We performed a comparison between ServiceNow Security Operations and Splunk SOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Log aggregation and data connectors are the most valuable features."
"The automation feature is valuable."
"We have no complaints about the features or functionality."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"ServiceNow Security Operations also takes care of GRC, governance, risk and compliance, enabling it to provide risk assessment."
"The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product."
"Reduces time to closure and closure metrics for vulnerabilities."
"Integration to other security tools allows for a consolidated view of all vulnerabilities, incidents, etc. for all sorts of leverage in a single platform to assess governance risk and compliance as well as an enhanced, enriched intelligence."
"What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution. ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes."
"It's stable."
"The solution is stable."
"It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities."
"The automation part of the product is great."
"The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"The customizable playbook is the most valuable aspect of the solution."
"I'm just a beginner on the solution and it's pretty easy for me to use."
"My understanding is the initial setup isn't too hard."
"Very flexible integration with other tools"
"I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"The only thing is sometimes you can have a false positive."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"It's very slow. When you click a button or update a field, it takes forever to actually react."
"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."
"The threat intelligence module needs a better dashboard."
"It doesn't interact with things very well."
"There is room for improvement in terms of developer support and documentation."
"The product is called SecOps, but it is not security operations in terms of SIEM solutions."
"An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate. As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution."
"In future releases, I would like to add a follow-up and reminder feature. For the tickets in our queue, we could set reminders. This would help us prioritize older tickets before moving on to new ones."
"And most of the challenges that I have faced with the solution can be found in the documentation itself."
"Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers."
"Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch.."
"It would be ideal if we could automate processes even more."
"The technical support for the Splunk SIEM solution was average."
"The number of playbooks on offer should be increased."
"We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them."
"There is a lot of room for improvement with the UI."
More ServiceNow Security Operations Pricing and Cost Advice →
ServiceNow Security Operations is ranked 8th in Security Orchestration Automation and Response (SOAR) with 14 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. ServiceNow Security Operations is rated 8.0, while Splunk SOAR is rated 8.0. The top reviewer of ServiceNow Security Operations writes "Mature with nice UI and customizable workflows". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". ServiceNow Security Operations is most compared with Palo Alto Networks Cortex XSOAR, IBM Resilient, Swimlane, Fortinet FortiSOAR and ThreatConnect Threat Intelligence Platform (TIP), whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, Torq, Tines and Cisco SecureX. See our ServiceNow Security Operations vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.