We performed a comparison between Microsoft Sentinel and Splunk SOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The machine learning and artificial intelligence on offer are great."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"It's pretty powerful and its performance is pretty good."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"It has basic out-of-the-box integrations with multiple log sources."
"The automation part of the product is great."
"It helps increase efficiency and productivity."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"The product’s integration with other Splunk products is valuable."
"The customization continues to be excellent."
"My understanding is the initial setup isn't too hard."
"I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The reporting could be more structured."
"Splunk SOAR should improve its ease of upgrade, which is a pain point for us right now."
"Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch.."
"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"The technical support for the Splunk SIEM solution was average."
"The scalability could be better."
"And most of the challenges that I have faced with the solution can be found in the documentation itself."
"The cost of Splunk SOAR has room for improvement."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
Microsoft Sentinel is ranked 1st in Security Orchestration Automation and Response (SOAR) with 85 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. Microsoft Sentinel is rated 8.2, while Splunk SOAR is rated 8.0. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Elastic Security, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Cisco SecureX. See our Microsoft Sentinel vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.