Google Security Operations vs Splunk SOAR comparison

Google and Splunk are both solutions in the Security Orchestration Automation and Response (SOAR) category. Google is ranked #14 with an average rating of 9.0, while Splunk is ranked #1 with an average rating of 8.3. Google holds a 3.7% mindshare in SOAR, compared to Splunk’s 7.1% mindshare. Additionally, 87% of Google users are willing to recommend the solution, compared to 90% of Splunk users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Mar 29, 2026

Google Security Operations and Splunk SOAR are competitive products in the security operations category. Google Security Operations gains an edge with its seamless integration with Google Cloud services, while Splunk SOAR is recognized for its advanced orchestration capabilities and wide range of integrations.

Features: Google Security Operations offers native integration with Google Cloud, ensuring effective threat detection and response. It excels in automation capabilities and scalable cloud integration. Splunk SOAR stands out with its robust playbook development, extensive third-party integrations, and advanced threat orchestration features, appealing to organizations seeking high flexibility and functionality.

Room for Improvement: Google Security Operations could enhance its non-Google Cloud integrations and expand customization options to cater to diverse business environments. Splunk SOAR can improve by streamlining its complex setup process and enhancing user interface intuitiveness for newer users, while also optimizing resource utilization, particularly in its AI engine.

Ease of Deployment and Customer Service: Google Security Operations offers straightforward deployment, particularly beneficial for Google Cloud users, alongside reliable customer support. Splunk SOAR, while offering excellent support, presents a more complex setup given its extensive customization potential, which may appeal to those with specific organizational needs.

Pricing and ROI: Google Security Operations is considered to have competitive pricing for Google Cloud users, leading to a favorable ROI with its integrated services. Splunk SOAR requires a higher initial investment but promises long-term ROI through its comprehensive feature set, making it a wise choice for businesses prioritizing advanced security capabilities.

To learn more, read our detailed Google Security Operations vs. Splunk SOAR Report (Updated: June 2026).

Buyer's Guide

Google Security Operations vs. Splunk SOAR

June 2026

Download the complete report

Helped 900,747 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Torq

Mindshare comparison

As of June 2026, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Torq is 3.8%, down from 5.5% compared to the previous year. The mindshare of Google Security Operations is 3.7%, up from 2.2% compared to the previous year. The mindshare of Splunk SOAR is 7.1%, down from 7.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Orchestration Automation and Response (SOAR) Mindshare Distribution
Product	Mindshare (%)
Splunk SOAR	7.1%
Torq	3.8%
Google Security Operations	3.7%
Other	85.4%

Security Orchestration Automation and Response (SOAR)

Featured Reviews

AdityaDesai

Solutions Architect at Swimlane

Automation has streamlined multi-tenant SOC workflows and improves alert handling efficiency

Although the reporting within Torq is not that great, we did ask for many features regarding reporting in Torq, but due to some platform constraints, they could not make the whole dataset available for us to be used in reporting. Except for that, we used some basic reporting. When I used Torq, it was indeed in the early stages of AI capabilities. Only a few customers were allowed to use it, and we were among them. It functioned well as long as we summarized the data properly. If you input garbage, you would get garbage out. Thus, we had to do significant fine-tuning regarding what data context we provided to the AI orchestrator to get meaningful results. In terms of Torq's unified platform approach to AI SOC automation and case management compared to managing multiple point solutions across my security stack, I find it case-centric. The unified view in case management is good since it provides clarity, although there are limitations regarding how many items in case management can be modified at once. Bulk operations are very limited, potentially due to their back-end database or data retrieval processes that can be improved. Regarding improvements for Torq, when we were onboarded, there were aspects we were uncertain about, such as the number of cases that could be generated, what data we could bring in, how many clients we could onboard, and similar concerns. Initially, we also lacked clarity about the number of playbooks or workflows we could build. Different triggers like system triggers, case-based triggers, and others can be employed without restrictions, but when it comes to on-demand and scheduled jobs, there is a limitation based on the subscription and pricing tier that notably caps the number of workflows we can create. No bulk editing across cases was one issue, along with limited filtering related to single grouping constraints. Additionally, the out-of-the-box case templates provided require substantial modifications before they become usable. There is also a feature in the cases for notes that cannot be searched. They are only visible through the UI, which is another area for improvement. The workflow and execution-based charges seem misleading as this was not discussed initially. I am not sure if new customers are made aware of this. It seems that workflows revolving around cases hinder functionality outside of case management, as we have many use cases needing on-demand triggers and schedules for functions like reporting or polling devices. Creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers. While they facilitate optimization and scaling, the support received tends to be very basic. Improvements can be made in that area as well.

