo Suren

Manager cybersecurity at Hexion Inc.

From my perspective, the best thing that I perceive with Splunk SOAR is where it is able to consolidate the data from the different log sources, and that helps me to investigate any incident. I am ingesting from multiple log sources. If there is an incident that has been logged, I will have visibility about all the different data that are required to investigate that incident in the single pane. In the single dashboard, I should be able to visualize it. I am able to see what has happened with this incident and what action has to be taken. Automatic recommendations also come from Splunk SOAR. These are the few things that we value very much on a day-to-day basis. Splunk SOAR has improved our MTTD and MTTR both with the consolidation with a unified platform with Splunk. Mean Time to Detect and Mean Time to Resolve were trending high before Splunk SOAR. Once we finalized and fine-tuned Splunk SOAR platform, it started trending within the limit that is defined for our organization. That's the first thing. The second thing that we have started observing is that there used to be a quality issue when it comes to investigating the incident. If an analyst investigated by looking at and correlating the data from the different sources, they always tended to make some mistake where they were overlooking some of the aspects for the incident investigation. We have improved this a lot. Since we have Splunk SOAR, where things are being automated and we are able to visualize things, we have zero or maybe no chance of missing things. That is helping us to improve the incident investigation quality. These are a few things that I will call out that has helped and that are helping on a day-to-day basis.

Read full review

Jabez Daniel

Advance Data Engineer(Cyber Security) at Novo Nordisk

The best features of Splunk SOAR include its multiple capabilities. For example, if there is a malicious IP, such as from a phishing mail, we can find out the sender IP and take action based on the verdict by using multiple app connectors in Splunk SOAR.It sends an API call to check the IP reputation and informs us if it's malicious and what actions we should take, either blocking the IP address from the perimeter firewall or storing it for future threat hunting. It connects with multiple apps such as ServiceNow and reduces the burden on the analyst by automating processes that don't require much investigation, allowing us to generate monthly reports on tasks performed by Splunk SOAR.

Read full review

Hamada Elewa

System Engineer - Security Presales at Raya Integration

I would assess Splunk SOAR's ability to integrate with other systems and applications as very relevant in my environment. I view Splunk as a platform; I can definitely consider Splunk as a platform. It is not only a SIEM or a SOAR; it is a complete platform. They are increasing the modules integrated with it, so I can give them a rating between 80 to 90%. My experience with the pricing of Splunk has been that in the past, they were very expensive, but now they can compete with even FortiSOAR or FortiSIEM. The difference in pricing is very good right now. I would usually recommend Splunk SOAR for customers who do not have the knowledge or the maturity level required for acquiring a native SOAR. If companies are new to SOAR technology, they can use Splunk SOAR, but if they are at a very good maturity level, they can use something such as Palo Alto. I would rate this review at 7 out of 10.

Read full review

Splunk SOAR mindshare

As of January 2026, the mindshare of Splunk SOAR in the Security Orchestration Automation and Response (SOAR) category stands at 7.8%, up from 7.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Orchestration Automation and Response (SOAR) Market Share Distribution
Product	Market Share (%)
Splunk SOAR	7.8%
Microsoft Sentinel	13.0%
Palo Alto Networks Cortex XSOAR	8.9%
Other	70.3%

Security Orchestration Automation and Response (SOAR)

PeerResearch reports based on Splunk SOAR reviews

Type	Title	Date
Category	Security Orchestration Automation and Response (SOAR)	Jan 21, 2026	Download
Product	Reviews, tips, and advice from real users	Jan 21, 2026	Download
Comparison	Splunk SOAR vs Microsoft Sentinel	Jan 21, 2026	Download
Comparison	Splunk SOAR vs Palo Alto Networks Cortex XSOAR	Jan 21, 2026	Download
Comparison	Splunk SOAR vs IBM Security QRadar	Jan 21, 2026	Download

Valuable Features

Users praise Splunk SOAR for its seamless integration, customizable playbooks, and user-friendly interface. They appreciate its automation capabilities, which streamline workflows, reduce manual tasks, and provide real-time incident response. The platform's extensive integrations enable connectivity across various systems, enhancing its value. The robust documentation, excellent GUI, and powerful analytics tool contribute to improved KPIs, such as reduced mean time to detect and resolve incidents. The mobile app's convenience for alerts and on-the-go response is also highlighted.

