TrustRadius

Splunk SOAR vs. ThreatConnect Threat Intelligence Operations Platform

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Splunk SOAR
Score 8.2 out of 10
N/A
Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.N/A
ThreatConnect Threat Intelligence Operations Platform
Score 8.3 out of 10
N/A
TI Ops is the threat intelligence platform built for operations, not just centralization. It ingests hundreds of internal and external sources, enriches them with AI, and aligns them to any intelligence requirements and MITRE ATT&CK gaps. Analysts can operationalize insights across the SOC, IR, hunt, and vulnerability teams. When combined with Polarity and Risk Quantifier, TI Ops helps teams act on intelligence faster and focus on the threats that truly matter to the…N/A
Pricing
Splunk SOARThreatConnect Threat Intelligence Operations Platform
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Splunk SOARThreatConnect Threat Intelligence Operations Platform
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoYes
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
Splunk SOARThreatConnect Threat Intelligence Operations Platform
Considered Both Products
Splunk SOAR

No answer on this topic

ThreatConnect Threat Intelligence Operations Platform
Verified User
Engineer
Chose ThreatConnect Threat Intelligence Operations Platform
As ThreatConnect Threat Intelligence Operations Platform has a ready HTTP Client App, we can virtually integrate it with any system that supports REST APIs. This gives great room for integration and automation that is not found on other systems.
Features
Splunk SOARThreatConnect Threat Intelligence Operations Platform
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
Splunk SOAR
-
Ratings
ThreatConnect Threat Intelligence Operations Platform
7.1
3 Ratings
2% below category average
Network Analytics00 Ratings6.42 Ratings
Threat Recognition00 Ratings6.93 Ratings
Vulnerability Classification00 Ratings6.62 Ratings
Automated Alerts and Reporting00 Ratings8.53 Ratings
Threat Analysis00 Ratings6.53 Ratings
Threat Intelligence Reporting00 Ratings7.83 Ratings
Best Alternatives
Splunk SOARThreatConnect Threat Intelligence Operations Platform
Small Businesses

