Skip to content
Z Zendikt
S
SOAR Software · Rank #1 of 10

Splunk SOAR review and pricing

Deepest playbook engine for Splunk-anchored SOCs.

By Cisco / Splunk · Founded 2014 · San Jose, CA · public

Splunk SOAR (formerly Phantom, acquired by Splunk in 2018 for roughly $350M) is the SOAR platform with the deepest playbook engine and the most mature Python-extensible automation framework. The product runs natively alongside Splunk Enterprise Security, which is the single biggest reason mature SOCs continue to choose it. Acquired by Cisco in March 2024 as part of the $28B Splunk deal. Trade-offs: pricing post-Cisco is still settling, the Phantom-to-Splunk SOAR rebrand confused some customers, and Cisco SecureX overlap created roadmap uncertainty that the 2025 SecureX deprecation only partially resolved.

Visit Splunk SOAR Compare to Cortex XSOAR
Best for

Mature SOC teams (10+ analysts) already running Splunk Enterprise Security where deep Python-extensible playbooks are critical and Splunk-native integration is non-negotiable.

Worst for

Non-Splunk SOCs (XSOAR or Tines win), engineering-led teams wanting no-code (Tines, Torq win), or mid-market without Python skills on the security team.

Vendor Trust Score

Is Splunk SOAR a trustworthy vendor?

6.3/10
Mixed
Pricing transparency
Published rates; no hidden fees
4.0
Contract fairness
Reasonable terms; no auto-renew traps
6.0
Incident response
How they handle outages and breaches
8.5
Post-acquisition behavior
Customer treatment after M&A or PE
6.0
Executive stability
Leadership churn over 24 months
7.0
Roadmap honesty
Public commitments held
6.5
Trust signal log
  • 2018-04-09
    Splunk acquired Phantom Cyber for roughly $350M
  • 2024-03-18
    Cisco acquired Splunk for $28B
    Splunk SOAR folded into the Cisco security portfolio alongside SecureX successor strategy.
  • 2025-08-15
    Pricing complexity post-Cisco; multiple pricing models still settling
    Buyers report inconsistent quotes across Cisco and Splunk channel.
Vendor Trust is scored independently of product quality. A great product from an unfair vendor still earns a low trust score.
Review Intelligence

What 320 reviews actually say

Synthesized from G2, Capterra, Reddit, Trustpilot. Patterns >15% prevalence shown.

Last synthesized
2026-04-29

Praise patterns

  • Deepest playbook engine with Python extensibility
    87%
  • Native Splunk ES integration
    78%
  • Mature pre-built playbook library
    64%
  • Battle-tested at Fortune 500 scale
    51%

Complaint patterns

  • Pricing complexity post-Cisco
    71%
  • Phantom-to-Splunk SOAR rebrand caused confusion
    47%
  • Python-first excludes non-developer analysts
    51%
  • Implementation 8-20 weeks at scale
    41%
Sentiment trend (6 months)
78/100 +1 pts
12
01
02
03
04
05
Patterns are extracted from review corpus and human-verified. We surface trends, not anecdotes.
Verified Pricing

What buyers actually pay

87 anonymized deal disclosures · last updated 2026-05-01

Contribute your deal price
Company size Median annual
500-2,000 employees $144,000
2,000-10,000 employees $420,000
Verified pricing is crowdsourced from buyers under anonymity guarantees. Vendor-listed prices are validated against actual deals quarterly.
Compliance & Security

Auto-verified certifications

Verified 2026-05-01
SOC 2 Type II
ISO 27001
HIPAA
GDPR
CCPA
PCI DSS
FedRAMP Authorized

Editorial: Strengths

  • Deepest playbook engine with full Python extensibility
  • Native Splunk Enterprise Security integration (single pane of glass)
  • Mature pre-built playbook library (300+ apps)
  • Battle-tested at Fortune 500 SOC scale
  • Cisco network and observability integration post-2024 acquisition
  • Strong enterprise partner ecosystem

Editorial: Weaknesses

  • Pricing complexity post-Cisco; multiple pricing models still settling
  • Phantom-to-Splunk SOAR rebrand caused customer confusion
  • Cisco SecureX deprecation (2025) created intermediate uncertainty
  • Python-first authoring excludes non-developer security analysts
  • Implementation 8-20 weeks for Fortune 500 deployments
  • Customer support response times flagged through Cisco transition

Key features & integrations

  • +Python-extensible playbook engine
  • +Native Splunk ES integration
  • +300+ pre-built apps and connectors
  • +Visual playbook editor
  • +Case management
  • +Mission Control (unified SecOps workspace)
  • +Custom decision logic
  • +Investigation workflows
300+ integrations
Splunk Enterprise SecurityCisco SecureX successor stackAWSMicrosoft DefenderCrowdStrikeServiceNow
Geography supported
Global
Best fit
1,000-100,000+ employees · Mature Splunk-anchored enterprise SOC
Editorial deep-dive

Read our full ranking of SOAR Software

Splunk SOAR ranks #1 in our editorial review of 10 soar software platforms. The deep-dive covers methodology, comparison tables, decision matrix, migration scoring, and FAQs.

Read the full ranking

Closest alternatives in SOAR Software

#2
Cortex XSOAR
War-chest playbook marketplace, with XSIAM convergence ahead.
★ 4.5 opaque
#3
Tines
No-code automation, security-born, now expanding into IT and engineering.
★ 4.8 partial
#4
Torq
Hyperautomation positioning, founded by the original Demisto team.
★ 4.7 opaque
Help the next buyer

Contribute your verified deal price

Pricing in B2B software is opaque because vendors want it that way. Verified buyer prices fix that, anonymously. Share what you actually paid for Splunk SOAR; we’ll add it to the verified pricing dataset on this page (with company size band only, no identifying details).

Submit anonymously