We performed a comparison between DFLabs IncMan SOAR and Splunk SOAR based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The Log analytics are useful."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The product can integrate with any device."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The vendors themselves will actually help with any customizations a client may require"
"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."
"The product’s integration with other Splunk products is valuable."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"Very flexible integration with other tools"
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."
"Workflow management is most valuable. It is easily customizable"
"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."
"The product can be improved by reducing the cost to use AI machine learning."
"The on-prem log sources still require a lot of development."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"The support is not 24/7."
"Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch.."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"There is a lot of room for improvement with the UI."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"The scalability could be better."
"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."
Earn 20 points
DFLabs IncMan SOAR is ranked 28th in Security Orchestration Automation and Response (SOAR) while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 33 reviews. DFLabs IncMan SOAR is rated 0.0, while Splunk SOAR is rated 8.0. The top reviewer of DFLabs IncMan SOAR writes "Protects an organization from the threat of a data breach or cyberattack". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". DFLabs IncMan SOAR is most compared with Palo Alto Networks Cortex XSOAR and IBM Resilient, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Siemplify.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.