← SOARSplunk SOAR

StrongStrongStrongStrong

4.5

Vendors › SOAR › Splunk SOAR

Splunk SOAR

Name: Splunk SOAR
Rating: 4.5 (680 reviews)
Author: Splunk (Cisco)

Splunk (Cisco)

Founded 2003·US·Private

4.5

Combined score

4.3120

Gartner

4.7380

⚠

Security incident on record — Cisco completed acquisition of Splunk March 2024 for $28B

▪ Editorial verdict

Splunk SOAR is the most mature and most integrated SOAR platform in the market. The 300 plus native connectors covering every major security tool, the deepest machine learning analytics for automated triage, and the native SIEM plus SOAR integration when used alongside Splunk Enterprise Security create an automation capability that newer platforms have not yet matched in breadth. For large enterprises that have already committed to the Splunk platform, SOAR is the natural extension that maximises the return on that investment.

The per-action pricing model is the most frequently cited concern: organisations with high automation volumes have reported cost escalation that was not anticipated in initial procurement. The Cisco acquisition of Splunk in 2024 also introduces the standard strategic-acquirer questions about pricing and roadmap that buyers should address directly.

The verdict: Splunk SOAR is right for enterprises running Splunk Enterprise Security that want the broadest integration catalog and the most mature automation capability. Organisations without existing Splunk investment should evaluate Swimlane Turbine or Palo Alto Cortex XSOAR.

Last reviewed: May 2026

4.3120 reviews

Gartner

4.7380 reviews

PeerSpot

8.5180 reviews

Gartner MQ: Leader (Gartner SOAR MQ 2024 — most mature)

SOAR assessment

PROTECTIONStrong

Playbook automation

5 / 5

Response action breadth

5 / 5

OPERATIONSStrong

Integration library

5 / 5

Case management

5 / 5

ANALYTICSStrong

SOC metrics & reporting

5 / 5

TRUST & ECOSYSTEMStrong

Enterprise scale & reliability

5 / 5

Strongest: Playbook automation

Watch out for: Enterprise scale & reliability

Strengths & limitations

Strengths

●Most mature SOAR platform — 600+ app integrations, largest playbook library in category

●Deep native integration with Splunk Enterprise Security SIEM

●Python-based playbooks give unlimited customisation for complex response workflows

Watch out for

●Highest cost in SOAR category — pricing model is complex and can escalate

●Steep learning curve — requires dedicated SOAR engineer to operate effectively

●Cisco acquisition adds integration uncertainty for existing Splunk customers

Best for

Mature SOC teams with Splunk ES wanting the most complete SOAR with widest integration library and deepest automation depth.

Not suitable for: Organisations without Splunk ES — value diminishes significantly without native SIEM integration.

Compliance coverage

●Essential Eight

●AU Privacy Act

●SOC 2

●HIPAA

●NIST CSF

●PCI-DSS

●CMMC

●GDPR

●NIS2

●DORA

●ISO 27001

●CIS Benchmarks

Switching intelligence

Switching from

Common migration paths based on review data

Manual SOC processes
Homegrown Python scripts

Also considering

Vendors typically shortlisted alongside

← Back to SOAR Compare with other SOAR vendors →

Quick facts

Pricing modelper action/year; enterprise custom

Pricing rangeEnterprise custom; typically $40,000-200,000+/year

Free trialNo

Min seatsNo minimum

Deployment time4-8 weeks

Complexity4 / 5

Pricing transparency2 / 5

AU presenceYes

IRAP assessedNo

Open sourceProprietary

Deployment

ModelsSaaS, On-premises, Hybrid

OS supportCloud-native, On-premises

CloudAWS, Azure, GCP

Support24/7 Phone, Email, Dedicated CSM, Professional Services

Data residencyUS, EU

Company

Splunk (Cisco)

Founded 2003 · 8,000-9,000 (Cisco division) employees · Private

HQ: US

Part of Cisco revenue; Splunk was $3.7B ARR pre-acquisition

Certifications

FedRAMP, SOC 2 Type II, ISO 27001, PCI-DSS

Integrations

Splunk ESCrowdStrikeSentinelOneMicrosoft DefenderOktaServiceNowJira600+ apps