Read full review

ChaitanyaKajjam

Technical Lead at a transportation company with 1,001-5,000 employees

Simplified detection rules and SOAR workflows have improved compliance-focused operations

One improvement I am looking for is silent log source monitoring. If some feed or some host went offline or was not pulling any logs into Google Security Operations, I would want better visibility. Silent host monitoring would make a significant difference because it is very hard to track which host went down, and there are many false positives as a result. I think there is a lot of room for scalability improvements, particularly in the integration of third-party applications. Currently, I have to write a script and use a cloud run function to pull logs. If there were direct ingestion by simply providing an API key and some sort of client certificate, it would be much easier.

Read full review

Shiboo Suren

Manager cybersecurity at Hexion Inc.

Automates threat response and reduces investigation time but needs better threat intelligence integration

One thing that we would like to see with Splunk SOAR is the expandability to the threat intelligence feed. Currently, we have limited ingestion to the threat intelligence feed for the correlation purpose. We would like to see it being integrated, with license cost or without license cost, to leading threat intelligence sources such as Recorded Future, Feedly, or Flare. That is something we would appreciate having integrated. The second thing on the improvement side is about exposed credential-related information. If we start ingesting those data to Splunk SOAR or SIEM with some sort of integration with threat intelligence feed, that will also improve our detection and prediction method or help us with the investigation.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"What I liked the most about Torq is the actual workflow builder, which is really great because they offer a lot of features and convenience features that are useful for any automation engineer."

"Torq has exceeded expectations by delivering workflows in a timely and lower effort manner than XSOAR, and it meets all my needs while saving a ton of time and targeting $600,000 saved this year, which is a substantial amount of money."

"Torq's unified platform approach to AI, SOAR, automation, and case management is superior compared to my experience managing multiple point solutions."

"If I review about 100 vendors that I might work with, Torq is definitely in the top five that gave me personally investment back, just because every bit of effort I put into Torq eventually became a workflow that gave it back to me."

"Since we started working with Torq, I am handling much fewer alerts, it is becoming really easy for me to handle an alert, I have all the information that I need, I do not need to connect to different vendors to receive this information, and the main thing I got from Torq is time, which now helps me to build another automated system and learn."

"Under one SOC tool in Torq, analysts get to know everything within the context of an alert or incident they are working on, and this ability to view the whole picture within Torq is one of the major breakthroughs and best offerings of Torq."

"Torq has helped a lot regarding SOC analyst efficiency."

"Any request that comes in, regardless of how complex it is, I can accomplish it with Torq."

More Torq pros

"The most valuable feature of Siemplify is the playbooks that can be created."

"Google Security Operations helps meet all the important regulatory compliance across all verticals."

"Without hyperbole, I have never, in my entire career, encountered a vendor or a vendor community as awesome as Siemplify. Siemplify and the Siemplify Community quite literally made it possible for our SOC to increase almost five-fold in our number of clients and number of analysts and to go from a Monday to Friday 9-5 shop to a 24/7 shop all in the span of under a year and a half and all while continually adding capabilities and improving the services we offer to our clients."

"Google SecOps is extremely useful for threat detection and hunting."

"Overall, Google SecOps is a very useful service for security operations."

"The valuable parts of Google Security Operations include how easy it is to write parsers or detection rules, and it is well-advanced in the analytical part."

