Secureworks Red Cloak Threat Detection and Response [EOL] vs Splunk SOAR comparison

The compared Secureworks and Splunk solutions aren't in the same category. Splunk is ranked #3 in SOAR , with an average rating of 8.0, and holds a 7.3% mindshare. Additionally, 100% of Secureworks users are willing to recommend the solution, compared to 86% of Splunk users who would recommend it.

Secureworks Red Cloak Threa...

Read 1 Secureworks Red Cloak Threat Detection and Response [EOL] review

100% willing to recommend

Splunk SOAR

Read 45 Splunk SOAR reviews

4,351 Views
2,662 Comparison Views

86% willing to recommend

Secureworks Red Cloak Threa...

Splunk SOAR

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Secureworks Red Cloak Threat Detection and Response [EOL] and Splunk SOAR based on real PeerSpot user reviews.

Find out what your peers are saying about VMware, ServiceNow, IBM and others in Security Incident Response.

To learn more, read our detailed Security Incident Response Report (Updated: April 2025).

Buyer's Guide

Security Incident Response

April 2025

Download the complete report

Helped 850,671 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Secureworks Red Cloak Threa...

Average Rating

8.0

Number of Reviews

Ranking in other categories

No ranking in other categories

Splunk SOAR

Average Rating

8.0

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (3rd)

Featured Reviews

reviewer1646754

Solutions Architect at a computer software company with 51-200 employees

Simple deployment with good reports and dashboard

In terms of what could be improved, there are a lot of things identified and there is a lot of continuous improvement. A lot of the things are of a short time frame and a lot are way out. There was a tuning process but nothing specifically to call out. As for what could be included in the next release, we are working on the basic feature set. There are probably some things that, as we move through it, we'll come across that are deficient but right now we are not that far along to know. I don't want to say that they could not do certain advancement. For example, there are some automated network response portions that we want to turn up, but we're not ready for that. I don't even know what the capabilities are there, but that's something that, probably in the next 24 months, we will move forward on.

Read full review

Shubham Sinha.

Senior Principal Information Security Analyst at Veritas Technologies LLC

Helped eliminate repetitive and redundant tasks, but custom functions and reporting need a lot of work

The visibility of the solution’s playbook viewer depends on the right you assign to the analyst. SOAR has the flexibility to distinguish between the roles of analyst and owner. If the analyst's role is to just work on a ticket, they cannot view the playbook design platform. That is limited to the owner. That can be both a good and bad thing. A major problem I have faced in SOAR's rights distribution is roles and responsibilities. Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch, just to amend the rights and responsibilities of one role. This bug was not fixed. Also, the latest GUI is terrible. The previous one was better. Another point is that while using Splunk SOAR in an investigation is not difficult, there are some complex parameters. We have SOAR case management, but the licensing is going to put a big hole in your pocket. Also, there is an issue with investigation node addition. When you are doing node additions you cannot grant the entire environment to have SOAR visibility into the incident. So when you integrate it with an ITSM tool, like ServiceNow or Jira for ticketing purposes, there is a challenge. When you do nodes for investigation on a regular basis, sometimes it does not update our ServiceNow platform, which is terrible. It is a redundant activity for an analyst to update that in the case management as well as in the ITSM tool. Although SOAR provides integration, the functionality of investigation and nodes is terrible when it comes to integration. An additional area for improvement is custom function creation. It's terrible. A newbie cannot create custom functions right away. They would require a solid understanding first. Also, the reporting is really awful. If I want to do a report for a customized time period, such as the last three days or the last four days, or from the 10th to the 12th of June, that is not available in SOAR at all. That kind of feature is available in Cortex XSOAR. Reporting is a real challenge.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The features that I have found most valuable are that the search capabilities are easy to use. The dashboards are good. The reports are good. It is just simple from a deployment standpoint - that was easy."

"The tool's most valuable feature is its searchability and ease of action on the logs. I can easily search within the logs and take action on them, and I can trace them back to my environment because the way the logs are written is very helpful for us."

"SOAR allows custom code to be written and integrates with various technologies through pre-built apps like Windows Remote Management or custom apps we can build ourselves like a secret retrieval app from our vault."

"My understanding is the initial setup isn't too hard."

"I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks."

"Splunk SOAR has made a huge impact across security operations and the business overall."

"Splunk has many features that make work easier, and it's simple to implement in a large production environment. Splunk collects a massive amount of data from cloud servers and handles it perfectly."

"Scalability is the best feature of the solution."

"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."

More Splunk SOAR pros

Cons

"There are some automated network response portions that we want to turn up."

"The number of playbooks on offer should be increased."

"Splunk's support for integration is subpar and has room for improvement."

"It could be easier to implement."

"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."

"Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch.."

"Splunk SOAR should improve its ease of upgrade, which is a pain point for us right now."

"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks."

"We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them."

More Splunk SOAR cons

Pricing and Cost Advice

Information not available

"Splunk SOAR is moderately priced, neither cheap nor overly expensive."

"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."

"Splunk SOAR is more expensive compared to other options for SOAR."

"I found the price of Splunk SOAR to be good."

"The licensing cost is reasonable."

"It's very overpriced because it is based on the number of users. There is no bulk licensing."

"The cost is high and the licensing is on an annual basis."

"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."

More Splunk SOAR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Incident Response solutions are best for your needs.

See recommendations

850,671 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

14%

Manufacturing Company

Non Profit

Financial Services Firm

Computer Software Company

14%

Financial Services Firm

13%

Manufacturing Company

11%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

Ask a question

Earn 20 points

What do you like most about Splunk Phantom?

Splunk SOAR's quick response to incidents is the most valuable part.

See all answers

What is your experience regarding pricing and costs for Splunk Phantom?

Splunk SOAR is affordable cost-wise only, but not competitive from a technical perspective compared to Palo Alto SOAR and FortiSOAR.

See all answers

What needs improvement with Splunk Phantom?

The creation of playbooks is complex in Splunk SOAR ( /categories/security-orchestration-automation-and-response-soar ), and the number of integrations needs enhancement. Although it enhances alert...

See all answers

Comparisons

No data available

Cortex XSIAM vs Splunk SOAR

Compared 20% of the time

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Compared 19% of the time

Fortinet FortiSOAR vs Splunk SOAR

Compared 10% of the time

Tines vs Splunk SOAR

Compared 9% of the time

ServiceNow Security Operations vs Splunk SOAR

Compared 8% of the time

More Splunk SOAR Competitors

Product Reports

Buyer's Guide

Security Incident Response

April 2025

Secureworks Red Cloak Threat Detection and Response [EOL] report

Download Secureworks Red Cloak Threat Detection and Response [EOL] product report

Buyer's Guide

Splunk SOAR

April 2025

Download Splunk SOAR product report

Also Known As

Red Cloak Threat Detection and Response, Red Cloak TDR

Phantom

Overview

Dell is a part of the Dell Technologies family of brands. Dell Technologies is a unique family of businesses that provides the essential infrastructure for organizations to build their digital future, transform IT and protect their most important asset: information. The company services customers of all sizes across 180 countries – ranging from 98 percent of the Fortune 500 to individual consumers – with the industry's most comprehensive and innovative portfolio from the edge to the core to the cloud.

Secureworks

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Splunk

Sample Customers

Ricoh

Recorded Future, Blackstone

Buyer's Guide

Security Incident Response

April 2025

Download Free Report

Find out what your peers are saying about VMware, ServiceNow, IBM and others in Security Incident Response. Updated: April 2025.

DOWNLOAD NOW

850,671 professionals have used our research since 2012.

We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.