Try our new research platform with insights from 80,000+ expert users

Splunk SOAR pros and cons

Vendor: Splunk

4.0 out of 5

56 reviews
88% willing to recommend

Pros & Cons summary

Splunk SOAR enhances ROI with robust automation and integration capabilities, offering customization and automated playbook development. Its orchestrating, user analytics, and machine learning increase productivity, integrating with ticketing systems while maintaining workflows. The automated playbooks reduce manual tasks, allowing threat responses remotely. Despite its strengths, Splunk SOAR faces challenges with a steep learning curve, costly pricing, complex playbook creation, and integration issues with Microsoft and IAM solutions.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

Splunk SOAR significantly improves return on investment with robust automation and integration capabilities.

It offers excellent customization and the ability to automate playbook development, enhancing efficiency and productivity.

Splunk SOAR has a mature orchestration module, powerful in user entity and behavioral analytics, boosted by AI and machine learning.

The integration capabilities are vast, including with ticketing systems, which maintains workflow while connecting with support desks and security tools.

The automated playbooks save considerable time for analysts by reducing manual tasks and enabling responses to threats when not onsite.

CONS

Splunk SOAR has a steep learning curve, particularly with its Python requirements and lack of detailed documentation for every function.

Integration with Microsoft products is problematic, indicating an integration gap, especially concerning IAM solutions like CyberArk and IBM.

The pricing of Splunk SOAR is considered high, particularly for smaller organizations and in certain regions.

Creating playbooks is complex, with the playbook editor lacking full functionality and playbook development being cumbersome.

Splunk SOAR lacks simulation features and comprehensive training materials, making it especially challenging for beginners to learn effectively.

Splunk SOAR Pros review quotes

AS

Chief Technology Officer at Globalnet Research Corporation

Feb 17, 2020

The most valuable feature is the risk-based access control.

Read full review

SA

Technical Lead at Paladion Networks

Apr 30, 2020

Very flexible integration with other tools

Read full review

Senior Data Analyst at a financial services firm with 10,001+ employees

Aug 23, 2020

So far, the interface is very easy to use.

Read full review

Free Report: Splunk SOAR Reviews and More

Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: February 2026.

884,873 professionals have used our research since 2012.

Technical Associate at Positka

Jan 22, 2021

The customization continues to be excellent.

Read full review

reviewer1561083

Cyber Security Solution Architect at a tech services company with 11-50 employees

Apr 26, 2021

I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks.

Read full review

reviewer1540500

Head of Cyber Security Operations Centre at a comms service provider with 1,001-5,000 employees

May 13, 2021

I'm just a beginner on the solution and it's pretty easy for me to use.

Read full review

Filip Stojkovski

VP - Security Automation Lead at a financial services firm with 10,001+ employees

May 3, 2022

I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful.

Read full review

Deputy Manager at a tech vendor with 10,001+ employees

Jun 2, 2022

The most valuable feature of Splunk SOAR that stands out is it has a great SOAR. The automation and orchestration module is highly mature. A lot of use cases are on user entity and behavioral analytics (UEBA), which is artificial intelligence and machine learning-based (AIML).

Read full review

reviewer1260045

Senior Analyst at a computer software company with 11-50 employees

Jun 7, 2022

The automation part of the product is great.

Read full review

MP

Splunk Consultant at Yssy

Jun 15, 2022

The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point.

Read full review

Show 10 more reviews (out of 56)

Splunk SOAR Cons review quotes

AS

Chief Technology Officer at Globalnet Research Corporation

Feb 17, 2020

We want to see improvements made to the APIs such that we can connect to many different systems and data sources.

Read full review

SA

Technical Lead at Paladion Networks

Apr 30, 2020

And most of the challenges that I have faced with the solution can be found in the documentation itself.

Read full review

Senior Data Analyst at a financial services firm with 10,001+ employees

Aug 23, 2020

It would be ideal if we could automate processes even more.

Read full review

Free Report: Splunk SOAR Reviews and More

Learn what your peers think about Splunk SOAR. Get advice and tips from experienced pros sharing their opinions. Updated: February 2026.

884,873 professionals have used our research since 2012.

Technical Associate at Positka

Jan 22, 2021

In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed.

Read full review

reviewer1561083

Cyber Security Solution Architect at a tech services company with 11-50 employees

Apr 26, 2021

I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region.

Read full review

reviewer1540500

Head of Cyber Security Operations Centre at a comms service provider with 1,001-5,000 employees

May 13, 2021

We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap.

Read full review

Filip Stojkovski

VP - Security Automation Lead at a financial services firm with 10,001+ employees

May 3, 2022

The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement.

Read full review

Deputy Manager at a tech vendor with 10,001+ employees

Jun 2, 2022

Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much.

Read full review

reviewer1260045

Senior Analyst at a computer software company with 11-50 employees

Jun 7, 2022

The scalability could be better.

Read full review

MP

Splunk Consultant at Yssy

Jun 15, 2022

Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers.

Read full review

Show 10 more reviews (out of 56)

Product Categories

Product Categories

Security Orchestration Automation and Response (SOAR)

Popular Comparisons

Popular Comparisons

Microsoft Sentinel vs Splunk SOAR

IBM Security QRadar vs Splunk SOAR

Elastic Security vs Splunk SOAR

AWS Security Hub vs Splunk SOAR

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Exabeam vs Splunk SOAR

Torq vs Splunk SOAR

Stellar Cyber Open XDR vs Splunk SOAR

Sumo Logic Security vs Splunk SOAR

Tines vs Splunk SOAR

Logpoint vs Splunk SOAR

Google Security Operations vs Splunk SOAR

ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR

ServiceNow Security Operations vs Splunk SOAR

Fortinet FortiSOAR vs Splunk SOAR

See all alternatives

Product Categories

Product Categories

Security Orchestration Automation and Response (SOAR)

Popular Comparisons

Popular Comparisons

Microsoft Sentinel vs Splunk SOAR

IBM Security QRadar vs Splunk SOAR

Elastic Security vs Splunk SOAR

AWS Security Hub vs Splunk SOAR

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Exabeam vs Splunk SOAR

Torq vs Splunk SOAR

Stellar Cyber Open XDR vs Splunk SOAR

Sumo Logic Security vs Splunk SOAR

Tines vs Splunk SOAR

Logpoint vs Splunk SOAR

Google Security Operations vs Splunk SOAR

ThreatConnect Threat Intelligence Platform (TIP) vs Splunk SOAR

ServiceNow Security Operations vs Splunk SOAR

Fortinet FortiSOAR vs Splunk SOAR

See all alternatives

Related questions

31

Which Do You Recommend, Phantom or Demisto?

136

What are the Top 5 cybersecurity trends in 2022?

157

What is the difference between SIEM and SOAR platforms?

78

What is an incident response playbook and how is it used in SOAR?

37

What are the latest trends in Security Operations Center (SOC)?

91

What tools and solutions do you use for automated incident response in an enterprise in 2022?

43

How to evaluate SIEM detection rules?

41

Why a Security Operations Center (SOC) is important?

52

What types of Security Operations Center (SOC) deployment models do exist?

142

Why is Security Orchestration Automation and Response (SOAR) important for companies?