Try our new research platform with insights from 80,000+ expert users

Splunk SOAR vs ThreatConnect Threat Intelligence Platform (TIP) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 15, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
45
Ranking in other categories
No ranking in other categories
ThreatConnect Threat Intell...
Ranking in Security Orchestration Automation and Response (SOAR)
13th
Average Rating
8.4
Reviews Sentiment
6.4
Number of Reviews
8
Ranking in other categories
Threat Intelligence Platforms (5th)
 

Mindshare comparison

As of July 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Splunk SOAR is 7.6%, down from 8.5% compared to the previous year. The mindshare of ThreatConnect Threat Intelligence Platform (TIP) is 1.9%, up from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Hamada Elewa - PeerSpot reviewer
Playbook complexity challenges integration but customization enables professional operation
We work with Splunk SOAR from a security perspective, focusing on User Behavior Analytics (UBA) and Security Orchestration, Automation, and Response (SOAR) The customization of the playbook in Splunk SOAR is very beneficial. After building the playbook, it operates professionally. There is an AI…
Harshal Pachpande - PeerSpot reviewer
Automating intelligence workflows significantly reduces false positives and enhances response efficiency
ThreatConnect Threat Intelligence Platform (TIP) offers valuable workflows that integrate with our SOAR platform. It performs dedicated threat scoring capabilities which enrich internal indicators and automate response actions. This has been a key feature in our environment, which we have utilized for picking IOCs. The platform can be domain-specific and customer-specific, allowing data isolation for each customer. The scoring capabilities of ThreatConnect Threat Intelligence Platform (TIP) deserve a rating of nine out of ten. Its scalability and threat scoring capabilities have reduced false positives in our detection, as we dynamically change the IOCs which are updated daily through scheduled polling time over QRadar and SOAR.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."
"The customizable playbook is the most valuable aspect of the solution."
"The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable."
"The tool's most valuable feature is its searchability and ease of action on the logs. I can easily search within the logs and take action on them, and I can trace them back to my environment because the way the logs are written is very helpful for us."
"The most valuable features are the Splunk SOAR apps and playbooks."
"I'm just a beginner on the solution and it's pretty easy for me to use."
"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."
"The customization continues to be excellent."
"The tool's installation, integration, and playbooks are very straightforward."
"The most valuable features are ease of use and the ability to customize it."
"ThreatConnect Threat Intelligence Platform (TIP) has positively impacted my organization by reducing our MTTD through enriching alerts and providing contextual threat intelligence in real-time, cutting down our triage time for high-priority incidents."
"I like their customer support."
"ThreatConnect Threat Intelligence Platform (TIP) has positively impacted my organization by reducing our MTTD through enriching alerts and providing contextual threat intelligence in real-time, cutting down our triage time for high-priority incidents."
"The product automatically generated a threat score based on the maliciousness of an IP."
"The Playbook feature is a game-changer for us, as the integration is available with the SOAR."
"ThreatConnect has a highly user-friendly interface."
 

Cons

"Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much."
"The UI can be more customizable for the clients."
"Splunk's support for integration is subpar and has room for improvement."
"It would be ideal for us if Splunk SOAR could integrate with Teams."
"The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."
"I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginners to learn. It's hard for a new user to figure out how to visualize old threat data. It took two to three months to learn with hands-on experience how to use the dashboard, visualize events, and analyze threats."
"ThreatConnect Threat Intelligence Platform (TIP) could be improved by addressing challenges such as the customization over the tagging mechanism, where filtering based on individual tags is not available, limiting data export."
"ThreatConnect Threat Intelligence Platform (TIP) could be improved by addressing challenges such as the customization over the tagging mechanism, where filtering based on individual tags is not available, limiting data export."
"Support is an area with which nobody is ever fully satisfied, so it can be improved."
"Sometimes, when using the solution, it slows down, affecting our ability to mitigate threats."
"I would like to see improvements in the time zone support of their customer service, considering users are from different time zones."
"Integration is an area that could use some improvement."
"ThreatConnect Threat Intelligence Platform (TIP) could be improved by addressing challenges such as the customization over the tagging mechanism, where filtering based on individual tags is not available, limiting data export."
"They should make it a little bit easier to generate events and share them with the community"
 

Pricing and Cost Advice

"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."
"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."
"It's very overpriced because it is based on the number of users. There is no bulk licensing."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
"The cost is high and the licensing is on an annual basis."
"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
"Splunk SOAR is an expensive solution for an organization of our size."
"I found the price of Splunk SOAR to be good."
"I rate the product price as six on a scale of one to ten, where one is extremely expensive, and ten means it is cheap."
"The tool is expensive."
"The price of this product is in the mid-range, not too expensive, nor inexpensive."
"The price could be better."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
863,429 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
12%
Manufacturing Company
11%
University
6%
Financial Services Firm
17%
Computer Software Company
11%
Manufacturing Company
9%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
What is your experience regarding pricing and costs for Splunk Phantom?
Splunk SOAR is moderately priced, neither cheap nor overly expensive.
What needs improvement with Splunk Phantom?
There are areas in Splunk SOAR that have room for improvement. To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced life...
What do you like most about ThreatConnect Threat Intelligence Platform (TIP)?
The product automatically generated a threat score based on the maliciousness of an IP.
What is your experience regarding pricing and costs for ThreatConnect Threat Intelligence Platform (TIP)?
The pricing seems a bit high for smaller companies. It would be beneficial if they had pricing tailored to different client sizes.
What needs improvement with ThreatConnect Threat Intelligence Platform (TIP)?
The platform needs improvement in its customization of the tagging mechanism. Some filtering options are not available based on individual tags, and we cannot export more types of data. The initial...
 

Also Known As

Phantom
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Recorded Future, Blackstone
Oracle, IBM, General Dynamics, Scotiabank, Sony, Athena Health, Berkshire Hathaway Energy, Workday, TikTok
Find out what your peers are saying about Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP) and other solutions. Updated: July 2025.
863,429 professionals have used our research since 2012.