ServiceNow Security Operations vs Splunk SOAR comparison

ServiceNow and Splunk are both solutions in the Security Orchestration Automation and Response (SOAR) category. ServiceNow is ranked #6 with an average rating of 8.1, while Splunk is ranked #3 with an average rating of 8.5. ServiceNow holds a 3.5% mindshare in SOAR, compared to Splunk’s 7.7% mindshare. Additionally, 95% of ServiceNow users are willing to recommend the solution, compared to 87% of Splunk users who would recommend it.

ServiceNow Security Operations

Read 22 ServiceNow Security Operations reviews

2,198 Views
1,627 Comparison Views

95% willing to recommend

Splunk SOAR

Read 50 Splunk SOAR reviews

4,554 Views
3,416 Comparison Views

87% willing to recommend

ServiceNow Security Operations

Splunk SOAR

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jun 15, 2025

ServiceNow Security Operations and Splunk SOAR compete in the security operations space. Splunk SOAR has the upper hand due to its robust automation and scalability.

Features: ServiceNow Security Operations offers strong integration with IT service management, robust incident management, and comprehensive threat intelligence. It excels with customizable workflows and incident response playbooks. Splunk SOAR provides advanced automation capabilities, customizable workflows, and excellent efficiency in automating repetitive tasks, while allowing for advanced customization.

Room for Improvement: ServiceNow could improve in areas such as deployment complexity for non-ServiceNow users, enhancing flexibility in module configurations, and cost-effectiveness. Splunk SOAR may need to simplify its initial setup process, improve its technical documentation for users of varied expertise, and expand integration capabilities with non-supported tools.

Ease of Deployment and Customer Service: ServiceNow Security Operations integrates seamlessly for existing platform users, offering strong customer service. However, deployment might be challenging for new users. Splunk SOAR has a modular deployment model, providing flexibility but demanding more setup effort. Its customer service can be responsive but often requires a higher technical understanding.

Pricing and ROI: ServiceNow Security Operations tends to have higher setup costs, reflecting its extensive features and promising long-term ROI for full capability utilization. Splunk SOAR presents a more cost-effective initial setup and provides quicker ROI through its efficient automation, significantly reducing operational costs for organizations focused on automation efficiency.

To learn more, read our detailed ServiceNow Security Operations vs. Splunk SOAR Report (Updated: September 2025).

Buyer's Guide

ServiceNow Security Operations vs. Splunk SOAR

September 2025

Download the complete report

Helped 872,706 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

ServiceNow Security Operations

Ranking in Security Orchestration Automation and Response (SOAR)

6th

Average Rating

8.0

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

Security Incident Response (1st), Risk-Based Vulnerability Management (9th)

Splunk SOAR

Ranking in Security Orchestration Automation and Response (SOAR)

3rd

Average Rating

8.2

Reviews Sentiment

6.6

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of October 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of ServiceNow Security Operations is 3.5%, down from 4.1% compared to the previous year. The mindshare of Splunk SOAR is 7.7%, down from 8.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Orchestration Automation and Response (SOAR) Market Share Distribution
Product	Market Share (%)
Splunk SOAR	7.7%
ServiceNow Security Operations	3.5%
Other	88.8%

Security Orchestration Automation and Response (SOAR)

Featured Reviews

Abhinay Sharma

ServiceNow Developer at Bangmetric services pvt ltd

Experience seamless integration and effective incident response with a little room for improvement in setup time

Integration is crucial in ServiceNow Security Operations because everything must be integrated to obtain data. Without integration, the solution is not as beneficial as expected. In SecOps, real-time data is essential to avoid discrepancies between real-time events and ServiceNow data. Multiple tools integrate with ServiceNow Security Operations, with Qualys being one of them. ServiceNow Security Operations collects data from various sources and presents it in a single, respectable format for assessment and action. The main benefit is not having to access separate tools for different data. It provides a unified user experience where all work and fixes can be managed from one location.

Read full review

Mack Scott

Cyber Security Network Security Engineer at Cirrus Logic

Improves response time by consolidating tools and automating threat detection

I haven't gone too far into it to see anything that needs improvement yet. We can likely include some features related to the integration with on-premises resources, rather than focusing solely on the existing automation. These are the additional features that could be included in the future. Splunk's Unified Platform does help consolidate networking security and IT observability tools. They should integrate Splunk Enterprise Security better into Splunk Cloud.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The SOAR module of ServiceNow Security Operations is the most valuable feature"

"Reduces time to closure and closure metrics for vulnerabilities."

"The solution is available over the cloud and is easy to manage."

"ServiceNow Security Operations also takes care of GRC, governance, risk and compliance, enabling it to provide risk assessment."

"The product has a very simple UI."

"The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user."

"My favorite feature is the application vulnerability scanner."

"It's stable."

More ServiceNow Security Operations pros

"Splunk SOAR's quick response to incidents is the most valuable part."

"Its ability to integrate with other systems and applications in our environment is pretty easy. Sometimes if we see any complexity we try to involve a consultant to help us. Everything is through the built-in app. Splunk can connect to any assets through the built-in app. It could be in a platform, firewalls, or endpoints. It's easy if it's an app integration."

"In terms of deployment, there were no issues. It was pretty seamless."

"The tool's most valuable feature is its searchability and ease of action on the logs. I can easily search within the logs and take action on them, and I can trace them back to my environment because the way the logs are written is very helpful for us."

"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."

"The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time."

"The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me."

"Very flexible integration with other tools"

More Splunk SOAR pros

Cons

"The threat intelligence module needs a better dashboard."

"Visibility and transitions between teams present significant challenges in the SecOps space, indicating that substantial training and hand-holding are required to improve usability, which is one observation I have had."

