• Home
  • AWS Security Hub vs. Splunk SOAR

AWS Security Hub vs Splunk SOAR comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo
Microsoft Sentinel
Read 86 Microsoft Sentinel reviews
17,715 views|9,994 comparisons
92% willing to recommend
Amazon Web Services (AWS) Logo
AWS Security Hub
Read 17 AWS Security Hub reviews
6,134 views|5,135 comparisons
89% willing to recommend
Splunk Logo
Splunk SOAR
Read 32 Splunk SOAR reviews
6,537 views|3,915 comparisons
86% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
AWS Security Hub vs. Splunk SOAR
May 2024
Executive Summary

We performed a comparison between AWS Security Hub and Splunk SOAR based on real PeerSpot user reviews.

Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed AWS Security Hub vs. Splunk SOAR Report (Updated: May 2024).
Download the complete report
772,567 professionals have used our research since 2012.
Featured Review
Sachin Paul
Researched Splunk SOAR but chose Microsoft Sentinel: Makes data integration very easy for our SOC
It enables data integration within our hybrid, multi-cloud environment, and it makes this data integration very easy for our security operations... Read more →
Anonymous User
A centralized dashboard that enables efficient monitoring and management of possible security issues
Volodymyr-Savov
Is user-friendly, integrates well, and is stable
Splunk SOAR's UI is user-friendly for managing workflows. The integration of Splunk SOAR is good. When we implemented Splunk SOAR we were able to... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running.""I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products.""It has a lot of great features.""The machine learning and artificial intelligence on offer are great.""The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us.""Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly.""You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer.""Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."

More Microsoft Sentinel Pros →

"Very good at detection and providing real-time alerts.""The solution shows us our compliance score.""The best feature of AWS Security Hub is that you can get compliance or your cloud's current security posture.""Easily integrates with third-party tools""I really like the seamless integration with the AWS account structure. It can even be made mandatory as part of the landing zone. These are great features. And there's a single pane of glass for the entire account.""The most valuable feature of the solution stems from the fact that it is easy to manage...It is a scalable solution.""Finding out if your infrastructure is secure is a valuable feature.""AWS Security Hub has very good integration features. It allows for AWS native services integration, and it helps us to integrate some of the services outside of AWS. They have partners, such as Amazon Preferred Network Partners (APN). If you have different security tools around APN, we can integrate those findings with AWS Security Hub reducing the need to refer to different portals or different UIs. You can have AWS Security Hub act as a single common go-to dashboard."

More AWS Security Hub Pros →

"Very flexible integration with other tools""The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need.""So far, the interface is very easy to use.""Workflow management is most valuable. It is easily customizable""When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved.""It has definitely saved a decent amount of time for our analysts so they can focus on other tasks.""It helps increase efficiency and productivity.""The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time."

More Splunk SOAR Pros →

Cons
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook.""Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs.""The reporting could be more structured.""There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it.""If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement.""When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel""The solution could be more user-friendly; some query languages are required to operate it.""Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."

More Microsoft Sentinel Cons →

"Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility.""The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach.""The solution should be easier to learn and use""Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub.""The support must be quicker.""The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results.""We need more granular-level customizations to enable or disable the rules in AWS Security Hub.""AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."

More AWS Security Hub Cons →

"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap.""The number of playbooks on offer should be increased.""We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them.""Splunk's support for integration is subpar and has room for improvement.""The algorithm and machine learning have room for improvement and can be more user-friendly.""The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement.""And most of the challenges that I have faced with the solution can be found in the documentation itself.""The technical support for the Splunk SIEM solution was average."

More Splunk SOAR Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "The price of the solution is not very competitive but it is reasonable."
  • "The price of AWS Security Hub is average compared to other solutions."
  • "The pricing is fine. It is not an expensive tool."
  • "AWS Security Hub's pricing is pretty reasonable."
  • "There are multiple subscription models, like yearly, monthly, and packaged."
  • "AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
  • "Security Hub is not an expensive solution."

