Try our new research platform with insights from 80,000+ expert users

Splunk SOAR vs ThreatConnect Threat Intelligence Platform (TIP) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 15, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
45
Ranking in other categories
No ranking in other categories
ThreatConnect Threat Intell...
Ranking in Security Orchestration Automation and Response (SOAR)
13th
Average Rating
8.4
Reviews Sentiment
6.4
Number of Reviews
8
Ranking in other categories
Threat Intelligence Platforms (5th)
 

Mindshare comparison

As of July 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Splunk SOAR is 7.6%, down from 8.5% compared to the previous year. The mindshare of ThreatConnect Threat Intelligence Platform (TIP) is 1.9%, up from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Hamada Elewa - PeerSpot reviewer
Playbook complexity challenges integration but customization enables professional operation
We work with Splunk SOAR from a security perspective, focusing on User Behavior Analytics (UBA) and Security Orchestration, Automation, and Response (SOAR) The customization of the playbook in Splunk SOAR is very beneficial. After building the playbook, it operates professionally. There is an AI…
Harshal Pachpande - PeerSpot reviewer
Automating intelligence workflows significantly reduces false positives and enhances response efficiency
ThreatConnect Threat Intelligence Platform (TIP) offers valuable workflows that integrate with our SOAR platform. It performs dedicated threat scoring capabilities which enrich internal indicators and automate response actions. This has been a key feature in our environment, which we have utilized for picking IOCs. The platform can be domain-specific and customer-specific, allowing data isolation for each customer. The scoring capabilities of ThreatConnect Threat Intelligence Platform (TIP) deserve a rating of nine out of ten. Its scalability and threat scoring capabilities have reduced false positives in our detection, as we dynamically change the IOCs which are updated daily through scheduled polling time over QRadar and SOAR.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I'm just a beginner on the solution and it's pretty easy for me to use."
"The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful."
"The most valuable features are the Splunk SOAR apps and playbooks."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"The product’s integration with other Splunk products is valuable."
"I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks."
"The Playbook feature is a game-changer for us, as the integration is available with the SOAR."
"We have been able to see a return on investment as our clients believe in us more."
"The product automatically generated a threat score based on the maliciousness of an IP."
"ThreatConnect Threat Intelligence Platform (TIP) has positively impacted my organization by reducing our MTTD through enriching alerts and providing contextual threat intelligence in real-time, cutting down our triage time for high-priority incidents."
"The tool's installation, integration, and playbooks are very straightforward."
"I like their customer support."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
"ThreatConnect has a highly user-friendly interface."
 

Cons

"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"They can improve on what they are currently doing. They can provide more playbooks or at least template playbooks that are in their repository."
"The cost of Splunk SOAR has room for improvement."
"The UI can be more customizable for the clients."
"While there have been improvements to the investigation process, particularly with the playbook data, the current log review method is cumbersome."
"To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced lifecycle management."
"I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
"Support is an area with which nobody is ever fully satisfied, so it can be improved."
"ThreatConnect Threat Intelligence Platform (TIP) could be improved by addressing challenges such as the customization over the tagging mechanism, where filtering based on individual tags is not available, limiting data export."
"ThreatConnect Threat Intelligence Platform (TIP) could be improved by addressing challenges such as the customization over the tagging mechanism, where filtering based on individual tags is not available, limiting data export."
"I would like to see improvements in the time zone support of their customer service, considering users are from different time zones."
"It would be good to have more feeds and more integrated sources for enrichment."
"ThreatConnect Threat Intelligence Platform (TIP) could be improved by addressing challenges such as the customization over the tagging mechanism, where filtering based on individual tags is not available, limiting data export."
"Integration is an area that could use some improvement."
"Sometimes, when using the solution, it slows down, affecting our ability to mitigate threats."
 

Pricing and Cost Advice

"The cost is high and the licensing is on an annual basis."
"I found the price of Splunk SOAR to be good."
"It's very overpriced because it is based on the number of users. There is no bulk licensing."
"Splunk SOAR is moderately priced, neither cheap nor overly expensive."
"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."
"Splunk SOAR is more expensive compared to other options for SOAR."
"Splunk SOAR is an expensive solution for an organization of our size."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
"I rate the product price as six on a scale of one to ten, where one is extremely expensive, and ten means it is cheap."
"The price of this product is in the mid-range, not too expensive, nor inexpensive."
"The price could be better."
"The tool is expensive."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
862,514 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
11%
University
6%
Financial Services Firm
17%
Computer Software Company
11%
Manufacturing Company
9%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
What is your experience regarding pricing and costs for Splunk Phantom?
Splunk SOAR is moderately priced, neither cheap nor overly expensive.
What needs improvement with Splunk Phantom?
There are areas in Splunk SOAR that have room for improvement. To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced life...
What do you like most about ThreatConnect Threat Intelligence Platform (TIP)?
The product automatically generated a threat score based on the maliciousness of an IP.
What is your experience regarding pricing and costs for ThreatConnect Threat Intelligence Platform (TIP)?
The pricing seems a bit high for smaller companies. It would be beneficial if they had pricing tailored to different client sizes.
What needs improvement with ThreatConnect Threat Intelligence Platform (TIP)?
The platform needs improvement in its customization of the tagging mechanism. Some filtering options are not available based on individual tags, and we cannot export more types of data. The initial...
 

Also Known As

Phantom
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Recorded Future, Blackstone
Oracle, IBM, General Dynamics, Scotiabank, Sony, Athena Health, Berkshire Hathaway Energy, Workday, TikTok
Find out what your peers are saying about Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP) and other solutions. Updated: July 2025.
862,514 professionals have used our research since 2012.