We compared Splunk SOAR and Tines based on our user reviews across 4 parameters. After reading all of the collected data, you can find our conclusion below.
Splunk SOAR is praised for its competitive pricing, automation capabilities, orchestration functionality, and integration options with various security tools. Users appreciate the platform's reporting and analytics tools, customer service, and positive ROI. Tines is valued for its simplicity, flexibility, automation capabilities, integration options, affordability, and positive ROI. Users highlight the ease of use, customization options, and centralized workflows. Both products have areas for improvement, with Splunk SOAR needing enhancements in user interface, automation workflows, documentation, and integration capabilities, while Tines can improve in certain areas to meet user expectations and satisfaction levels.
Features: Splunk SOAR is praised for its strong automation, customization, and scalability capabilities, along with easy integration with Splunk products. Tines is highlighted for its user-friendly automation features and extensive integrations library, but it may be challenging for new users to learn and could be costly for smaller teams.
Pricing and ROI: Splunk SOAR's setup cost has been deemed reasonable and competitive, with flexible licensing options. In contrast, Tines is lauded for its affordability, straightforward setup process, fair licensing terms, making it an attractive option for users looking for cost-effective solutions. Splunk SOAR's ROI is driven by streamlined operations, reduced response times, and robust automation. Tines' ROI focuses on increased productivity, efficiency, and customizable features for improved outcomes.
Room for Improvement: Splunk SOAR has room for improvement in enhancing user interface, automation workflows, documentation, and integrating third-party tools. Tines could benefit from enhancements to meet user expectations and satisfaction levels.
Deployment and Customer Support: Splunk SOAR's setup process has mixed feedback regarding its complexity and time frame, which can take anywhere from hours to months. Tines stands out for its speedy and straightforward deployment, intuitive interface, and streamlined workflow configuration. While opinions vary on Splunk SOAR's customer service, with some experiencing challenges, Tines is known for providing swift and comprehensive responses, as well as going the extra mile to address issues.
The summary above is based on 24 interviews we conducted recently with Splunk SOAR and Tines users. To access the review's full transcripts, download our report.
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"It helps increase efficiency and productivity."
"Technical support is helpful."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"The customizable playbook is the most valuable aspect of the solution."
"When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved."
"Splunk SOAR's extensive library of pre-built integrations allows it to connect with a vast array of popular security and IT applications, streamlining workflows across our existing security stack."
"Scalability is the best feature of the solution."
"I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work."
"The tool was vendor-neutral."
"The solution could be more user-friendly; some query languages are required to operate it."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."
"The scalability could be better."
"Various aspects of the playbook development process itself can be optimized."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"The cost of Splunk SOAR has room for improvement."
"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks."
"Tines was a little bit more expensive than Torq."
Earn 20 points
Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 33 reviews while Tines is ranked 17th in Security Orchestration Automation and Response (SOAR) with 1 review. Splunk SOAR is rated 8.0, while Tines is rated 8.0. The top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". On the other hand, the top reviewer of Tines writes "Vendor-neutral, increases response time, and enables to reduce staff by 30%". Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Siemplify, whereas Tines is most compared with Torq, Palo Alto Networks Cortex XSOAR, Swimlane and ServiceNow Security Operations.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.