"Customer awareness and understanding of ServiceNow's SecOps capabilities could be improved."

"It's very slow. When you click a button or update a field, it takes forever to actually react."

"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."

"The product is called SecOps, but it is not security operations in terms of SIEM solutions."

"Process framework and best practices for ease of integration between IT and security teams via incident, problem, and change."

"An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate. As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution."

More ServiceNow Security Operations cons

"The algorithm and machine learning have room for improvement and can be more user-friendly."

"I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region."

"While there have been improvements to the investigation process, particularly with the playbook data, the current log review method is cumbersome."

"Improving the integration ecosystem can raise the quality of the bottom tier of the integrations so that they can work better out of the box."

"Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient."

"There are areas where Splunk SOAR can continue to improve, particularly regarding the synchronization of information, as sometimes it takes longer than other tools."

"We've run into a few minor issues. Some of the playbook writing is a bit complicated. We've had a few hiccups with the source control. We'd really like to use GitHub deployment keys for a dedicated account. We haven't been able to do that. I think those are some of the major ones."

"It would be ideal if we could automate processes even more."

More Splunk SOAR cons

Pricing and Cost Advice

"Compared to competitor tools, ServiceNow Security Operations is more affordable"

"The product is more expensive than other solutions."

"The solution is more expensive than BMC Remedy, the other ITSM tool available in the market."

"This product is a good value for the money."

"If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that."

"It is an expensive product."

"Splunk SOAR is more expensive compared to other options for SOAR."

"I found the price of Splunk SOAR to be good."

"It's very overpriced because it is based on the number of users. There is no bulk licensing."

"Splunk SOAR is an expensive solution for an organization of our size."

"I don't know the exact price, but for my region, it is very expensive."

"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."

"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."

"Splunk SOAR is moderately priced, neither cheap nor overly expensive."

More Splunk SOAR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.

See recommendations

872,706 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

19%

Manufacturing Company

13%

Computer Software Company

Government

Financial Services Firm

12%

Computer Software Company

11%

Manufacturing Company

University

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	6
Midsize Enterprise	2
Large Enterprise	15

By reviewers
Company Size	Count
Small Business	12
Midsize Enterprise	7
Large Enterprise	30

Questions from the Community

What do you like most about ServiceNow Security Operations?

The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product.

See all answers

What is your experience regarding pricing and costs for ServiceNow Security Operations?

It is relatively expensive but manageable.

See all answers

What needs improvement with ServiceNow Security Operations?

ServiceNow Security Operations is not specifically a vulnerability management or incident tool, but rather a data aggregator. It would be beneficial if, similar to the Discovery module which assess...

See all answers

What do you like most about Splunk Phantom?

Splunk SOAR's quick response to incidents is the most valuable part.

See all answers

What is your experience regarding pricing and costs for Splunk Phantom?

I don't have experience with costs; management handles that aspect.

See all answers

What needs improvement with Splunk Phantom?

I'm not an expert on Splunk SOAR, but I'm sure our team members know what areas could be improved. I haven't spoken to them specifically about what could be improved or what they would want Splunk ...

See all answers

Comparisons

Palo Alto Networks Cortex XSOAR vs ServiceNow Security Operations

Compared 19% of the time

Microsoft Sentinel vs ServiceNow Security Operations

Compared 11% of the time

Tines vs ServiceNow Security Operations

Compared 8% of the time

Swimlane vs ServiceNow Security Operations

Compared 5% of the time

Zafran Security vs ServiceNow Security Operations

Compared 5% of the time

More ServiceNow Security Operations Competitors

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Compared 18% of the time

Fortinet FortiSOAR vs Splunk SOAR

Compared 11% of the time

Cortex XSIAM vs Splunk SOAR

Compared 11% of the time

Tines vs Splunk SOAR

Compared 9% of the time

Torq vs Splunk SOAR

Compared 6% of the time

More Splunk SOAR Competitors

Product Reports

Buyer's Guide

ServiceNow Security Operations

October 2025

Download ServiceNow Security Operations product report

Buyer's Guide

Splunk SOAR

October 2025

Download Splunk SOAR product report

Also Known As

No data available

Phantom

Overview

ServiceNow Security Operations is a cutting-edge security solution designed to elevate organizations' security incident response (SIR) processes through automation and orchestration. Going beyond traditional SOAR, this comprehensive Security Operations Suite integrates seamlessly with other ServiceNow products and offers a wide array of features. Its components include Security Incident Response (SIR), which automates incident workflows and offers pre-built playbooks; Security Configuration Compliance (SCC), continuously scanning and automating compliance tasks; Vulnerability Response (VR), prioritizing and remediating vulnerabilities; Threat Intelligence (TI), aggregating threat data for proactive threat hunting; and additional features like IT Service Management integration, Machine Learning and AI, reporting, and a mobile app. The benefits span improved incident response speed, reduced mean time to resolution, increased security posture, enhanced compliance, collaborative synergy between security and IT teams, and operational cost reductions.

ServiceNow

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Splunk

Sample Customers

DXC Technology, Freedom Security Alliance, Prime Therapeutics, Seton Hall University, York Risk Services

Recorded Future, Blackstone

Buyer's Guide

ServiceNow Security Operations vs. Splunk SOAR

September 2025

Free Report: ServiceNow Security Operations vs. Splunk SOAR

Find out what your peers are saying about ServiceNow Security Operations vs. Splunk SOAR and other solutions. Updated: September 2025.

DOWNLOAD NOW

872,706 professionals have used our research since 2012.

See our ServiceNow Security Operations vs. Splunk SOAR report.

See our list of best Security Orchestration Automation and Response (SOAR) vendors.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.