We compared Splunk SOAR and Tines based on our user reviews across 4 parameters. After reading all of the collected data, you can find our conclusion below.
Splunk SOAR is praised for its competitive pricing, automation capabilities, orchestration functionality, and integration options with various security tools. Users appreciate the platform's reporting and analytics tools, customer service, and positive ROI. Tines is valued for its simplicity, flexibility, automation capabilities, integration options, affordability, and positive ROI. Users highlight the ease of use, customization options, and centralized workflows. Both products have areas for improvement, with Splunk SOAR needing enhancements in user interface, automation workflows, documentation, and integration capabilities, while Tines can improve in certain areas to meet user expectations and satisfaction levels.
Features: Splunk SOAR is praised for its strong automation, customization, and scalability capabilities, along with easy integration with Splunk products. Tines is highlighted for its user-friendly automation features and extensive integrations library, but it may be challenging for new users to learn and could be costly for smaller teams.
Pricing and ROI: Splunk SOAR's setup cost has been deemed reasonable and competitive, with flexible licensing options. In contrast, Tines is lauded for its affordability, straightforward setup process, fair licensing terms, making it an attractive option for users looking for cost-effective solutions. Splunk SOAR's ROI is driven by streamlined operations, reduced response times, and robust automation. Tines' ROI focuses on increased productivity, efficiency, and customizable features for improved outcomes.
Room for Improvement: Splunk SOAR has room for improvement in enhancing user interface, automation workflows, documentation, and integrating third-party tools. Tines could benefit from enhancements to meet user expectations and satisfaction levels.
Deployment and Customer Support: Splunk SOAR's setup process has mixed feedback regarding its complexity and time frame, which can take anywhere from hours to months. Tines stands out for its speedy and straightforward deployment, intuitive interface, and streamlined workflow configuration. While opinions vary on Splunk SOAR's customer service, with some experiencing challenges, Tines is known for providing swift and comprehensive responses, as well as going the extra mile to address issues.
The summary above is based on 24 interviews we conducted recently with Splunk SOAR and Tines users. To access the review's full transcripts, download our report.
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The features that stand out are the detection engine and its integration with multiple data sources."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"We have no complaints about the features or functionality."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Scalability is the best feature of the solution."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools."
"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"It's pretty easy when it comes to setting up assets. If you want to fetch emails or call a REST API, you can set up an asset and grab that information."
"Splunk SOAR's quick response to incidents is the most valuable part."
"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."
"The tool was vendor-neutral."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The on-prem log sources still require a lot of development."
"And most of the challenges that I have faced with the solution can be found in the documentation itself."
"The algorithm and machine learning have room for improvement and can be more user-friendly."
"The number of playbooks on offer should be increased."
"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks."
"There is a lot of room for improvement with the UI."
"We've run into a few minor issues. Some of the playbook writing is a bit complicated. We've had a few hiccups with the source control. We'd really like to use GitHub deployment keys for a dedicated account. We haven't been able to do that. I think those are some of the major ones."
"It could be easier to implement."
"The scalability could be better."
"Tines was a little bit more expensive than Torq."
Earn 20 points
Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 32 reviews while Tines is ranked 24th in Security Orchestration Automation and Response (SOAR) with 1 review. Splunk SOAR is rated 8.0, while Tines is rated 8.0. The top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". On the other hand, the top reviewer of Tines writes "Vendor-neutral, increases response time, and enables to reduce staff by 30%". Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Siemplify, whereas Tines is most compared with Torq, Palo Alto Networks Cortex XSOAR, Swimlane and ServiceNow Security Operations.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
