We performed a comparison between Splunk SOAR and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."It has a lot of great features."
"The pricing of the product is excellent."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"My understanding is the initial setup isn't too hard."
"I'm just a beginner on the solution and it's pretty easy for me to use."
"Splunk SOAR's quick response to incidents is the most valuable part."
"Workflow management is most valuable. It is easily customizable"
"I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work."
"When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved."
"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"The enhanced logging and data analysis of the incident response and investigation components allowed us to quickly identify and resolve security issues before they could spread."
"Integration and scalability are the most valuable."
"The market information they gather from the community is really good. Their configuration capabilities are good."
"VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"The solution does very well as a baseline EDR and provides good process-level management."
"The most valuable features are its lightweight design, ensuring minimal impact on end-users, and its real-time protection."
"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts."
"The solution could be more user-friendly; some query languages are required to operate it."
"We'd like to see more connectors."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"We'd like also a better ticketing system, which is older."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"There is a lot of room for improvement with the UI."
"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"The UI can be more customizable for the clients."
"And most of the challenges that I have faced with the solution can be found in the documentation itself."
"The scalability could be better."
"In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration."
"Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much."
"The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."
"Technical support for the solution should be improved because there is a scarcity of support teams in the Middle East."
"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."
"Setup is incredibly complex and poorly documented. Every time an upgrade was needed we would need to engage Professional Services for troubleshooting help. Certificates and web services proved to be the most significant sticking points. Since the product runs on a Linux platform, perhaps having staff with more Linux experience could have alleviated some difficulty."
"The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation."
"Training and education for both partner and customer, including product marketing need to be improved."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"The cloud console has a lot of bugs and issues in the analysis part."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 33 reviews while VMware Carbon Black Cloud is ranked 3rd in Security Incident Response with 18 reviews. Splunk SOAR is rated 8.0, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Siemplify, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate, Palo Alto Networks Cortex XSOAR and Rapid7 InsightIDR.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.