We performed a comparison between ThreatConnect Threat Intelligence Platform (TIP) and ThreatQ based on real PeerSpot user reviews.
Find out what your peers are saying about Recorded Future, Check Point Software Technologies, Microsoft and others in Threat Intelligence Platforms."The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The pricing of the product is excellent."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"ThreatConnect has a highly user-friendly interface."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
"The most valuable features are ease of use and the ability to customize it."
"The product automatically generated a threat score based on the maliciousness of an IP."
More ThreatConnect Threat Intelligence Platform (TIP) Pros →
"Integrating the solution with our existing security tools and workflows was easy."
"The reporting services are great. With reporting services, if you have customers that just visit a URL you can see the result - including why it's blocked and how and how the URL was first recognized as malicious."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"The troubleshooting has room for improvement."
"Integration is an area that could use some improvement."
"They should make it a little bit easier to generate events and share them with the community"
"It would be good to have more feeds and more integrated sources for enrichment."
"I couldn’t get any training videos online when I was working with the tool."
More ThreatConnect Threat Intelligence Platform (TIP) Cons →
"The solution should be simpler for the end-user in terms of reporting and navigating the product."
"The tool is not user-friendly."
More ThreatConnect Threat Intelligence Platform (TIP) Pricing and Cost Advice →
ThreatConnect Threat Intelligence Platform (TIP) is ranked 4th in Threat Intelligence Platforms with 4 reviews while ThreatQ is ranked 12th in Threat Intelligence Platforms with 2 reviews. ThreatConnect Threat Intelligence Platform (TIP) is rated 8.0, while ThreatQ is rated 7.0. The top reviewer of ThreatConnect Threat Intelligence Platform (TIP) writes "The tool could be integrated into any environment, but it was expensive, and the deployment process was complex". On the other hand, the top reviewer of ThreatQ writes "Improves the threat intelligence gathering process, but it is not user-friendly". ThreatConnect Threat Intelligence Platform (TIP) is most compared with Anomali ThreatStream, Recorded Future, Palo Alto Networks Cortex XSOAR, Anomali Match and Splunk SOAR, whereas ThreatQ is most compared with Anomali ThreatStream, Recorded Future and Palo Alto Networks Cortex XSOAR.
See our list of best Threat Intelligence Platforms vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Threat Intelligence Platforms reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
