Try our new research platform with insights from 80,000+ expert users

Splunk SOAR vs ThreatConnect Threat Intelligence Platform (TIP) comparison

Splunk and ThreatConnect are both solutions in the Security Orchestration Automation and Response (SOAR) category. Splunk is ranked #3 with an average rating of 8.0, while ThreatConnect is ranked #17 with an average rating of 8.3. Splunk holds a 7.3% mindshare in SOAR, compared to ThreatConnect’s 1.7% mindshare. Additionally, 86% of Splunk users are willing to recommend the solution, compared to 100% of ThreatConnect users who would recommend it.
Splunk SOAR
Read 45 Splunk SOAR reviews
  • 4,577 Views
  • 2,761 Comparison Views
86% willing to recommend
ThreatConnect Threat Intell...
Read 6 ThreatConnect Threat Intelligence Platform (TIP) reviews
  • 853 Views
  • 641 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 9, 2025

ThreatConnect and Splunk SOAR are pivotal in the cybersecurity domain. ThreatConnect offers substantial advantages in threat data enrichment, while Splunk SOAR excels in integration with diverse systems, automation, and orchestration.

Features: ThreatConnect TIP provides advanced threat intelligence, empowering risk-based strategies, data enrichment, and robust detection capabilities. In contrast, Splunk SOAR supports powerful integration with various tools, versatile automation of repetitive tasks, and efficient orchestration across security functions.

Room for Improvement: ThreatConnect could benefit from enhanced integration options with broader cybersecurity tools and further automation capabilities. Splunk SOAR, while versatile, needs clearer documentation for smoother deployment, more intuitive interface elements for simplified use, and cost-optimization techniques to make it less expensive upfront.

Ease of Deployment and Customer Service: ThreatConnect TIP is praised for its straightforward deployment and responsive customer support, allowing seamless onboarding into security operations. Splunk SOAR offers comprehensive resources for deployment despite its complex features, with extensive documentation available to aid users through setup intricacies.

Pricing and ROI: ThreatConnect TIP is often more accessible due to its competitive pricing structure, offering quicker ROI for targeted solutions. Splunk SOAR might require a higher initial investment, yet offers significant long-term savings and operational efficiencies through its extensive automation and integration capabilities.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP) Report (Updated: April 2025).
Buyer's Guide
Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP)
April 2025
Download the complete report
Helped 849,686 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
45
Ranking in other categories
No ranking in other categories
ThreatConnect Threat Intell...
Ranking in Security Orchestration Automation and Response (SOAR)
17th
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
6
Ranking in other categories
Threat Intelligence Platforms (6th)
 

