We compared Splunk SOAR and Tines based on our user reviews across 4 parameters. After reading all of the collected data, you can find our conclusion below.
Splunk SOAR is praised for its competitive pricing, automation capabilities, orchestration functionality, and integration options with various security tools. Users appreciate the platform's reporting and analytics tools, customer service, and positive ROI. Tines is valued for its simplicity, flexibility, automation capabilities, integration options, affordability, and positive ROI. Users highlight the ease of use, customization options, and centralized workflows. Both products have areas for improvement, with Splunk SOAR needing enhancements in user interface, automation workflows, documentation, and integration capabilities, while Tines can improve in certain areas to meet user expectations and satisfaction levels.
Features: Splunk SOAR is praised for its strong automation, customization, and scalability capabilities, along with easy integration with Splunk products. Tines is highlighted for its user-friendly automation features and extensive integrations library, but it may be challenging for new users to learn and could be costly for smaller teams.
Pricing and ROI: Splunk SOAR's setup cost has been deemed reasonable and competitive, with flexible licensing options. In contrast, Tines is lauded for its affordability, straightforward setup process, fair licensing terms, making it an attractive option for users looking for cost-effective solutions. Splunk SOAR's ROI is driven by streamlined operations, reduced response times, and robust automation. Tines' ROI focuses on increased productivity, efficiency, and customizable features for improved outcomes.
Room for Improvement: Splunk SOAR has room for improvement in enhancing user interface, automation workflows, documentation, and integrating third-party tools. Tines could benefit from enhancements to meet user expectations and satisfaction levels.
Deployment and Customer Support: Splunk SOAR's setup process has mixed feedback regarding its complexity and time frame, which can take anywhere from hours to months. Tines stands out for its speedy and straightforward deployment, intuitive interface, and streamlined workflow configuration. While opinions vary on Splunk SOAR's customer service, with some experiencing challenges, Tines is known for providing swift and comprehensive responses, as well as going the extra mile to address issues.
The summary above is based on 24 interviews we conducted recently with Splunk SOAR and Tines users. To access the review's full transcripts, download our report.
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The features that stand out are the detection engine and its integration with multiple data sources."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"While Microsoft Sentinel provides a log of security events, its true power lies in its integration with Microsoft Defender."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me."
"It helps increase efficiency and productivity."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"The customization continues to be excellent."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"The most valuable feature is the risk-based access control."
"I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful."
"When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved."
"The tool was vendor-neutral."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Sentinel's reporting is complex and can be more user-friendly."
"The AI capabilities must be improved."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"The scalability could be better."
"We've run into a few minor issues. Some of the playbook writing is a bit complicated. We've had a few hiccups with the source control. We'd really like to use GitHub deployment keys for a dedicated account. We haven't been able to do that. I think those are some of the major ones."
"There is a lot of room for improvement with the UI."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
"Portability is one thing that is currently lacking. The open-source product that I evaluated had portability. It would require a lot of development effort, but it will save the cost of rewriting all the playbooks."
"The algorithm and machine learning have room for improvement and can be more user-friendly."
"The number of playbooks on offer should be increased."
"Splunk SOAR should improve its ease of upgrade, which is a pain point for us right now."
"Tines was a little bit more expensive than Torq."
Earn 20 points
Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 32 reviews while Tines is ranked 17th in Security Orchestration Automation and Response (SOAR) with 1 review. Splunk SOAR is rated 8.0, while Tines is rated 8.0. The top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". On the other hand, the top reviewer of Tines writes "Vendor-neutral, increases response time, and enables to reduce staff by 30%". Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Siemplify, whereas Tines is most compared with Torq, Palo Alto Networks Cortex XSOAR, Swimlane and ServiceNow Security Operations.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
