No more typing reviews! Try our Samantha, our new voice AI agent.

Splunk SOAR vs Swimlane comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 29, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
5.6
Torq's automations improved efficiency and cost savings, achieving $200,000 savings towards a $600,000 ROI target in months.
Sentiment score
4.8
Splunk SOAR boosts ROI by automating tasks, reducing response times, and saving companies up to 300 hours monthly.
Sentiment score
6.7
Swimlane boosts efficiency, saving 30-35% time, doubling capacity, and reducing hiring needs through effective automation.
Since we started working with Torq, I am handling much fewer alerts. It is becoming really easy for me to handle an alert.
SOC Analyst at AppsFlyer
We have seen a return on investment, targeting a $600,000 ROI for the year.
Cyber Security Engineer at a real estate/law firm with 5,001-10,000 employees
By the time we officially bought Torq, we already had two workflows that were very helpful to us.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
Since deploying Splunk SOAR, there has been a notable reduction in time spent on monotonous security tasks, which I estimate to be around 95%, enabling my team to focus on more strategic initiatives.
Identity and Access Management Specialist at a university with 10,001+ employees
We've seen a decrease in false positives and a significant increase in our containment.
Cyber Security Network Security Engineer at Cirrus Logic
Monthly, around 300 hours of effort, it is saving with Splunk SOAR.
Manager cybersecurity at Hexion Inc.
Swimlane saves us 80 to 90 percent of our time by quickly helping us design the journey and efficiently passing information to various components.
Senior Solutions Architect at Tata Consultancy
We have seen a return on investment; with the same number of engineers, we now handle double the number of customers, even with the new, larger customers requiring dedicated teams.
Security automation specialist at a comms service provider with 51-200 employees
 

Customer Service

Sentiment score
6.5
Torq's customer service is highly rated for responsiveness and knowledge, though platform access requests sometimes delay issue resolutions.
Sentiment score
6.4
Splunk SOAR offers responsive and knowledgeable support, though users suggest improved response times and more industry-specific guidance.
Sentiment score
6.2
Swimlane's customer support receives mixed reviews for responsiveness, ranging from efficient service to extended response times.
My impression of their technical support during the initial setup was that they were helpful, responded within a reasonable timeframe, and provided exactly what we needed.
Security Consultant at Integrity360
The speed and quality of their answers have been pretty good, as I usually get a response within 24 hours, and they follow up well.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
We can always get an answer, and the support team are experts in their own system.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
Discovering different troubleshooting methods is harder to do with Splunk SOAR than with Enterprise Security or other Splunk services.
Cyber Security Network Security Engineer at Cirrus Logic
We always have a customer support representative who will come in the picture and help us to direct any ticket or any issue that we are facing to the right team.
Manager cybersecurity at Hexion Inc.
I have worked with Splunk SOAR's technical support or customer service, which I find to be as perfect as Splunk SIEM
Global Head Of Security Architecture Digital & Technology at Aramex
When I raise a ticket, they reply within half an hour with an initial response, signifying that an agent has been assigned and is working on the issue.
They are attentive, responsive, and work to resolve issues efficiently.
Associate at Deloitte
They provided assistance within the same hour.
Security automation specialist at a comms service provider with 51-200 employees
 

Scalability Issues

Sentiment score
6.3
Torq is scalable and reliable, but issues arise with large data workflows; modularization often mitigates these problems.
Sentiment score
6.6
Splunk SOAR is scalable and adaptable for enterprise workloads, though some face issues with large clusters and integration features.
Sentiment score
6.9
Swimlane is scalable and adaptable in the cloud but requires technical expertise for maintenance and optimization in some environments.
Our case management is super scalable.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
In terms of scalability, you can do as long as you can build it, and they can support it.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
Regarding the ability of the solution to grow in your work environment, if it is scalable, if it fits your business requirements, and if there is room to scale up, the answer is yes, for sure.
Global IT Director at OpenWeb
This solution is very much scalable, so I would rate it a ten.
Citius Tech at a outsourcing company with 5,001-10,000 employees
It can be extended and adapted as necessary.
Splunk/SOAR Engineer
Regarding scalability, I find it to be a nine, as we have had no issues with scaling Splunk SOAR.
Advance Data Engineer(Cyber Security) at Novo Nordisk
Swimlane should have the capability to be moved out of Appian and integrated with other platforms.
Software Engineer III at a financial services firm with 10,001+ employees
We did not encounter issues even when managing thousands of alerts, as scalability is only limited by our instance's server capacity.
Associate at Deloitte
Its scalability automatically adjusts based on usage.
 