"Splunk SOAR allows us to connect to multiple platforms, whether they are networks, security, or observability."
"In terms of time savings in threat responses, as a team, we save more than 30%, estimated around 30-40%."
"Splunk SOAR has saved us a lot; monthly, around 300 hours of effort, it is saving with Splunk SOAR, and it has helped us where we were able to run the SOC operation with the less number of headcount versus what we used to do earlier."

Room for Improvement

Splunk SOAR requires enhancement in integration capabilities with Microsoft products, documentation, interface customization, and API connectivity. There are challenges with playbook creation, reporting features, and automation options. Improvements in IAM integration, support response time, case management, and cost-effectiveness are also needed. Users desire more video guides, simulation tools, and better training materials. The platform could benefit from more robust debugging tools, enhanced lifecycle management, and an expanded library of playbooks with increased AI capabilities.

"I think Splunk SOAR is a bit slow to catch up with the AI boom. Everyone is ingesting Copilots or some form of AI in their platforms, and Splunk SOAR doesn't have it yet."
"I'd rate Splunk's technical support around five because compared to IBM QRadar, their support is much better. I feel Splunk should enhance their support, as it appears lacking, especially considering the costs associated with higher licenses."
"One thing that we would like to see with Splunk SOAR is the expandability to the threat intelligence feed."

ROI

Splunk SOAR demonstrates varied return outcomes. Some users experience significant improvement through automation and task streamlining, noting benefits in reducing security team sizes and handling phishing alerts. Although several report initial implementation challenges and integration time, once deployed, the perceived benefits and satisfaction from management are evident. Others highlight time savings while acknowledging difficulties in quantifying returns due to ongoing development efforts and staffing limitations. Users emphasize the eventual realization of value despite initial setup challenges.

Pricing

Enterprise buyers find Splunk SOAR pricing generally high, characterized by a subscription-based model that varies with data volume or user count. While some appreciate the value it offers in terms of performance and integration, others view it as expensive compared to competitors. Additional costs may arise for professional services or extra modules. Volume discounts are available, but smaller organizations may find pricing challenging. Overall, Splunk SOAR delivers value if utilized effectively.

"Splunk SOAR is moderately priced, neither cheap nor overly expensive."
"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."
"I found the price of Splunk SOAR to be good."

Popular Use Cases

Splunk SOAR is utilized for security automation, incident response, and orchestration across various environments. Users automate tasks such as phishing processes, malware investigations, and integrating endpoint data. It enables threat detection, user behavior monitoring, and response to cybersecurity alerts. Additionally, it supports data enrichment and workflow efficiency, reducing manual intervention. Companies implement it in cloud, on-premises, and hybrid setups for tasks like threat intelligence, platform maintenance, and log analysis.

Service and Support

Splunk SOAR's customer service is largely praised for its responsiveness and helpfulness, though some users haven't interacted with it directly. Users appreciate the stability and in-depth documentation which often negate the need for assistance. While many find technical support excellent, there are suggestions for improved response times and more flexibility with certain use cases. The community is regarded as a valuable resource. Customer service is often rated between seven and nine out of ten.

Deployment

Splunk SOAR's setup experience varies. Some find it straightforward and quick, while others face complexities, especially with clustering and integrations. License issues can complicate clustering. Deployment may require knowledgeable engineers and time, depending on customization needs and infrastructure. Documentation aids in easing some challenges. For some, the process involves issues like miscoordination during upgrades and the need for coding in specific cases, affecting deployment and maintenance efforts.

Scalability

Splunk SOAR is generally considered highly scalable, allowing organizations to tailor it to various user numbers and environments. While some face challenges with hardware and node management, many appreciate its flexibility in handling both large and small infrastructures effectively. Reports suggest the platform supports the expansion of users and workloads well, though improvements are desired by some, indicating room for enhancement in scalability.

