We performed a comparison between Rapid7 InsightConnect and ServiceNow Security Operations based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"It's pretty powerful and its performance is pretty good."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The tool is stable. The initial setup is straightforward. The product is user-friendly."
"The solution is stable."
"It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities."
"The product has a very simple UI."
"The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user."
"It's stable."
"The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product."
"Reduces time to closure and closure metrics for vulnerabilities."
"It has helped optimize security costs by consolidating multiple tools into one platform."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The only thing is sometimes you can have a false positive."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"The reporting could be more structured."
"The technical support should be improved."
"The threat intelligence module needs a better dashboard."
"Customer awareness and understanding of ServiceNow's SecOps capabilities could be improved."
"The initial setup is difficult."
"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."
"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."
"There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."
"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."
"In future releases, I would like to add a follow-up and reminder feature. For the tickets in our queue, we could set reminders. This would help us prioritize older tickets before moving on to new ones."
More ServiceNow Security Operations Pricing and Cost Advice →
Rapid7 InsightConnect is ranked 23rd in Security Orchestration Automation and Response (SOAR) with 2 reviews while ServiceNow Security Operations is ranked 7th in Security Orchestration Automation and Response (SOAR) with 15 reviews. Rapid7 InsightConnect is rated 8.0, while ServiceNow Security Operations is rated 8.0. The top reviewer of Rapid7 InsightConnect writes "Excellent security orchestration and automation AI features". On the other hand, the top reviewer of ServiceNow Security Operations writes "Mature with nice UI and customizable workflows". Rapid7 InsightConnect is most compared with Palo Alto Networks Cortex XSOAR, ThreatConnect Threat Intelligence Platform (TIP), CrowdStrike Falcon and Splunk SOAR, whereas ServiceNow Security Operations is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, IBM Resilient, Swimlane and Fortinet FortiSOAR. See our Rapid7 InsightConnect vs. ServiceNow Security Operations report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.