No answers on this topic

Egnyte
Egnyte
Score 9.4 out of 10
Medium-sized Companies
LogRhythm NextGen SIEM Platform
LogRhythm NextGen SIEM Platform
Score 6.6 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
Enterprises
Palo Alto Networks Cortex XSOAR
Palo Alto Networks Cortex XSOAR
Score 7.2 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Splunk SOARThreatConnect Threat Intelligence Operations Platform
Likelihood to Recommend
7.0
(41 ratings)
8.5
(3 ratings)
Likelihood to Renew
7.5
(3 ratings)
-
(0 ratings)
Usability
7.0
(2 ratings)
7.3
(2 ratings)
Performance
8.2
(40 ratings)
-
(0 ratings)
Support Rating
8.2
(1 ratings)
-
(0 ratings)
Online Training
8.2
(1 ratings)
-
(0 ratings)
Implementation Rating
8.2
(1 ratings)
-
(0 ratings)
Configurability
8.2
(1 ratings)
-
(0 ratings)
Product Scalability
8.2
(1 ratings)
-
(0 ratings)
User Testimonials
Splunk SOARThreatConnect Threat Intelligence Operations Platform
Likelihood to Recommend
Cisco
Our company has very complex and dynamic security operations because of the large number of security tools and systems that we need to manage and coordinate. Moreover, it helps us to meet many regulatory and compliance requirements because it helps us to automate and document our security operations. We also use it to streamline our security operations and improve our response to potential threats.
PK
Priya Kumar
Security Engineer
Read full review
ThreatConnect
If ThreatConnect is going to be used to create playbooks the required technical knowledge and try and error that is required may not be for everyone. The application provides an app builder capability that is really useful but in order to be used the user needs to have intermediate to advanced programing abilities.
Verified User
Anonymous
Read full review
Pros
Cisco
  • Its security orchestration and integration capability that supports multiple tools.
  • Easy coding that automates our security actions.
  • Enables us to easily collaborate and respond to security issues faster.
  • Splunk SOAR is a flexible product that is easy to deploy.
  • Efficient tracking and monitoring capability.
  • Excellent real-time reporting functionality.
Angelica Cavalli | TrustRadius Reviewer
Angelica Cavalli
Senior Software Engineer
Read full review
ThreatConnect
  • One of the most beneficial features of the ThreatConnect is its ability to automatically enrich IOCs from multiple sources such as VT WHOis and assign a dynamic threat score.
Harshal Pachpande | TrustRadius Reviewer
Read full review
Cons
Cisco
  • A lack of instruction It can be difficult to contact the support staff. Limited experience from current users.
  • It takes some effort to set up and learn new technology at first. More assistance is required from the support staff. The product's price needs to go down.
  • Cost of the larger version.
Pavan sreevatsav Akula | TrustRadius Reviewer
Pavan sreevatsav Akula
Cybersecurity Analyst
Read full review
ThreatConnect
  • Need to have more native (out of the box) integrations
  • Need more focused training courses and certificates
Verified User
Anonymous
Read full review
Likelihood to Renew
Cisco
As we already have a lot of clients being catered with Splunk SOAR and because Splunk SOAR is robust and efficient, we are already using it, and we have understood the product to a certain extent, I feel we are personally more enticed to use and scale it to a lot of business.
Gaurav S | TrustRadius Reviewer
Gaurav S
Senior Security Specialist
Read full review
ThreatConnect
No answers on this topic
Usability
Cisco
Building playbooks through the visual editor is fine for basic tasks, but once you start chaining complex logic or integrating 3rd party APIs you hit a wall that requires deep scripting knowledge.
JP
Julie Pierce
SOC Engineer
Read full review
ThreatConnect
The platform is feature rich in enrichment and multi tenant management additionally have the ease of the use for new analysts or smaller teams.
Harshal Pachpande | TrustRadius Reviewer
Read full review
Performance
Cisco
We are able to automate almost every one of our use cases, even our threat-hunting, and threat intel procedures. We have 20+ playbooks and cover almost everything, even searching logs into Splunk, looking into TIP and external systems, enrichment, and collecting evidence for analysts; it can perform concurrent playbooks running.
Muhammed Ali CETİN | TrustRadius Reviewer
Muhammed Ali CETİN
senior Security Engineer
Read full review
ThreatConnect
No answers on this topic
Support Rating
Cisco
Splunk Support is always great! In addition the Community is very efficient and active.
Giuseppe Cusello | TrustRadius Reviewer
Giuseppe Cusello
GRC Director
Read full review
ThreatConnect
No answers on this topic
In-Person Training
Cisco
I never followed an in-person training, I gave my evaluation based on the online training
Giuseppe Cusello | TrustRadius Reviewer
Giuseppe Cusello
GRC Director
Read full review
ThreatConnect
No answers on this topic
Online Training
Cisco
I followed training for Phantom admins and it opened a world for me
Giuseppe Cusello | TrustRadius Reviewer
Giuseppe Cusello
GRC Director
Read full review
ThreatConnect
No answers on this topic
Implementation Rating
Cisco
I already said that the main key insight is the knowledge of Phantom, so a detailed training for all the people involeved.
Giuseppe Cusello | TrustRadius Reviewer
Giuseppe Cusello
GRC Director
Read full review
ThreatConnect
No answers on this topic
Alternatives Considered
Cisco
Splunk Phantom integrates well with Splunk ES and has many integrations. One thing that I liked about XSOAR as compared to Phantom is that it has an "app-store" where you can download not only app integrations (similar to Phantom) but Playbooks and dashboards as well.
Verified User
Anonymous
Read full review
ThreatConnect
As ThreatConnect Threat Intelligence Operations Platform has a ready HTTP Client App, we can virtually integrate it with any system that supports REST APIs. This gives great room for integration and automation that is not found on other systems.
Verified User
Anonymous
Read full review
Scalability
Cisco
me and the customers I encountered found it flexible and scalable
Giuseppe Cusello | TrustRadius Reviewer
Giuseppe Cusello
GRC Director
Read full review
ThreatConnect
No answers on this topic
Return on Investment
Cisco
  • The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable
  • Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task
Verified User
Anonymous
Read full review
ThreatConnect
  • Playbooks allow for extensive automation of tasks the team would otherwise spend hours on
Verified User
Anonymous
Read full review
ScreenShots

ThreatConnect Threat Intelligence Operations Platform Screenshots

Screenshot of dashboards. The ThreatConnect TI Ops Platform provides customizable dashboards to enable the availability of the right information when needed.Screenshot of Low-code Automation. Automation is critical to operationalizing threat intel. The ThreatConnect TI Ops Platform provides Low-Code Automation to automate everything from simple tasks to complex playbooks.Screenshot of ATT&CK Visualizer. The ATT&CK Visualizer in the ThreatConnect TI Ops Platform enables analysts to visually see and understand attacker behaviors using the MITRE ATT&CK framework.Screenshot of a Threat Graph. The ThreatConnect TI Ops Platform provides interactive tools for analysts, like the Threat Graph, to explore and enrich their threat intel data, uncover new relationships, and to take action with just a couple of clicks.