We performed a comparison between Fortinet FortiSOAR and Splunk SOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The connectivity and analytics are great."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The good news is that FortiSOAR is not hard to maintain. If you prepared well and deployed strong initially, then maintenance will take half an hour every other week, not more than that. A single person can do it."
"It is a scalable solution...The implementation phase of the product was not tough or difficult."
"The reputation of the brand is very good."
"The most valuable feature of Fortinet FortiSOAR is the number of available connectors and the simplicity to start to automate."
"The product can be automated for network security purposes. The solution offers a great security automation response."
"We use the product for security."
"It has a quick detection and response time."
"It's great that the solution is integrated with FortiAnalyzer."
"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."
"Splunk SOAR's quick response to incidents is the most valuable part."
"The most valuable feature of Splunk SOAR that stands out is it has a great SOAR. The automation and orchestration module is highly mature. A lot of use cases are on user entity and behavioral analytics (UEBA), which is artificial intelligence and machine learning-based (AIML)."
"The automation part of the product is great."
"Technical support is helpful."
"My understanding is the initial setup isn't too hard."
"Workflow management is most valuable. It is easily customizable"
"So far, the interface is very easy to use."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"We'd like also a better ticketing system, which is older."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"The solution could be more user-friendly; some query languages are required to operate it."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Technical support could be improved."
"Fortinet FortiSOAR should add more documentation for some use cases."
"The UI design of the solution needs to be changed since it can get difficult for a newbie to operate."
"Fortinet's tech support overall is not great when they are at their best."
"The solution doesn't connect well with the network devices."
"I have found that Fortinet FortiSOAR needs a lot of improvement. The Orchestration needs to be improved."
"I don't currently see where the solution is lacking features. For us and for our clients it works very well and we're pleased with it."
"The technology and integrations are important so should continue to be enhanced."
"We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them."
"It would be ideal if we could automate processes even more."
"Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient."
"The algorithm and machine learning have room for improvement and can be more user-friendly."
"There is a lot of room for improvement with the UI."
"Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers."
"Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much."
"We've run into a few minor issues. Some of the playbook writing is a bit complicated. We've had a few hiccups with the source control. We'd really like to use GitHub deployment keys for a dedicated account. We haven't been able to do that. I think those are some of the major ones."
Fortinet FortiSOAR is ranked 10th in Security Orchestration Automation and Response (SOAR) with 12 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 32 reviews. Fortinet FortiSOAR is rated 7.4, while Splunk SOAR is rated 8.0. The top reviewer of Fortinet FortiSOAR writes "A stable solution that has a number of available connectors and is simple to automate". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". Fortinet FortiSOAR is most compared with Palo Alto Networks Cortex XSOAR, Swimlane, Cisco SecureX, IBM Resilient and SECDO Platform, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Cisco SecureX. See our Fortinet FortiSOAR vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.