Stability Issues

Sentiment score
7.2
Torq is praised for its high reliability and responsiveness despite minor issues, maintaining a 99.9% uptime by users.
Sentiment score
7.3
Splunk SOAR is highly stable with minimal downtime, excelling in workflows and alert management when configured correctly.
Sentiment score
6.4
Swimlane receives mixed feedback, with some reporting stability issues, bugs, and optimization needs, while others find it stable.
We have been using Torq for one and a half years, but we have experienced no downtime.
Angular Developer at Flourish Software
Most of the time, the system is stable as long as the components that they integrate with are stable.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
I have never faced any downtime or issues.
Senior Information Technology Security Consultant at Mideast Data Systems
We have not experienced any downtime, crashes, or performance issues.
Cyber Security Network Security Engineer at Cirrus Logic
We have not seen any impact in the work that we do with Splunk SOAR or the SIEM platform.
Manager cybersecurity at Hexion Inc.
I have not encountered any outages or glitches within my experience with Splunk SOAR.
Global Head Of Security Architecture Digital & Technology at Aramex
I haven't seen any production issue or anything coming up because of Swimlane.
Software Engineer III at a financial services firm with 10,001+ employees
We encountered issues requiring restarts and losing alerts.
Associate at Deloitte
The version we had was kind of buggy, but support indicated we just needed to do updates to resolve the issues.
Security automation specialist at a comms service provider with 51-200 employees
 

Room For Improvement

Users propose enhancements in dashboards, error messages, workflow efficiency, AI, integrations, training, templates, UI, data handling, onboarding.
Splunk SOAR users seek more playbooks, improved AIOps, integrations, AI features, better support, and training to reduce complexity.
Swimlane users seek stability, integration, intuitive interface, better documentation, faster performance, and enhanced customization with improved support and pricing.
Torq should offer default templates that can directly scan firewall data and automate actions.
Senior Information Technology Security Consultant at Mideast Data Systems
The AI value depends on maturity. Real value depends heavily on telemetry, integration depth, and workflow design, all of which rely on how mature customers are in their SOC department.
Security Consultant at Integrity360
It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet.
Senior Consultant at a university with 10,001+ employees
If we start ingesting those data to Splunk SOAR or SIEM with some sort of integration with threat intelligence feed, that will also improve our detection and prediction method or help us with the investigation.
Manager cybersecurity at Hexion Inc.
Torq is better than Splunk SOAR because Torq has a no-code UI where we can accomplish anything through drag and drop.
Senior Information Technology Security Consultant at Mideast Data Systems
It's basically given me a force multiplier.
Soc L1 Engineer at Softcell Technologies Limited
Despite being advertised as a no-code tool, it remains code-reliant, demanding users to build solutions through coding.
Associate at Deloitte
In the orchestration tab, it would be helpful to have a list of playbooks where a particular asset or connector is used.
Colors can be used for the prioritization of risks and the significance of information.
Senior Solutions Architect at Tata Consultancy
 

Setup Cost

Enterprise buyers find Torq competitively priced, valuing its cost-effectiveness and modern features, especially the cloud version versus alternatives.
Splunk SOAR's high pricing is offset by significant automation benefits, making it valuable for those maximizing its features.
Swimlane pricing is seen as costly, but discounts and mixed awareness among users lead to varied value perceptions.
When they bring more and more value into the platform, it makes more sense to pay that price, but still, it is expensive.
Senior Cyber Architect at a manufacturing company with 10,001+ employees
Before deciding to implement Torq, I considered that compared to our old case management platform, Torq was a much better price and had a lot better value for what you get out of the platform, which was a key consideration for the company.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
It is an expensive solution, not an inexpensive solution, but we get through the flexibility.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
It is way below what it costs to hire some professionals to do only that type of work.
Splunk Engineer at Data Elicit Solutions Pvt. Ltd.
Splunk SOAR is moderately priced, neither cheap nor overly expensive.
Splunk/SOAR Engineer
I am familiar with the pricing aspect, setup cost, and licensing cost of Splunk SOAR, and it is pretty much similar to what industries are offering these days.
Manager cybersecurity at Hexion Inc.
Swimlane is cheaper than other SOAR platforms.
Associate at Deloitte
In terms of pricing, Swimlane is on the slightly expensive side.
Senior Manager, Cyber Security at a tech vendor with 1,001-5,000 employees
the pricing was very nice with a great discount.
Security automation specialist at a comms service provider with 51-200 employees
 

