We performed a comparison between Splunk SOAR and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The analytic rule is the most valuable feature."
"The machine learning and artificial intelligence on offer are great."
"The initial setup is very simple and straightforward."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The features that stand out are the detection engine and its integration with multiple data sources."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."
"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."
"My understanding is the initial setup isn't too hard."
"So far, the interface is very easy to use."
"Splunk SOAR's quick response to incidents is the most valuable part."
"Carbon Black insures the probability that any ransomware will be stopped before spreading."
"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts."
"It is nice when you're in a situation where you think someone's device is compromised and that there's some malware getting into your fleet."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"Integration and scalability are the most valuable."
"The ability to quickly isolate a system from the network, while still being able to perform some forensics and mitigation work remotely, was of great value to us since we had many mobile and distributed systems."
"The enhanced logging and data analysis of the incident response and investigation components allowed us to quickly identify and resolve security issues before they could spread."
"The market information they gather from the community is really good. Their configuration capabilities are good."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The solution should allow for a streamlined CI/CD procedure."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"The reporting could be more structured."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Some of the training materials are on a basic level."
"The number of playbooks on offer should be increased."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."
"There is a lot of room for improvement with the UI."
"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks."
"The cost of Splunk SOAR has room for improvement."
"It would be ideal if we could automate processes even more."
"Training and education for both partner and customer, including product marketing need to be improved."
"The dashboard should be more user-friendly."
"Setup is incredibly complex and poorly documented. Every time an upgrade was needed we would need to engage Professional Services for troubleshooting help. Certificates and web services proved to be the most significant sticking points. Since the product runs on a Linux platform, perhaps having staff with more Linux experience could have alleviated some difficulty."
"Technical support for the solution should be improved because there is a scarcity of support teams in the Middle East."
"The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time."
"The product detects too many false positives initially and it could integrate better with other security solutions."
"The biggest issue I encountered was one where old logs were not being overwritten as expected so the system drive kept filling up from time to time. However, support was usually quite responsive and happy to jump on a remote session to take a look at it for us. That log bug has probably been resolved with an update by now."
"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."
Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 32 reviews while VMware Carbon Black Cloud is ranked 2nd in Security Incident Response with 18 reviews. Splunk SOAR is rated 8.0, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Cisco SecureX, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate, Palo Alto Networks Cortex XSOAR and Rapid7 InsightIDR.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.