We performed a comparison between Fortinet FortiSOAR and Splunk SOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The connectivity and analytics are great."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"It has a quick detection and response time."
"It's great that the solution is integrated with FortiAnalyzer."
"The initial setup is straightforward."
"The reputation of the brand is very good."
"The good news is that FortiSOAR is not hard to maintain. If you prepared well and deployed strong initially, then maintenance will take half an hour every other week, not more than that. A single person can do it."
"Fortinet FortiSOAR is a very interactive and user-friendly solution."
"We use the product for security."
"The most valuable feature of Fortinet FortiSOAR is the playbook, which has to be defined to apply the policies."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"The automation part of the product is great."
"Splunk SOAR's quick response to incidents is the most valuable part."
"It's pretty easy when it comes to setting up assets. If you want to fetch emails or call a REST API, you can set up an asset and grab that information."
"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."
"The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools."
"So far, the interface is very easy to use."
"I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Sentinel's reporting is complex and can be more user-friendly."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The UI design of the solution needs to be changed since it can get difficult for a newbie to operate."
"I have found that Fortinet FortiSOAR needs a lot of improvement. The Orchestration needs to be improved."
"Fortinet FortiSOAR should add more documentation for some use cases."
"The solution doesn't connect well with the network devices."
"Technical support could be improved."
"Fortinet FortiSOAR's dashboard is not easy to understand."
"I don't currently see where the solution is lacking features. For us and for our clients it works very well and we're pleased with it."
"The solution’s pricing could be improved."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch.."
"The number of playbooks on offer should be increased."
"We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them."
"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration."
"Splunk's support for integration is subpar and has room for improvement."
Fortinet FortiSOAR is ranked 10th in Security Orchestration Automation and Response (SOAR) with 12 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. Fortinet FortiSOAR is rated 7.4, while Splunk SOAR is rated 8.0. The top reviewer of Fortinet FortiSOAR writes "A stable solution that has a number of available connectors and is simple to automate". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". Fortinet FortiSOAR is most compared with Palo Alto Networks Cortex XSOAR, Swimlane, ServiceNow Security Operations, Cisco SecureX and SECDO Platform, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Cisco SecureX. See our Fortinet FortiSOAR vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.