Many organizations have two problems: They have SIEM and EDR tools that are not integrated. To solve these problems they buy yet another tool, such as a SOAR platform to integrate and orchestrate these tools. Now they have three problems.
While SOAR platforms promise amazing automation and orchestration capabilities, they still require that the tools integrated into the platform be properly configured and tuned, and many of the SOAR platforms themselves are incredibly complex systems. They more resemble a development platform than a simple drag-and-drop interface.
To implement a SOAR platform requires a team that is proficient in programming languages, understand the API integrations of the various security tools, as well as clearly defined security processes and playbooks. Most organizations lack the resources and tools to deploy and manage a SIEM and EDR, and the addition of SOAR only increases the complexity.