Stability

Splunk SOAR exhibits strong stability, demonstrating reliable performance and minimal downtime. Users note occasional latency in data access and challenges with third-party integrations but rarely face major outages. Many users rate its stability between seven to nine out of ten, highlighting its robustness and efficient data management capabilities. Despite rare instances of crashing, usually due to external factors, Splunk SOAR remains a trusted choice with consistent uptime and a responsive user interface.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Splunk SOAR Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	12
Midsize Enterprise	7
Large Enterprise	28

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	172
Midsize Enterprise	107
Large Enterprise	418

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

12%

Manufacturing Company

11%

Computer Software Company

University

Comms Service Provider

Construction Company

Government

Outsourcing Company

Educational Organization

Healthcare Company

Insurance Company

Retailer

Performing Arts

Energy/Utilities Company

Real Estate/Law Firm

Media Company

Aerospace/Defense Firm

Transportation Company

Hospitality Company

Recreational Facilities/Services Company

Non Profit

Legal Firm

Consumer Goods Company

Marketing Services Firm

Pharma/Biotech Company

Local Government

Compare Splunk SOAR with alternative products

Learn more about Splunk SOAR

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Splunk SOAR was previously known as Phantom.

Splunk SOAR customers

Recorded Future, Blackstone

Product Categories

Security Orchestration Automation and Response (SOAR)

Popular Comparisons

Microsoft Sentinel vs Splunk SOAR

IBM Security QRadar vs Splunk SOAR

Elastic Security vs Splunk SOAR

AWS Security Hub vs Splunk SOAR

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Exabeam vs Splunk SOAR

Stellar Cyber Open XDR vs Splunk SOAR

Tines vs Splunk SOAR

Sumo Logic Security vs Splunk SOAR

ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR

Google Security Operations vs Splunk SOAR

Logpoint vs Splunk SOAR

Torq vs Splunk SOAR

ServiceNow Security Operations vs Splunk SOAR

Fortinet FortiSOAR vs Splunk SOAR

See all alternatives

Splunk SOAR Reviews Summary
Author info	Rating	Review Summary
Manager cybersecurity at Hexion Inc.	3.5	I've used Splunk SOAR for three years to automate incident response, improve detection and investigation, and reduce costs, though better threat intelligence integration would help; overall, it's stable, scalable, and effective for our hybrid AWS environment.
Advance Data Engineer(Cyber Security) at Novo Nordisk	3.5	I use Splunk SOAR mainly for automation in our SOC, which has saved us 30–40% in response time. It's stable and scalable, though support and customization could improve. Deployment was easy, but integration still needs refinement.
System Engineer - Security Presales at Raya Integration	3.5	I've found Splunk SOAR's playbook creation easy and it significantly reduced detection and resolution times, but integration issues, unclear features, and limited resource optimization are drawbacks. It's solid for beginners, though better options exist for mature environments.
Cyber Security Network Security Engineer at Cirrus Logic	4.5	I've used Splunk SOAR for a year to automate security responses, especially phishing detection, and it's been reliable, seamless to deploy, and time-saving, with strong integrations, though on-prem integration and support resources could improve.
Splunk/SOAR Engineer	4.0	My focus with Splunk SOAR is on data deployment, configuration, and integration with various platforms. The visual Playbook Editor is a standout feature. Improvements could include better debugging tools and collaboration features. It's more flexible than other SOAR solutions I've used.
Senior Information Security Engineer at a tech company with 10,001+ employees	3.5	I've found Splunk SOAR useful for automating SOC tasks, saving time and improving accuracy, though coding lacks IntelliSense. It's stable, integrates well, and has responsive support, but AI features and developer tools could be better.
System Engineer - Security Presales at Raya Integration	2.5	I work with Splunk SOAR for security, notably user behavior analytics and orchestration. Its playbook customization is beneficial, despite being hardware-intensive and complex. While Splunk enhances alerts, it needs better integrations to rival Palo Alto SOAR and FortiSOAR.
Information System Security Officer at a manufacturing company with 10,001+ employees	4.0	I don't use Splunk SOAR directly, but it supports our SOC by organizing massive alert volumes, enabling automation, and improving visibility, helping us investigate issues efficiently and enhancing our organization's security monitoring and overall resilience.

Title	Rating	Mindshare	Recommending
Microsoft Sentinel	4.1	13.0%	94%	104 interviews Add to research
IBM Security QRadar	4.0	6.3%	90%	219 interviews Add to research

Splunk SOAR Reviews

What is Splunk SOAR?

Featured Splunk SOAR reviews

Splunk SOAR mindshare

PeerResearch reports based on Splunk SOAR reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Splunk SOAR with alternative products

Learn more about Splunk SOAR

Go from overwhelmed to in-control

Force multiply your team

From 30 minutes to 30 seconds

End-to-end security operations made easy

Splunk SOAR customers

Related questions

Product Categories

Popular Comparisons