Valuable Features

Torq streamlines automation with a no-code platform, enhancing workflow, integration, and efficiency through AI-driven insights and tools.
Splunk SOAR enhances security operations with broad integrations, automation, and customizable playbooks, improving efficiency and reducing incident response times.
Swimlane streamlines workflow with customizable dashboards, platform integration, user-friendly design, and enhanced efficiency, reducing manual effort.
Torq's unified platform approach to AI SOC automation and case management has significantly benefited us by integrating the case management platform with the automation, which saves time compared to managing multiple point solutions across our security stack.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
The fact that I can build whatever I want within my own imagination and skills without relying on code is the best thing about Torq.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
You can copy and paste a cURL command. If you have documentation or APIs, you usually have an example on the side. You basically have all the information on how the API call should be. You can just copy that and paste it into a step, and it will just build the step for you.
Global IT Director at OpenWeb
Creating playbooks using the Playbook Editor in Splunk SOAR is easy. The editor is designed to be user-friendly with visual drag and drop features, allowing for easy workflows without writing any code.
Splunk/SOAR Engineer
Splunk SOAR saves time in threat response, and the time to solve an incident is currently the best in the market.
Strategic Account Executive at a computer software company with 51-200 employees
Splunk SOAR has improved our MTTD and MTTR both with the consolidation with a unified platform with Splunk.
Manager cybersecurity at Hexion Inc.
Its integration capabilities allow connections to various platforms, enhancing its usability.
Associate at Deloitte
It helps in clearly identifying the roles, timeline, and actions involved in the workflow, offering a comprehensive depiction of the entire process.
Operation Analyst at Aurea
As a solution architect, I use various software, and the most important thing is that Swimlane is an easily designed and learnable software.
Senior Solutions Architect at Tata Consultancy
 

Categories and Ranking

Torq
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
4th
Average Rating
8.8
Reviews Sentiment
6.5
Number of Reviews
14
Ranking in other categories
AI-SOC (1st), AI-Powered Security Automation (1st)
Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
1st
Average Rating
8.2
Reviews Sentiment
6.5
Number of Reviews
62
Ranking in other categories
No ranking in other categories
Swimlane
Ranking in Security Orchestration Automation and Response (SOAR)
8th
Average Rating
7.8
Reviews Sentiment
6.4
Number of Reviews
13
Ranking in other categories
AI-Powered Security Automation (3rd)
 

Mindshare comparison

As of July 2026, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Torq is 3.8%, down from 5.7% compared to the previous year. The mindshare of Splunk SOAR is 7.1%, down from 7.6% compared to the previous year. The mindshare of Swimlane is 2.7%, down from 3.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Mindshare Distribution
ProductMindshare (%)
Splunk SOAR7.1%
Torq3.8%
Swimlane2.7%
Other86.4%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

