We performed a comparison between Fortinet FortiSOAR and Splunk SOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The Log analytics are useful."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The connectivity and analytics are great."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"We have no complaints about the features or functionality."
"It's great that the solution is integrated with FortiAnalyzer."
"It has a quick detection and response time."
"The reputation of the brand is very good."
"The solution is easy to implement and includes 450 built-in connectors."
"Fortinet FortiSOAR is a very interactive and user-friendly solution."
"The initial setup is straightforward."
"The most valuable feature of Fortinet FortiSOAR is the playbook, which has to be defined to apply the policies."
"The most valuable feature of Fortinet FortiSOAR is the number of available connectors and the simplicity to start to automate."
"I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks."
"The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me."
"The most valuable feature of Splunk SOAR that stands out is it has a great SOAR. The automation and orchestration module is highly mature. A lot of use cases are on user entity and behavioral analytics (UEBA), which is artificial intelligence and machine learning-based (AIML)."
"I'm just a beginner on the solution and it's pretty easy for me to use."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."
"I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work."
"It's pretty easy when it comes to setting up assets. If you want to fetch emails or call a REST API, you can set up an asset and grab that information."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The solution should allow for a streamlined CI/CD procedure."
"I would like to be able to monitor applications outside of the Azure Cloud."
"The AI capabilities must be improved."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"We are invoiced according to the amount of data generated within each log."
"I think the number one area of improvement for Sentinel would be the cost."
"The solution doesn't connect well with the network devices."
"Fortinet FortiSOAR's dashboard is not easy to understand."
"Fortinet FortiSOAR should improve its analysis."
"Fortinet FortiSOAR should add more documentation for some use cases."
"Technical support could be improved."
"The technology and integrations are important so should continue to be enhanced."
"The UI design of the solution needs to be changed since it can get difficult for a newbie to operate."
"The area that needs improvement is integration with multiple third-party vendors."
"And most of the challenges that I have faced with the solution can be found in the documentation itself."
"The technical support for the Splunk SIEM solution was average."
"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."
"Splunk's support for integration is subpar and has room for improvement."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
"The scalability could be better."
"I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region."
"Portability is one thing that is currently lacking. The open-source product that I evaluated had portability. It would require a lot of development effort, but it will save the cost of rewriting all the playbooks."
Fortinet FortiSOAR is ranked 10th in Security Orchestration Automation and Response (SOAR) with 12 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 32 reviews. Fortinet FortiSOAR is rated 7.4, while Splunk SOAR is rated 8.0. The top reviewer of Fortinet FortiSOAR writes "A stable solution that has a number of available connectors and is simple to automate". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". Fortinet FortiSOAR is most compared with Palo Alto Networks Cortex XSOAR, Swimlane, ServiceNow Security Operations, IBM Resilient and Cisco SecureX, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Siemplify. See our Fortinet FortiSOAR vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.