    • More AWS Security Hub Pricing and Cost Advice →

  • "I don't know the exact price, but for my region, it is very expensive."
  • "In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
  • "It's very overpriced because it is based on the number of users. There is no bulk licensing."
  • "Splunk SOAR is more expensive compared to other options for SOAR."
  • "The licensing cost is reasonable."
  • "When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
  • "Splunk SOAR is an expensive solution for an organization of our size."
  • "The cost is high and the licensing is on an annual basis."

    • More Splunk SOAR Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
    See Recommendations
    772,567 professionals have used our research since 2012.
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    What do you like most about AWS Security Hub?
    Top Answer:The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances… more »
    Read all 12 answers   →
    What needs improvement with AWS Security Hub?
    Top Answer:We are facing some cost-related issues with the solution. We integrated a couple of services into AWS Security Hub, and… more »
    Read all 12 answers   →
    What is your primary use case for AWS Security Hub?
    Top Answer:We use AWS Security Hub for cloud security posture management and automated remediation.
    Read all 12 answers   →
    What do you like most about Splunk Phantom?
    Top Answer:Splunk SOAR's quick response to incidents is the most valuable part.
    Read all 20 answers   →
    What is your experience regarding pricing and costs for Splunk Phantom?
    Top Answer:The cost is high and the licensing is on an annual basis.
    Read all 18 answers   →
    What needs improvement with Splunk Phantom?
    Top Answer:The cost of Splunk SOAR has room for improvement.
    Read all 19 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    Phantom
    Learn More
    Microsoft
    Amazon Web Services (AWS)
    Splunk
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    AWS Security Hub is a comprehensive security service that provides a centralized view of security alerts and compliance status across an AWS environment. It collects data from various AWS services, partner solutions, and AWS Marketplace products to provide a holistic view of security posture. With Security Hub, users can quickly identify and prioritize security issues, automate compliance checks, and streamline remediation efforts. 

    The service offers a range of features including continuous monitoring, threat intelligence integration, and customizable dashboards. It also provides automated insights and recommendations to help users improve their security posture. Security Hub integrates with other AWS services like Amazon GuardDuty, AWS Config, and AWS Macie to provide a unified security experience. Additionally, it supports integration with third-party security tools through its API, allowing users to leverage their existing security investments. 

    With its user-friendly interface and powerful capabilities, AWS Security Hub is a valuable tool for organizations looking to enhance their security and compliance posture in the cloud.

    Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

    Go from overwhelmed to in-control

    Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

    Force multiply your team

    Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

    From 30 minutes to 30 seconds

    Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

    End-to-end security operations made easy

    Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Edmunds, Frame.io, GoDaddy, Realtor.com
    Recorded Future, Blackstone
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Comms Service Provider8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Computer Software Company23%
    Financial Services Firm15%
    Non Profit8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm12%
    Manufacturing Company8%
    Government7%
    REVIEWERS
    Financial Services Firm35%
    Computer Software Company18%
    University12%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm14%
    Computer Software Company14%
    Manufacturing Company10%
    Government10%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business41%
    Midsize Enterprise18%
    Large Enterprise41%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise13%
    Large Enterprise64%
    REVIEWERS
    Small Business29%
    Midsize Enterprise18%
    Large Enterprise53%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise13%
    Large Enterprise69%
    Buyer's Guide
    AWS Security Hub vs. Splunk SOAR
    May 2024
    Free Report: AWS Security Hub vs. Splunk SOAR
    Find out what your peers are saying about AWS Security Hub vs. Splunk SOAR and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    772,567 professionals have used our research since 2012.

    AWS Security Hub is ranked 5th in Security Orchestration Automation and Response (SOAR) with 17 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 32 reviews. AWS Security Hub is rated 7.6, while Splunk SOAR is rated 8.0. The top reviewer of AWS Security Hub writes "A centralized dashboard that enables efficient monitoring and management of possible security issues". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". AWS Security Hub is most compared with Prisma Cloud by Palo Alto Networks, Wiz, Microsoft Defender for Cloud, Google Chronicle Suite and Oracle Security Monitoring and Analytics Cloud Service, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Exabeam Fusion SIEM. See our AWS Security Hub vs. Splunk SOAR report.

    See our list of best Security Orchestration Automation and Response (SOAR) vendors.

    We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.