"The playbooks feature in Siemplify is crucial for automation. We've utilized both standard and custom integrations with other security operation solutions, enhancing our flexibility. The user interface is generally straightforward, although recent changes may require some adjustment and Siemplify's integrations and capabilities offer potential support for various compliance requirements."

"The most valuable features are the Splunk SOAR apps and playbooks."

"I'm just a beginner on the solution and it's pretty easy for me to use."

"The best feature in Splunk SOAR is the visual Playbook Editor. The drag-and-drop interfaces make visualizations and understanding workflows easy."

"Analysts save a lot of time with Splunk SOAR because all relevant details from phishing emails, including the email ID, IP address, sender information, and email content such as links or attachments, are automatically integrated into an incident and sent to ServiceNow, making troubleshooting easier and enabling them to start investigating directly or know what to do next."

"Since deploying Splunk SOAR, there has been a notable reduction in time spent on monotonous security tasks, which I estimate to be around 95%, enabling my team to focus on more strategic initiatives."

"The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable."

"Its ability to integrate with other systems and applications in our environment is pretty easy. Sometimes if we see any complexity we try to involve a consultant to help us. Everything is through the built-in app. Splunk can connect to any assets through the built-in app. It could be in a platform, firewalls, or endpoints. It's easy if it's an app integration."

"We are not a 24/7 SOC, so the most valuable feature of Splunk SOAR is the auto-response to threats when we are not in the office and the notifications that it sends to the on-call engineer."

More Splunk SOAR pros

Cons

"The initial deployment of Torq was not easy."

"Additionally, the documentation for Torq is not very clear. Most of the information is presented in videos, which are not ideal for reading; there are mostly paragraphs and other text-based content."

"Regarding the pricing of Torq, I would say it is expensive."

"It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet."

"I wish Torq's AI assistant for building templated workflows from scratch worked better; when you start with a blank slate, asking AI to help you build or template the workflow out does not go well."

"We have MCP that we are working with our cloud security platform, and we wanted to connect this MCP to the case management."

"The workflow and execution-based charges seem misleading as this was not discussed initially, and creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers."

"Torq does extensive marketing saying that SOAR is dead and markets itself as an all-in-one solution, but this is not actually true."

More Torq cons

"Building the playbooks could be easier and the integration could improve. It is a difficult process, such as what API connections need to be made."

"I'm inclined to say that I'd love to see some Machine Learning capabilities integrated into the platform, however, I just attended a demo this morning where Siemplify gave a sneak peek into some Machine Learning capabilities that they are currently developing and have roadmapped for release soon."

"We often encounter minor issues that could be improved, but we maintain communication with the developers and submit feature requests. Recently, I requested enhancements such as improved search functionality within playbooks and expanded options for exporting case data."

"The main improvement could be in the accuracy and detail provided in threat descriptions."

"I can give customer service a rating of six because it is very hard sometimes to keep up with the support."

"In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration."

"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."

"We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them."

"I have found a challenge in my three months with Splunk SOAR in that it is quite a heavy tool to maintain."

"Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch.."

"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."

"Technical support can be improvised more. That is one area where I feel the team is sometimes struggling."

"There are areas in Splunk SOAR that have room for improvement. To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced lifecycle management."

More Splunk SOAR cons

Pricing and Cost Advice

Information not available

"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."

"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."

"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."

"I don't know the exact price, but for my region, it is very expensive."

"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."

"The licensing cost is reasonable."

"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."

"Splunk SOAR is moderately priced, neither cheap nor overly expensive."

More Splunk SOAR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.

See recommendations

900,747 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

14%

Manufacturing Company

10%

Comms Service Provider

10%

Construction Company

Financial Services Firm

15%

Manufacturing Company

11%

University

Outsourcing Company

Financial Services Firm

12%

Manufacturing Company

Construction Company

Media Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	2
Midsize Enterprise	5
Large Enterprise	5

By reviewers
Company Size	Count
Small Business	4
Large Enterprise	3

By reviewers
Company Size	Count
Small Business	17
Midsize Enterprise	10
Large Enterprise	40

Questions from the Community

What needs improvement with Torq?

