BlueVoyant MDR

MDR · XDR · Co-Managed SOC

BlueVoyant MDR is a co-managed SOC and MDR service for buyers running Microsoft Sentinel, Defender, Splunk or Cisco XDR. After an alert, BlueVoyant analysts and automation triage, investigate and can take approved containment actions, while the buyer still owns the security stack, rules of engagement, data sources, platform licensing and business remediation.

Service
Co-Managed SOC
Handles
Co-manage the SOC
Price
AWS Marketplace Splunk MDR listing starts at $73,872 per 12 months
  • Co-manage the SOC
  • New York, New York
  • 501-1000
  • Founded 2017
Visit website

Shortlist fit

Microsoft-first teams that want Sentinel and Defender monitored, tuned and operated with outside SOC capacity

Provider handles

Service shares SOC workflow with your team or MSP while you keep control.

Check before buying

Owning the Microsoft, Splunk, Cisco XDR or supported EDR environment used by the service

Also fits

  • Splunk buyers that want MDR delivered in a customer-owned Splunk environment
  • Mid-market and enterprise teams that want to keep their security stack while reducing daily SOC workload
  • Buyers that need provider help with deployment, monitoring and response workflow instead of alert forwarding alone

Can replace

  • Some tier 1 and tier 2 monitoring, triage and investigation work
  • Some Microsoft Sentinel, Defender or Splunk operating and tuning work
  • Some approved endpoint response actions inside supported tools
  • Some after-hours SOC coverage for covered environments

Coverage

Provider covers

  • 24/7 SOC monitoring for supported Microsoft, Splunk and Cisco XDR environments
  • Alert enrichment, triage, investigation and threat hunting using BlueVoyant analysts and automation
  • Microsoft Sentinel, Defender XDR and Defender for Cloud deployment, monitoring and optimization support

Your team still owns

  • Maintaining endpoint, identity, cloud and log-source coverage outside the managed scope
  • Defining rules of engagement and approving sensitive response actions
  • Handling business remediation, recovery, user communication and IT changes outside MDR tooling

Tradeoffs

Works well

  • Clear fit for buyers that want MDR around Microsoft or Splunk rather than a full tool replacement
  • Public materials describe both security monitoring and platform management responsibilities
  • SOC locations in North America, Ireland and the UK support regional coverage needs for many buyers

Watch out for

  • Pricing is mostly quote-based outside the AWS Marketplace Splunk listing
  • Buyers still own Microsoft, Splunk, Cisco or EDR licensing and the quality of connected data sources
  • DFIR, assessments, accelerator work and continuous optimization can be separate from base MDR scope

Reviews

Review synthesis

Gartner review excerpts describe BlueVoyant MDR as helpful for SOC monitoring, actionable alerts, analyst support and investigation context. G2 has too little first-hand review depth for buying conclusions, and Reddit discussion includes Microsoft-oriented recommendations plus caveats about Sentinel detection quality.

Customers like

  • Gartner review excerpts mention actionable alert context and investigation notes
  • Reddit discussion includes recommendations for Microsoft-first buyers considering BlueVoyant
  • Buyers can inspect marketplace packaging for Splunk MDR rather than relying only on a sales page

Watch out for

  • G2 shows one review from a researcher who had not used the service, so it should not drive sentiment
  • Reddit comments are sparse and include a caveat about Sentinel detection rules
  • Gartner public review volume is 7 ratings, far below the largest MDR providers

Pricing

Price
AWS Marketplace Splunk MDR listing starts at $73,872 per 12 months
Billing
Per-endpoint, Tiered, Custom

Questions to ask

  1. Which actions can BlueVoyant take immediately under our rules of engagement, and which actions wait for approval?
  2. Does our quote include Microsoft or Splunk deployment work, ongoing platform engineering, DFIR support and third-party EDR coverage?
  3. How will pricing change with endpoint count, data sources, Sentinel or Splunk consumption, ITSM integration and contract term?

Integrations

SIEM
  • Microsoft Sentinel
  • Splunk Enterprise Security
  • Splunk Cloud Platform
EDR / Endpoint
  • Microsoft Defender for Endpoint
  • Microsoft Defender XDR
  • Supported EDR partners
Cloud
  • Microsoft Azure
  • Microsoft Defender for Cloud
  • AWS
  • Hybrid cloud environments
Other
  • Cisco XDR
  • Microsoft Defender for Cloud
  • Microsoft Sentinel
  • Microsoft 365
  • ITSM ticketing integration through the Wavelength portal when configured
  • Splunk Enterprise Security

Editorial notes

Why co-managed SOC

BlueVoyant's MDR pages and marketplace listings describe 24/7 monitoring, triage, investigation, threat response, platform care, detection content and management inside customer-owned Microsoft or Splunk environments. That is broader than advice-only MDR, but buyers still own the stack, scope, licensing and business remediation.

Containment boundary

Official endpoint material supports quarantine, deletion, allowlisting, blocklisting and remote response activities after investigation. The profile does not treat BlueVoyant as owning every recovery step because response depends on the subscribed service, connected tooling and agreed rules of engagement.

Stack fit

BlueVoyant is most specific around Microsoft Sentinel, Defender, Splunk and Cisco XDR. Buyers using a different SIEM or endpoint stack should verify whether BlueVoyant will operate that tooling directly or require a migration, integration project or partner-supported scope.

Pricing boundary

The AWS Marketplace Splunk MDR listing gives a useful public floor for one packaged service, while Microsoft and general MDR pages remain quote-based. The public price signal should stay tied to Splunk MDR and should not be used as a universal BlueVoyant MDR rate.

Questions

Does BlueVoyant MDR run the SOC for the buyer?
This profile classifies BlueVoyant MDR as Co-manage the SOC. BlueVoyant can operate supported monitoring, investigation, platform and response workflows, but the buyer still owns the security stack, licensing, data-source coverage, rules of engagement and business remediation.
Can BlueVoyant MDR contain threats?
Yes, inside supported tools and agreed scope. Official endpoint material supports actions such as quarantine, deletion, allowlisting, blocklisting and remote response activities after investigation. Buyers should confirm which actions are pre-approved for their environment.
Is BlueVoyant MDR pricing public?
Partly. BlueVoyant does not publish universal MDR list pricing. AWS Marketplace lists MDR for Splunk Enterprise at $73,872 for a 12-month contract, while broader MDR and Microsoft offers remain quote-based.