Try our new research platform with insights from 80,000+ expert users

Splunk SOAR vs ThreatConnect Threat Intelligence Platform (TIP) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 15, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
47
Ranking in other categories
No ranking in other categories
ThreatConnect Threat Intell...
Ranking in Security Orchestration Automation and Response (SOAR)
12th
Average Rating
8.4
Reviews Sentiment
6.5
Number of Reviews
8
Ranking in other categories
Threat Intelligence Platforms (5th)
 

Mindshare comparison

As of September 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Splunk SOAR is 7.7%, down from 8.2% compared to the previous year. The mindshare of ThreatConnect Threat Intelligence Platform (TIP) is 2.1%, up from 1.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Market Share Distribution
ProductMarket Share (%)
Splunk SOAR7.7%
ThreatConnect Threat Intelligence Platform (TIP)2.1%
Other90.2%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Mack Scott - PeerSpot reviewer
Improves response time by consolidating tools and automating threat detection
I haven't gone too far into it to see anything that needs improvement yet. We can likely include some features related to the integration with on-premises resources, rather than focusing solely on the existing automation. These are the additional features that could be included in the future. Splunk's Unified Platform does help consolidate networking security and IT observability tools. They should integrate Splunk Enterprise Security better into Splunk Cloud.
Harshal Pachpande - PeerSpot reviewer
Automating intelligence workflows significantly reduces false positives and enhances response efficiency
ThreatConnect Threat Intelligence Platform (TIP) offers valuable workflows that integrate with our SOAR platform. It performs dedicated threat scoring capabilities which enrich internal indicators and automate response actions. This has been a key feature in our environment, which we have utilized for picking IOCs. The platform can be domain-specific and customer-specific, allowing data isolation for each customer. The scoring capabilities of ThreatConnect Threat Intelligence Platform (TIP) deserve a rating of nine out of ten. Its scalability and threat scoring capabilities have reduced false positives in our detection, as we dynamically change the IOCs which are updated daily through scheduled polling time over QRadar and SOAR.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Technical support is helpful."
"Surprisingly, the mobile app is valuable because it is very convenient for our on-call analysts to respond and get alerted to security alerts and events wherever they are. We are able to harness the power of Splunk SOAR and everything that we are doing, and we are also able to alert our on-call analysts 24/7. From their mobile phone, they can respond to those alerts."
"The most valuable features are the Splunk SOAR apps and playbooks."
"The automation part of the product is great."
"The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time."
"The customization of the playbook in Splunk SOAR is very beneficial."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."
"The Playbook feature is a game-changer for us, as the integration is available with the SOAR."
"I like their customer support."
"We have been able to see a return on investment as our clients believe in us more."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
"ThreatConnect Threat Intelligence Platform (TIP) has positively impacted my organization by reducing our MTTD through enriching alerts and providing contextual threat intelligence in real-time, cutting down our triage time for high-priority incidents."
"The product automatically generated a threat score based on the maliciousness of an IP."
"The most valuable features are ease of use and the ability to customize it."
"ThreatConnect Threat Intelligence Platform (TIP) has positively impacted my organization by reducing our MTTD through enriching alerts and providing contextual threat intelligence in real-time, cutting down our triage time for high-priority incidents."
 

Cons

"Portability is one thing that is currently lacking. The open-source product that I evaluated had portability. It would require a lot of development effort, but it will save the cost of rewriting all the playbooks."
"Splunk's support for integration is subpar and has room for improvement."
"Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient."
"The scalability could be better."
"And most of the challenges that I have faced with the solution can be found in the documentation itself."
"Improving the integration ecosystem can raise the quality of the bottom tier of the integrations so that they can work better out of the box."
"I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region."
"In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration."
"I would like to see improvements in the time zone support of their customer service, considering users are from different time zones."
"ThreatConnect Threat Intelligence Platform (TIP) could be improved by addressing challenges such as the customization over the tagging mechanism, where filtering based on individual tags is not available, limiting data export."
"They should make it a little bit easier to generate events and share them with the community"
"I couldn’t get any training videos online when I was working with the tool."
"It would be good to have more feeds and more integrated sources for enrichment."
"Sometimes, when using the solution, it slows down, affecting our ability to mitigate threats."
"ThreatConnect Threat Intelligence Platform (TIP) could be improved by addressing challenges such as the customization over the tagging mechanism, where filtering based on individual tags is not available, limiting data export."
"Support is an area with which nobody is ever fully satisfied, so it can be improved."
 

Pricing and Cost Advice

"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."
"Splunk SOAR is more expensive compared to other options for SOAR."
"It's very overpriced because it is based on the number of users. There is no bulk licensing."
"The licensing cost is reasonable."
"I found the price of Splunk SOAR to be good."
"The cost is high and the licensing is on an annual basis."
"The price of this product is in the mid-range, not too expensive, nor inexpensive."
"The price could be better."
"The tool is expensive."
"I rate the product price as six on a scale of one to ten, where one is extremely expensive, and ten means it is cheap."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
867,349 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Computer Software Company
12%
Manufacturing Company
11%
University
7%
Financial Services Firm
18%
Computer Software Company
8%
Government
8%
Retailer
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business11
Midsize Enterprise7
Large Enterprise28
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise23
Large Enterprise4
 

Questions from the Community

What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
What is your experience regarding pricing and costs for Splunk Phantom?
The solution is free for us, which is a beneficial aspect.
What needs improvement with Splunk Phantom?
It would be nice if we could put it on other search heads, not just Enterprise Security. We have an ad hoc search head, and compatibility with that would be beneficial. More training classes from S...
What do you like most about ThreatConnect Threat Intelligence Platform (TIP)?
The product automatically generated a threat score based on the maliciousness of an IP.
What is your experience regarding pricing and costs for ThreatConnect Threat Intelligence Platform (TIP)?
The pricing seems a bit high for smaller companies. It would be beneficial if they had pricing tailored to different client sizes.
What needs improvement with ThreatConnect Threat Intelligence Platform (TIP)?
The platform needs improvement in its customization of the tagging mechanism. Some filtering options are not available based on individual tags, and we cannot export more types of data. The initial...
 

Also Known As

Phantom
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Recorded Future, Blackstone
Oracle, IBM, General Dynamics, Scotiabank, Sony, Athena Health, Berkshire Hathaway Energy, Workday, TikTok
Find out what your peers are saying about Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP) and other solutions. Updated: July 2025.
867,349 professionals have used our research since 2012.