AD
Solutions Architect at ProArch
Automation has streamlined multi-tenant SOC workflows and improves alert handling efficiency
Although the reporting within Torq is not that great, we did ask for many features regarding reporting in Torq, but due to some platform constraints, they could not make the whole dataset available for us to be used in reporting. Except for that, we used some basic reporting. When I used Torq, it was indeed in the early stages of AI capabilities. Only a few customers were allowed to use it, and we were among them. It functioned well as long as we summarized the data properly. If you input garbage, you would get garbage out. Thus, we had to do significant fine-tuning regarding what data context we provided to the AI orchestrator to get meaningful results. In terms of Torq's unified platform approach to AI SOC automation and case management compared to managing multiple point solutions across my security stack, I find it case-centric. The unified view in case management is good since it provides clarity, although there are limitations regarding how many items in case management can be modified at once. Bulk operations are very limited, potentially due to their back-end database or data retrieval processes that can be improved. Regarding improvements for Torq, when we were onboarded, there were aspects we were uncertain about, such as the number of cases that could be generated, what data we could bring in, how many clients we could onboard, and similar concerns. Initially, we also lacked clarity about the number of playbooks or workflows we could build. Different triggers like system triggers, case-based triggers, and others can be employed without restrictions, but when it comes to on-demand and scheduled jobs, there is a limitation based on the subscription and pricing tier that notably caps the number of workflows we can create. No bulk editing across cases was one issue, along with limited filtering related to single grouping constraints. Additionally, the out-of-the-box case templates provided require substantial modifications before they become usable. There is also a feature in the cases for notes that cannot be searched. They are only visible through the UI, which is another area for improvement. The workflow and execution-based charges seem misleading as this was not discussed initially. I am not sure if new customers are made aware of this. It seems that workflows revolving around cases hinder functionality outside of case management, as we have many use cases needing on-demand triggers and schedules for functions like reporting or polling devices. Creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers. While they facilitate optimization and scaling, the support received tends to be very basic. Improvements can be made in that area as well.
SS
Manager cybersecurity at Hexion Inc.
Automates threat response and reduces investigation time but needs better threat intelligence integration
One thing that we would like to see with Splunk SOAR is the expandability to the threat intelligence feed. Currently, we have limited ingestion to the threat intelligence feed for the correlation purpose. We would like to see it being integrated, with license cost or without license cost, to leading threat intelligence sources such as Recorded Future, Feedly, or Flare. That is something we would appreciate having integrated. The second thing on the improvement side is about exposed credential-related information. If we start ingesting those data to Splunk SOAR or SIEM with some sort of integration with threat intelligence feed, that will also improve our detection and prediction method or help us with the investigation.
reviewer1248516 - PeerSpot reviewer
Senior Manager, Cyber Security at a tech vendor with 1,001-5,000 employees
Has reduced alert triage time but requires skilled developers for maintenance
One of the disadvantages of Swimlane is that to manage the platform, we need hardcore developers. We have recently seen new products such as Tines and Blink Ops coming into the market, where a person with a good knowledge of APIs and JSON format can manage the platform and create playbooks. Even a security analyst can create some playbooks on those platforms. However, on Swimlane, it's difficult for security analysts since they must mandatorily know Python to create the playbooks. In terms of pricing, Swimlane is on the slightly expensive side. Swimlane is scalable in general, but there are some limitations. It involves maintenance overhead because you need a complete engineer who knows the product in and out to scale it for the on-prem environment, while in a SaaS model, it works without many problems. Installation can be quite complex, especially when we have to use Kubernetes, and if we need to create load balancing. In those situations, it requires a good engineer to deploy the platform. In relation to bugs, sometimes the enrichment playbook we have does not enrich the alert, resulting in missing details, so in those scenarios, the automation team has to manually run the playbook again. Improvements could be made in terms of quality, particularly.
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
903,118 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Construction Company
10%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
12%
Manufacturing Company
9%
Construction Company
8%
Media Company
6%
Financial Services Firm
15%
Manufacturing Company
10%
Outsourcing Company
9%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise5
Large Enterprise6
By reviewers
Company SizeCount
Small Business17
Midsize Enterprise10
Large Enterprise41
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise8
 

Questions from the Community

What needs improvement with Torq?
I do not dislike anything about Torq because it has satisfied all of our use cases and requirements. We contacted sup...
What is your primary use case for Torq?
Initially, we were using Slack for small automations, such as creating pipelines or shutting down servers. For exampl...
What advice do you have for others considering Torq?
I have been working for five years with experience in the IT field. Torq is very good. It manages everything. I would...
What is your experience regarding pricing and costs for Splunk Phantom?
The pricing is quite high. Splunk SOAR is high priced, but their product is also a market leader, so that way it is g...
What needs improvement with Splunk Phantom?
Splunk SOAR can use generative AI more extensively in terms of creating the reports which can be presented to the top...
What is your primary use case for Splunk Phantom?
Splunk SOAR has been in use for almost seven or eight years.
What needs improvement with Swimlane?
Customizing workflows or scripts in Swimlane was a bit challenging, perhaps too challenging because of how the code b...
What is your primary use case for Swimlane?
My main use case for Swimlane is security automation workflows, automating most of the daily SOC workflows, especiall...
What advice do you have for others considering Swimlane?
My advice for others considering using Swimlane is to ensure it is the right fit for you and to have someone capable ...
 

Comparisons

 

Also Known As

No data available
Phantom
No data available
 

Overview

 

Sample Customers

Information Not Available
Recorded Future, Blackstone
LinkedIn, TransUnion, Citrix, Aetna, Perspecta
Find out what your peers are saying about Splunk SOAR vs. Swimlane and other solutions. Updated: June 2026.
903,118 professionals have used our research since 2012.