Splunk SOAR vs ThreatConnect Threat Intelligence Platform (TIP) comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.2
Number of Reviews
41
Ranking in other categories
No ranking in other categories
ThreatConnect Threat Intell...
Ranking in Security Orchestration Automation and Response (SOAR)
19th
Average Rating
8.0
Number of Reviews
5
Ranking in other categories
Threat Intelligence Platforms (4th)
 

Mindshare comparison

As of July 2024, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Splunk SOAR is 7.9%, down from 10.1% compared to the previous year. The mindshare of ThreatConnect Threat Intelligence Platform (TIP) is 1.6%, down from 2.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
Unique Categories:
No other categories found
Threat Intelligence Platforms
7.2%
 

Featured Reviews

NB
Jun 12, 2024
Helps improve our business resilience, reduce our MTTR, and save time overall
One area for improvement in Splunk SOAR is version control for Splunk apps. Currently, for Splunk playbooks, we can hook up a Splunk store to a Git repository with playbooks in it, and it will pull them down periodically, which is amazing. Splunk apps don't have that, and that would be extremely helpful because we do custom coding a lot. There are many vendors out there. And because there isn't source control, we need to emulate that same behavior, which causes us to do other things. For example, we need to create a Git repository somewhere on SOAR and create a clone job that periodically runs a Git pull action. After that, we bring all that SOAR data into that repository. We need to have a Git Hook that automatically tars the app we just created and then uses the API to automatically upload it. Because of that, now we have this app data that's being doubled up because we have SOAR apps in the Apps directory on the back end of Splunk SOAR, and we also have this Git repository, which holds all the same information. That could be highly simplified, and that is a big gap that would make my life and probably other developers' a lot easier. There is a specific situation that comes into place when we have a Splunk SOAR cluster we have to work with. If we also don't have it hooked up to an external Splunk Enterprise instance, trying to debug what's going on in the cluster is extremely difficult because there are 45 different log locations. That could be extremely difficult to try and find out what is going on with all the microservices that are being used in a Splunk SOAR cluster. I had to personally develop a tool to be able to monitor all those logs at once and then parse it out and query that log once we're done with whatever operation so that we can get a clear picture of what's going on in the SOAR cluster, which has been immensely helpful, taking hours off of debugging time to do that. It would be nice to have a tool like that natively available in Splunk SOAR to begin with. Even without the cluster, I believe it's over 30 log sources that could go wrong. Providing Splunk app developers and playbook developers Python Stub files so that way when they create custom code through their IDE, they can have IntelliCode suggestions. It could be dangerous for someone who is coding to constantly have to look back at the documentation and not see, for example, a Python dictionary where they are expecting it. In reality, it's a list, that could cause errors when a playbook runs or when an app runs, and that could be a potential incident that now goes unresolved or a serious issue. That's dangerous. Providing SOAR app developers with some Python Stub files that they can use for IntelliCode suggestions would also be helpful. Also having slight changes to the way that it's expected to create custom modifications to already existing apps on GitHub or Splunk base by essentially inheriting from the base app when we want to have custom modifications, and developers should have to explicitly override any methods from the base class that's there. That way, we're not modifying any of the underlying layers of the base app that's there. We could also hook it up to a Git Repository to receive those updates into the base app and then the custom app. This way we have these custom app features, we have all these extra things being put into it, still on the custom app end so we can have our features and the base app all in one. I think that'd be a novel solution.
SC
Nov 27, 2023
The tool could be integrated into any environment, but it was expensive, and the deployment process was complex
The solution was used for publishing artefacts and threat intel data. We gathered data from the internet and uploaded it to the platform. It was integrated into every aspect of our cybersecurity network, like endpoints, SOC management, patch management, and vulnerability management tools TIP and…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Technical support is helpful."
"The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools."
"When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved."
"The most valuable feature of Splunk SOAR that stands out is it has a great SOAR. The automation and orchestration module is highly mature. A lot of use cases are on user entity and behavioral analytics (UEBA), which is artificial intelligence and machine learning-based (AIML)."
"The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time."
"Workflow management is most valuable. It is easily customizable"
"The solution’s dashboard is really good and customizable. It also has a good UI."
"Its ability to integrate with other systems and applications in our environment is pretty easy. Sometimes if we see any complexity we try to involve a consultant to help us. Everything is through the built-in app. Splunk can connect to any assets through the built-in app. It could be in a platform, firewalls, or endpoints. It's easy if it's an app integration."
"The most valuable features are ease of use and the ability to customize it."
"The product automatically generated a threat score based on the maliciousness of an IP."
"ThreatConnect has a highly user-friendly interface."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
"The tool's installation, integration, and playbooks are very straightforward."
 

Cons

"It would be ideal for us if Splunk SOAR could integrate with Teams."
"Providing Splunk app developers and playbook developers Python Stub files so that way when they create custom code through their IDE, they can have IntelliCode suggestions."
"Unfortunately, not all of our analysts are iPhone users or iOS users. The mobile app is only supported on iOS. Our analysts who have Android do not have that benefit. That would be a nice thing to have so that we can have it across the board and not just for iOS."
"Splunk's support for integration is subpar and has room for improvement."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"The technical support for the Splunk SIEM solution was average."
"It would be ideal if we could automate processes even more."
"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."
"They should make it a little bit easier to generate events and share them with the community"
"Integration is an area that could use some improvement."
"I couldn’t get any training videos online when I was working with the tool."
"Support is an area with which nobody is ever fully satisfied, so it can be improved."
"It would be good to have more feeds and more integrated sources for enrichment."
 

Pricing and Cost Advice

"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."
"The licensing cost is reasonable."
"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
"I don't know the exact price, but for my region, it is very expensive."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
"I found the price of Splunk SOAR to be good."
"Splunk SOAR is an expensive solution for an organization of our size."
"The cost is high and the licensing is on an annual basis."
"The tool is expensive."
"The price of this product is in the mid-range, not too expensive, nor inexpensive."
"The price could be better."
"I rate the product price as six on a scale of one to ten, where one is extremely expensive, and ten means it is cheap."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
792,098 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
14%
Manufacturing Company
11%
Government
10%
Computer Software Company
17%
Financial Services Firm
15%
Government
11%
Manufacturing Company
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
What is your experience regarding pricing and costs for Splunk Phantom?
Everything good comes with a price. The tool is not cheap. However, if we use it to its full potential, it will be beneficial.
What needs improvement with Splunk Phantom?
The solution must provide more AIOps to improve predictability.
What do you like most about ThreatConnect Threat Intelligence Platform (TIP)?
The product automatically generated a threat score based on the maliciousness of an IP.
What is your experience regarding pricing and costs for ThreatConnect Threat Intelligence Platform (TIP)?
The tool's prices are at par when compared to the other products in the market, so it is not uber-premium or too pricey. I rate the product price as six on a scale of one to ten, where one is extre...
What needs improvement with ThreatConnect Threat Intelligence Platform (TIP)?
ThreatConnect Threat Intelligence Platform (TIP) needs to develop its SOAR platform because it currently doesn't position or connect itself as a SOAR tool, even though it has at least 60 percent of...
 

Also Known As

Phantom
No data available
 

Learn More

Video not available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Recorded Future, Blackstone
Oracle, IBM, General Dynamics, Scotiabank, Sony, Athena Health, Berkshire Hathaway Energy, Workday, TikTok
Find out what your peers are saying about Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP) and other solutions. Updated: May 2024.
792,098 professionals have used our research since 2012.