We performed a comparison between IBM Resilient and Splunk SOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"It is a stable solution...It is a scalable solution."
"The solution is reliable in our usage."
"It's really simple and has a flexible interface."
"The solution is simple to use and to integrate with IBM QRadar."
"Its flexibility is the most valuable."
"This is a good solution that we recommend for customers."
"The solution is very easy to use."
"Stability-wise, I rate the solution a ten out of ten...Scalability-wise, I rate the solution a ten out of ten."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"It helps increase efficiency and productivity."
"I'm just a beginner on the solution and it's pretty easy for me to use."
"Scalability is the best feature of the solution."
"When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved."
"The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable."
"I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work."
"The product’s integration with other Splunk products is valuable."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"The solution should allow for a streamlined CI/CD procedure."
"The ability to analyze incidents needs to be improved in the solution."
"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution."
"What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products."
"IBM Resilient could integrate better with my tools."
"The implementation could be a bit simpler."
"The product needs a bit more development."
"IBM Resilient is quite complex, including its configuration."
"The product must provide more integration with other tools."
"The algorithm and machine learning have room for improvement and can be more user-friendly."
"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"The UI can be more customizable for the clients."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
IBM Resilient is ranked 7th in Security Orchestration Automation and Response (SOAR) with 17 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. IBM Resilient is rated 7.6, while Splunk SOAR is rated 8.0. The top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, ServiceNow Security Operations, Fortinet FortiSOAR, IBM Security QRadar and IBM Cloud Pak for Security, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Cisco SecureX. See our IBM Resilient vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.