Try our new research platform with insights from 80,000+ expert users

Splunk SOAR vs ThreatConnect Threat Intelligence Platform (TIP) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 15, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
47
Ranking in other categories
No ranking in other categories
ThreatConnect Threat Intell...
Ranking in Security Orchestration Automation and Response (SOAR)
12th
Average Rating
8.4
Reviews Sentiment
6.5
Number of Reviews
6
Ranking in other categories
Threat Intelligence Platforms (5th)
 

Mindshare comparison

As of September 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Splunk SOAR is 7.7%, down from 8.2% compared to the previous year. The mindshare of ThreatConnect Threat Intelligence Platform (TIP) is 2.1%, up from 1.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Market Share Distribution
ProductMarket Share (%)
Splunk SOAR7.7%
ThreatConnect Threat Intelligence Platform (TIP)2.1%
Other90.2%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Mack Scott - PeerSpot reviewer
Improves response time by consolidating tools and automating threat detection
I haven't gone too far into it to see anything that needs improvement yet. We can likely include some features related to the integration with on-premises resources, rather than focusing solely on the existing automation. These are the additional features that could be included in the future. Splunk's Unified Platform does help consolidate networking security and IT observability tools. They should integrate Splunk Enterprise Security better into Splunk Cloud.
Aadarsh Dawn - PeerSpot reviewer
Offers features like response capabilities and automation response and automation orchestration
ThreatConnect aggregates and operationalizes Threat intelligence data and sources across internal client environments. It leverages Automation and built in Case Management to streamline and automate threat intelligence-driven processes and investigations within client environments ThreatConnect…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"In Splunk SOAR, I find the playbooks valuable. We get to create multiple playbooks, and within each playbook, there is a different type of investigation attached to it, which helps out an analyst or new analysts coming on board."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"My understanding is the initial setup isn't too hard."
"Workflow management is most valuable. It is easily customizable"
"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."
"The customization of the playbook in Splunk SOAR is very beneficial."
"The most valuable features are ease of use and the ability to customize it."
"The product automatically generated a threat score based on the maliciousness of an IP."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
"We have been able to see a return on investment as our clients believe in us more."
"I like their customer support."
"The tool's installation, integration, and playbooks are very straightforward."
"ThreatConnect has a highly user-friendly interface."
 

Cons

"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginners to learn. It's hard for a new user to figure out how to visualize old threat data. It took two to three months to learn with hands-on experience how to use the dashboard, visualize events, and analyze threats."
"Improving the integration ecosystem can raise the quality of the bottom tier of the integrations so that they can work better out of the box."
"The cost of Splunk SOAR has room for improvement."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"Unfortunately, not all of our analysts are iPhone users or iOS users. The mobile app is only supported on iOS. Our analysts who have Android do not have that benefit. That would be a nice thing to have so that we can have it across the board and not just for iOS."
"Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient."
"I haven't had any issues with the solution so far."
"They should make it a little bit easier to generate events and share them with the community"
"Integration is an area that could use some improvement."
"I couldn’t get any training videos online when I was working with the tool."
"I would like to see improvements in the time zone support of their customer service, considering users are from different time zones."
"Support is an area with which nobody is ever fully satisfied, so it can be improved."
"Sometimes, when using the solution, it slows down, affecting our ability to mitigate threats."
"It would be good to have more feeds and more integrated sources for enrichment."
 

Pricing and Cost Advice

"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."
"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
"Splunk SOAR is an expensive solution for an organization of our size."
"The tool is not cheap."
"Splunk SOAR is more expensive compared to other options for SOAR."
"Splunk SOAR is moderately priced, neither cheap nor overly expensive."
"I found the price of Splunk SOAR to be good."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
"The price could be better."
"I rate the product price as six on a scale of one to ten, where one is extremely expensive, and ten means it is cheap."
"The price of this product is in the mid-range, not too expensive, nor inexpensive."
"The tool is expensive."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
867,497 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
12%
Financial Services Firm
12%
Manufacturing Company
11%
University
7%
Financial Services Firm
18%
Computer Software Company
8%
Government
8%
Retailer
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business11
Midsize Enterprise7
Large Enterprise28
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise23
Large Enterprise4
 

Questions from the Community

What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
What is your experience regarding pricing and costs for Splunk Phantom?
The solution is free for us, which is a beneficial aspect.
What needs improvement with Splunk Phantom?
It would be nice if we could put it on other search heads, not just Enterprise Security. We have an ad hoc search head, and compatibility with that would be beneficial. More training classes from S...
What do you like most about ThreatConnect Threat Intelligence Platform (TIP)?
The product automatically generated a threat score based on the maliciousness of an IP.
What is your experience regarding pricing and costs for ThreatConnect Threat Intelligence Platform (TIP)?
The pricing seems a bit high for smaller companies. It would be beneficial if they had pricing tailored to different client sizes.
What needs improvement with ThreatConnect Threat Intelligence Platform (TIP)?
The platform needs improvement in its customization of the tagging mechanism. Some filtering options are not available based on individual tags, and we cannot export more types of data. The initial...
 

Also Known As

Phantom
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Recorded Future, Blackstone
Oracle, IBM, General Dynamics, Scotiabank, Sony, Athena Health, Berkshire Hathaway Energy, Workday, TikTok
Find out what your peers are saying about Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP) and other solutions. Updated: July 2025.
867,497 professionals have used our research since 2012.