I do not dislike anything about Torq because it has satisfied all of our use cases and requirements. We contacted sup...

See all answers

What is your primary use case for Torq?

Initially, we were using Slack for small automations, such as creating pipelines or shutting down servers. For exampl...

See all answers

What advice do you have for others considering Torq?

I have been working for five years with experience in the IT field. Torq is very good. It manages everything. I would...

See all answers

What is your experience regarding pricing and costs for Siemplify?

The pricing for Google SecOps and Microsoft Sentinel is almost the same, with no significant differences.

See all answers

What needs improvement with Siemplify?

One improvement I am looking for is silent log source monitoring. If some feed or some host went offline or was not p...

See all answers

What is your primary use case for Siemplify?

I'm working with Google Security Operations. There is a product called Chronicle SecOps, which is a SOC tool and a SI...

See all answers

What is your experience regarding pricing and costs for Splunk Phantom?

The pricing is quite high. Splunk SOAR is high priced, but their product is also a market leader, so that way it is g...

See all answers

What needs improvement with Splunk Phantom?

Splunk SOAR can use generative AI more extensively in terms of creating the reports which can be presented to the top...

See all answers

What is your primary use case for Splunk Phantom?

Splunk SOAR has been in use for almost seven or eight years.

See all answers

Comparisons

Tines vs Torq

Compared 27% of the time

Blink Ops vs Torq

Compared 11% of the time

Palo Alto Networks Cortex XSOAR vs Torq

Compared 10% of the time

Swimlane vs Torq

Compared 8% of the time

Cortex XSIAM vs Torq

Compared 3% of the time

More Torq Competitors

Panther vs Google Security Operations

Compared 10% of the time

Microsoft Sentinel vs Google Security Operations

Compared 9% of the time

Google Chronicle Suite vs Google Security Operations

Compared 5% of the time

Palo Alto Networks Cortex XSOAR vs Google Security Operations

Compared 5% of the time

Sentinel vs Google Security Operations

Compared 2% of the time

More Google Security Operations Competitors

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Compared 12% of the time

Tines vs Splunk SOAR

Compared 9% of the time

Fortinet FortiSOAR vs Splunk SOAR

Compared 9% of the time

ServiceNow Security Operations vs Splunk SOAR

Compared 6% of the time

VMware Carbon Black Cloud vs Splunk SOAR

Compared 5% of the time

More Splunk SOAR Competitors

Product Reports

Buyer's Guide

Torq

May 2026

Download Torq product report

Buyer's Guide

Security Orchestration Automation and Response (SOAR)

June 2026

Download Google Security Operations product report

Buyer's Guide

Splunk SOAR

May 2026

Download Splunk SOAR product report

Also Known As

No data available

Siemplify ThreatNexus

Phantom

Overview

Torq is the enterprise AI SOC solution that effectively combines adaptive insights and automation to handle critical threats efficiently. It manages threat lifecycles, swiftly moving from triage to response, ensuring effective risk management.

Torq is designed to streamline security operations by aggregating telemetry across your security stack. It investigates significant risks and manages threats from triage to containment and remediation. This AI-driven tool enhances the capabilities of your SecOps team, allowing them to achieve more impactful results without introducing complicated processes.

What are the key features of Torq?

Adaptive Agentic Insights: Provides real-time threat intelligence tailored to specific security challenges.
Automation: Automates responses to security incidents, minimizing manual intervention requirements.
Threat Lifecycle Management: Comprehensive handling of threats from detection to remediation.
Telemetry Aggregation: Integrates data across platforms for a unified security overview.

Why consider Torq based on reviews?

Efficiency: Users notice significant reductions in time spent managing threats.
Risk Reduction: Enhanced ability to identify and address critical threats promptly.
Resource Optimization: Allows teams to allocate effort to other critical tasks by reducing manual security operations.
Scalability: Adaptable to meet the demands of growing or changing infrastructures.

In industries like finance and healthcare, Torq shows effectiveness by adapting to specific risk scenarios often encountered in these fields. Its integration with existing infrastructures makes it a valuable asset for maintaining stringent security standards, essential for protecting critical data and operations in diverse high-stakes environments.