Mindshare comparison

As of May 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Splunk SOAR is 7.3%, down from 8.7% compared to the previous year. The mindshare of ThreatConnect Threat Intelligence Platform (TIP) is 1.7%, down from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Shubham Sinha. - PeerSpot reviewer
Helped eliminate repetitive and redundant tasks, but custom functions and reporting need a lot of work
The visibility of the solution’s playbook viewer depends on the right you assign to the analyst. SOAR has the flexibility to distinguish between the roles of analyst and owner. If the analyst's role is to just work on a ticket, they cannot view the playbook design platform. That is limited to the owner. That can be both a good and bad thing. A major problem I have faced in SOAR's rights distribution is roles and responsibilities. Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch, just to amend the rights and responsibilities of one role. This bug was not fixed. Also, the latest GUI is terrible. The previous one was better. Another point is that while using Splunk SOAR in an investigation is not difficult, there are some complex parameters. We have SOAR case management, but the licensing is going to put a big hole in your pocket. Also, there is an issue with investigation node addition. When you are doing node additions you cannot grant the entire environment to have SOAR visibility into the incident. So when you integrate it with an ITSM tool, like ServiceNow or Jira for ticketing purposes, there is a challenge. When you do nodes for investigation on a regular basis, sometimes it does not update our ServiceNow platform, which is terrible. It is a redundant activity for an analyst to update that in the case management as well as in the ITSM tool. Although SOAR provides integration, the functionality of investigation and nodes is terrible when it comes to integration. An additional area for improvement is custom function creation. It's terrible. A newbie cannot create custom functions right away. They would require a solid understanding first. Also, the reporting is really awful. If I want to do a report for a customized time period, such as the last three days or the last four days, or from the 10th to the 12th of June, that is not available in SOAR at all. That kind of feature is available in Cortex XSOAR. Reporting is a real challenge.
Read full review
Aadarsh Dawn - PeerSpot reviewer
Offers features like response capabilities and automation response and automation orchestration
ThreatConnect aggregates and operationalizes Threat intelligence data and sources across internal client environments. It leverages Automation and built in Case Management to streamline and automate threat intelligence-driven processes and investigations within client environments ThreatConnect…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Workflow management is most valuable. It is easily customizable"
"My understanding is the initial setup isn't too hard."
"The most valuable feature of Splunk SOAR that stands out is it has a great SOAR. The automation and orchestration module is highly mature. A lot of use cases are on user entity and behavioral analytics (UEBA), which is artificial intelligence and machine learning-based (AIML)."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"In Splunk SOAR, I find the playbooks valuable. We get to create multiple playbooks, and within each playbook, there is a different type of investigation attached to it, which helps out an analyst or new analysts coming on board."
"The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me."
"Very flexible integration with other tools"
"The customization of the playbook in Splunk SOAR is very beneficial."
More Splunk SOAR pros
"I like their customer support."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
"We have been able to see a return on investment as our clients believe in us more."
"The most valuable features are ease of use and the ability to customize it."
"The tool's installation, integration, and playbooks are very straightforward."
"The product automatically generated a threat score based on the maliciousness of an IP."
"ThreatConnect has a highly user-friendly interface."
 

Cons

"It would be ideal for us if Splunk SOAR could integrate with Teams."
"Various aspects of the playbook development process itself can be optimized."
"Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers."
"Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch.."
"Portability is one thing that is currently lacking. The open-source product that I evaluated had portability. It would require a lot of development effort, but it will save the cost of rewriting all the playbooks."
"have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning."
"And most of the challenges that I have faced with the solution can be found in the documentation itself."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
More Splunk SOAR cons
"Integration is an area that could use some improvement."
"Sometimes, when using the solution, it slows down, affecting our ability to mitigate threats."
"They should make it a little bit easier to generate events and share them with the community"
"I would like to see improvements in the time zone support of their customer service, considering users are from different time zones."
"Support is an area with which nobody is ever fully satisfied, so it can be improved."
"I couldn’t get any training videos online when I was working with the tool."
"It would be good to have more feeds and more integrated sources for enrichment."
 

Pricing and Cost Advice

"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."
"Splunk SOAR is an expensive solution for an organization of our size."
"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
"The cost is high and the licensing is on an annual basis."
"Splunk SOAR is more expensive compared to other options for SOAR."
"I don't know the exact price, but for my region, it is very expensive."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
"The tool is not cheap."
More Splunk SOAR pricing and cost advice
"The price of this product is in the mid-range, not too expensive, nor inexpensive."
"The price could be better."
"The tool is expensive."
"I rate the product price as six on a scale of one to ten, where one is extremely expensive, and ten means it is cheap."
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
See recommendations
849,686 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
11%
Government
8%
Financial Services Firm
16%
Computer Software Company
12%
Manufacturing Company
9%
Government
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
See all answers
What is your experience regarding pricing and costs for Splunk Phantom?
Splunk SOAR is affordable cost-wise only, but not competitive from a technical perspective compared to Palo Alto SOAR and FortiSOAR.
See all answers
What needs improvement with Splunk Phantom?
The creation of playbooks is complex in Splunk SOAR ( /categories/security-orchestration-automation-and-response-soar ), and the number of integrations needs enhancement. Although it enhances alert...
See all answers
What do you like most about ThreatConnect Threat Intelligence Platform (TIP)?
The product automatically generated a threat score based on the maliciousness of an IP.
See all answers
What is your experience regarding pricing and costs for ThreatConnect Threat Intelligence Platform (TIP)?
The pricing seems a bit high for smaller companies. It would be beneficial if they had pricing tailored to different client sizes.
See all answers
What needs improvement with ThreatConnect Threat Intelligence Platform (TIP)?
I would like to see improvements in the time zone support of their customer service, considering users are from different time zones. Additionally, the pricing is high for smaller organizations, so...
See all answers
 

