We performed a comparison between Fortinet FortiSOAR and Splunk SOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The Log analytics are useful."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The machine learning and artificial intelligence on offer are great."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"We use the product for security."
"The most valuable feature of Fortinet FortiSOAR is the playbook, which has to be defined to apply the policies."
"The good news is that FortiSOAR is not hard to maintain. If you prepared well and deployed strong initially, then maintenance will take half an hour every other week, not more than that. A single person can do it."
"The reputation of the brand is very good."
"The product can be automated for network security purposes. The solution offers a great security automation response."
"It is a scalable solution...The implementation phase of the product was not tough or difficult."
"It has a quick detection and response time."
"It's great that the solution is integrated with FortiAnalyzer."
"I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful."
"I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"The customization continues to be excellent."
"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."
"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."
"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The reporting could be more structured."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"We are invoiced according to the amount of data generated within each log."
"Fortinet FortiSOAR should improve its analysis."
"The UI design of the solution needs to be changed since it can get difficult for a newbie to operate."
"The technology and integrations are important so should continue to be enhanced."
"Fortinet's tech support overall is not great when they are at their best."
"The area that needs improvement is integration with multiple third-party vendors."
"I have found that Fortinet FortiSOAR needs a lot of improvement. The Orchestration needs to be improved."
"I don't currently see where the solution is lacking features. For us and for our clients it works very well and we're pleased with it."
"Technical support could be improved."
"The cost of Splunk SOAR has room for improvement."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
"Some of the training materials are on a basic level."
"And most of the challenges that I have faced with the solution can be found in the documentation itself."
"We've run into a few minor issues. Some of the playbook writing is a bit complicated. We've had a few hiccups with the source control. We'd really like to use GitHub deployment keys for a dedicated account. We haven't been able to do that. I think those are some of the major ones."
"The technical support for the Splunk SIEM solution was average."
"Splunk's support for integration is subpar and has room for improvement."
Fortinet FortiSOAR is ranked 10th in Security Orchestration Automation and Response (SOAR) with 11 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. Fortinet FortiSOAR is rated 7.4, while Splunk SOAR is rated 8.0. The top reviewer of Fortinet FortiSOAR writes "A stable solution that has a number of available connectors and is simple to automate". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". Fortinet FortiSOAR is most compared with Palo Alto Networks Cortex XSOAR, Swimlane, Cisco SecureX, ServiceNow Security Operations and SECDO Platform, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Cisco SecureX. See our Fortinet FortiSOAR vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.