Torq

Google Security Operations offers a robust playbook builder and integration capabilities designed to streamline workflows and integrate seamlessly with existing systems for enhanced security management.

Google Security Operations stands out in threat detection, monitoring, and alarm management, especially when used alongside Mandiant. Its intuitive interface supports compliance requirements, and it provides customizable workflows through playbooks. Integration with multiple tools allows for automation and increased flexibility, though improvements in API connection determination and playbook search capabilities could enhance user experience. Effective in orchestrating alerts and managing security events, it is extensively used for automated response, efficient alert triage, investigation, reporting, and ticketing management, supporting over 20 use cases including real-time threat detection.

What are the Key Features of Google Security Operations?

Playbook Builder: Allows for creating customizable workflows tailored to specific scenarios.
Integration Capabilities: Facilitates connectivity with numerous tools for automation.
Threat Detection: Improves monitoring and response when combined with Mandiant's capabilities.
Simplicity in Feature Adoption: Easy incorporation of new features and workflows.

What Benefits Should You Look for in Reviews?

Workflow Efficiency: Automates triage and investigation processes for quicker security management.
Real-Time Threat Detection: Enhances monitoring effectiveness in Managed Extended Detection and Response strategies.
Flexibility: Adaptable integrations support dynamic security needs.
Compliance Support: Aids in maintaining regulatory standards with straightforward reporting features.

In industries where real-time threat response is critical, such as finance and healthcare, Google Security Operations is favored for its automation and integration capabilities. These characteristics are vital for efficiently managing complex security landscapes and maintaining compliance across sectors.

Google

Splunk SOAR focuses on automating security operations with seamless third-party integrations and customizable workflows, enhancing incident response and threat management.

Splunk SOAR offers robust playbook automation and powerful API connectivity, allowing organizations to streamline workflows and integrate extensively with tools like Salesforce and ServiceNow. With its capabilities in real-time data visualization and automated threat responses, it significantly enhances security and reduces manual efforts. Users appreciate the ease of creating playbooks, which reduces mean time to detect and resolve. However, attention to its integration challenges with Microsoft products, the need for more playbooks, and improved customization tools is necessary. Enhancements in the development process, visibility, scalability, and case management options are also beneficial. Improving documentation and training resources would add more depth and accessibility.

What are the top features of Splunk SOAR?

Third-party integrations: Supports extensive integration with tools like Salesforce and ServiceNow.
Playbook automation: Facilitates easy creation and management of automated workflows.
Customizable workflows: Offers Python-based customization for tailored security operations.
API connectivity: Powerful API support for seamless tool consolidation and streamlined workflows.
Data visualization: Provides real-time data visualization for enhanced situational awareness.

What benefits or ROI users should consider?

Operational efficiency: Reduces mean time to detect and resolve incidents through automation.
Manual effort reduction: Automates threat responses, minimizing manual workload in security operations.
Enhanced security: Offers end-to-end visibility and automated threat mitigation processes.
Time savings: Optimizes processes and improves response efficiency in cybersecurity operations.

Organizations implement Splunk SOAR in industries to automate tasks in Security Operation Centers, addressing incidents such as phishing, brute force, and ransomware. It integrates with third-party applications for threat intelligence enrichment, commonly deployed both on-premise and cloud, enhancing cybersecurity efforts.

Splunk

Sample Customers

Information Not Available

FedEx Mondelez Intenrational Check Point Trustwave Atos Cyberint Bae Systems Crowe Longwall Security Telefonica Nordea HCL

Recorded Future, Blackstone

Buyer's Guide

Google Security Operations vs. Splunk SOAR

June 2026

Free Report: Google Security Operations vs. Splunk SOAR

Find out what your peers are saying about Google Security Operations vs. Splunk SOAR and other solutions. Updated: June 2026.

DOWNLOAD NOW

900,747 professionals have used our research since 2012.

See our Google Security Operations vs. Splunk SOAR report.

See our list of best Security Orchestration Automation and Response (SOAR) vendors.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.