Comparisons

Cortex XSIAM vs Splunk SOAR Logo
Cortex XSIAM vs Splunk SOAR
Compared 21% of the time
Palo Alto Networks Cortex XSOAR vs Splunk SOAR Logo
Palo Alto Networks Cortex XSOAR vs Splunk SOAR
Compared 19% of the time
Fortinet FortiSOAR vs Splunk SOAR Logo
Fortinet FortiSOAR vs Splunk SOAR
Compared 10% of the time
Tines vs Splunk SOAR Logo
Tines vs Splunk SOAR
Compared 9% of the time
ServiceNow Security Operations vs Splunk SOAR Logo
ServiceNow Security Operations vs Splunk SOAR
Compared 8% of the time
More Splunk SOAR Competitors
Recorded Future vs ThreatConnect Threat Intelligence Platform (TIP) Logo
Recorded Future vs ThreatConnect Threat Intelligence Platform (TIP)
Compared 25% of the time
Anomali vs ThreatConnect Threat Intelligence Platform (TIP) Logo
Anomali vs ThreatConnect Threat Intelligence Platform (TIP)
Compared 23% of the time
ThreatQ vs ThreatConnect Threat Intelligence Platform (TIP) Logo
ThreatQ vs ThreatConnect Threat Intelligence Platform (TIP)
Compared 15% of the time
Palo Alto Networks Cortex XSOAR vs ThreatConnect Threat Intelligence Platform (TIP) Logo
Palo Alto Networks Cortex XSOAR vs ThreatConnect Threat Intelligence Platform (TIP)
Compared 10% of the time
Cyware Cyber Fusion vs ThreatConnect Threat Intelligence Platform (TIP) Logo
Cyware Cyber Fusion vs ThreatConnect Threat Intelligence Platform (TIP)
Compared 7% of the time
More ThreatConnect Threat Intelligence Platform (TIP) Competitors
 

Product Reports

Buyer's Guide
Splunk SOAR
April 2025
Splunk SOAR reportDownload Splunk SOAR product report
Buyer's Guide
Threat Intelligence Platforms
April 2025
ThreatConnect Threat Intelligence Platform (TIP) reportDownload ThreatConnect Threat Intelligence Platform (TIP) product report
 

Also Known As

Phantom
No data available
 

Interactive Demo

Demo not available
Splunk
ThreatConnect
 

Overview

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Splunk

The ThreatConnect Threat Intelligence Operations (TIOps) Platform lets organizations operationalize and evolve their cyber threat intel program, enabling cybersecurity operations teams to measurably improve their organization’s resilience to attacks. The TIOps Platform enhances collaboration across teams to drive proactive threat defense, and improve threat detection and response. The AI- and automation-powered TI Ops Platform enables analysts to perform all their work effectively and efficiently in a single, unified platform, allowing threat intel to be aggregated, analyzed, prioritized, and actioned against the most relevant threats. 

ThreatConnect
 

Sample Customers

Recorded Future, Blackstone
Oracle, IBM, General Dynamics, Scotiabank, Sony, Athena Health, Berkshire Hathaway Energy, Workday, TikTok
Buyer's Guide
Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP)
April 2025
Free Report: Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP)
Find out what your peers are saying about Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP) and other solutions. Updated: April 2025.
DOWNLOAD NOW
849,686 professionals have used our research since 2012.
See our Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP) report.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.