ServiceNow Security Incident Response supports hundreds of third-party integrations across a wide variety of security products to enrich its data collection of incidents. This includes connecting with many ServiceNow modules for security, network, compliance, asset collection, and other IT-related issues. It works with three AI-based tools: Flow Designer, a visual drag-and-drop workflow creator; Predictive AIOps, for analyzing event logs; and Now Assist, for case management.
Splunk SOAR. Cisco completed its acquisition of Splunk early in 2024 and it now integrates with more than 300 third-party tools and Splunk’s Enterprise Security and Attack Analyzer products. It comes with more than 2,800 prebuilt automated workflows that can be easily tied to playbooks that can be constructed with a visual editor. A future integration is promised with Cisco’s Talos Intelligence threat feed. Splunk has an AI assistant for its Search Processing Language, enabling natural language prompting of queries. Splunk can also be applied to nonsecurity cases such as IT operations.
Swimlane Turbine has a wide catalog of hundreds of third-party integrations to a variety of security tools. This is enabled thanks to support for a variety of connections, including general Rest APIs, webhooks, various telemetry sensors, and business logic tools. Swimlane claims to be the largest independent SOAR provider, meaning that it doesn’t offer any of its own SIEM or XDR companion products. It does have Turbine Canvas, an AI-based low-code automator, and Hero AI, used to automate playbooks for case management. Pricing starts at $720,000 per year, with additional usage fees (such as for AI consumption) on top of this.
