We performed a comparison between Logpoint and Splunk SOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The UI-based analytics are excellent."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Free ingestion for Azure logs (with E5 licence)"
"We have no complaints about the features or functionality."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"It has basic out-of-the-box integrations with multiple log sources."
"The solution is user-friendly."
"The solution's most valuable aspect is the combination of the software and the support that they have."
"They basically charge you in a better way."
"The main advantage of Logpoint is the support service. They reply within ten minutes to an hour to our queries."
"The integration is very user-friendly. There are not many CLI commands. Everything is directly accessible from the web interface."
"The most valuable features are the ones that we use the most, which are the search and report facilities."
"We like the user and entity behaviour analytics (UEBA) and find it valuable."
"The most valuable feature of LogPoint is that they have the SIEM and SOAR combined in one solution. They are not on a separate platform."
"It helps increase efficiency and productivity."
"My understanding is the initial setup isn't too hard."
"I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks."
"The product’s integration with other Splunk products is valuable."
"The automation part of the product is great."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"We were missing visuals and graphics. Recently, a new version seems to have come out, and it has a new graphical user interface. When I was integrating it, it was usable, but the GUI needed improvement."
"The solution should offer more integrations and third-party solutions like incident response platforms or allow access to third-party big data"
"The general public wasn't looking for that type of product unless you had a company that was medical or financial and needed 24-hour responsiveness."
"Dashboards could be developed further."
"Nowadays the trend is going towards the ransomware and the endpoint detection and response. So if they added something for that, that will be very, very good."
"What could be improved in LogPoint is its UI because it's less friendly to users than LogRhythm. The UI could be more aesthetically appealing to users. It's completely outdated."
"LogPoint must find a way to integrate the servers without agents."
"In terms of functionality, it is very good. The only issue is the documentation. Its documentation should be improved."
"The cost of Splunk SOAR has room for improvement."
"The UI can be more customizable for the clients."
"The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."
"The technical support for the Splunk SIEM solution was average."
"Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
"Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much."
Logpoint is ranked 14th in Security Orchestration Automation and Response (SOAR) with 20 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 32 reviews. Logpoint is rated 7.4, while Splunk SOAR is rated 8.0. The top reviewer of Logpoint writes "Good technical support but it is complex to use and resource-heavy". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". Logpoint is most compared with IBM Security QRadar, Elastic Security, Rapid7 InsightIDR, Wazuh and Fortinet FortiSIEM, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Siemplify. See our Logpoint vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.