AWS Security Hub vs Splunk SOAR comparison

Sponsored
Microsoft Sentinel
Read 86 Microsoft Sentinel reviews
  • 17,297 Views
  • 9,622 Comparison Views
92% willing to recommend
AWS Security Hub
Read 17 AWS Security Hub reviews
  • 5,794 Views
  • 4,784 Comparison Views
89% willing to recommend
Splunk SOAR
Read 33 Splunk SOAR reviews
  • 6,452 Views
  • 3,805 Comparison Views
83% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between AWS Security Hub and Splunk SOAR based on real PeerSpot user reviews.

Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed AWS Security Hub vs. Splunk SOAR Report (Updated: May 2024).
Buyer's Guide
AWS Security Hub vs. Splunk SOAR
May 2024
Download the complete report
Helped 787,061 peers since 2012
 

Categories and Ranking

Microsoft Sentinel
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
1st
Average Rating
8.2
Number of Reviews
86
Ranking in other categories
Security Information and Event Management (SIEM) (2nd), Microsoft Security Suite (5th)
AWS Security Hub
Ranking in Security Orchestration Automation and Response (SOAR)
5th
Average Rating
7.6
Number of Reviews
17
Ranking in other categories
Security Information and Event Management (SIEM) (8th), Cloud Security Posture Management (CSPM) (12th)
Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.0
Number of Reviews
33
Ranking in other categories
No ranking in other categories
 

Market share comparison

As of June 2024, in the Security Orchestration Automation and Response (SOAR) category, the market share of Microsoft Sentinel is 20.3% and it increased by 15.1% compared to the previous year. The market share of AWS Security Hub is 11.8% and it decreased by 14.4% compared to the previous year. The market share of Splunk SOAR is 8.1% and it decreased by 24.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
Unique Categories:
Security Information and Event Management (SIEM)
13.7%
Microsoft Security Suite
5.3%
Cloud Security Posture Management (CSPM)
6.8%
No other categories found
 

Featured Reviews

AC
May 10, 2023
The threat intelligence helped us prepare for attacks by developing rules before they hit
We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers. In some instances, the customer reports that they suspect malware on a computer, and one of their IT guys noticed it. There is a five to ten minute delay before we can see it and respond. As a security company, we don't want the customer to be the first one to identify the threat. However, we must deal with delays from the various products we're integrating. For example, Apex One has a 15-minute delay. Sometimes it's an issue with the third-party product, but sometimes it isn't. If it isn't, we need to open a ticket with Microsoft. We would benefit from transparency around delays and communication about what Microsoft is doing to resolve the issue. Another issue is transparency around usage and associated costs. There are charges if you use playbooks and queries. If you query 100,000 times a day, your costs will go up. The usage only displays in gigabytes per day. A breakdown would help us make reports for our management.
Read full review
Shashank N - PeerSpot reviewer
Jan 16, 2024
Easy to set up but not user-friendly and cluttered interface
It's a security posture management tool from AWS. Basically, it identifies misconfigurations, similar to Trusted Advisor but on a larger scale There are a lot of good rules, but the problem is it's very cluttered. Honestly, I wouldn't recommend it. It is too expensive for what it offers, too…
Read full review
Amit Moralwar - PeerSpot reviewer
May 6, 2024
Provides a user-friendly GUI, and reduces manual work, but the playbooks have room for improvement
Splunk makes creating playbooks simple with its GUI. We can build playbooks by dragging and dropping different elements, eliminating the need for complex coding. The visibility of the playbook viewer is good. We can add custom code while developing the playbook if required. Splunk SOAR provides end-to-end visibility into our environment. Troubleshooting our cloud-native environment with Splunk SOAR is a breeze thanks to its intuitive graphical interface. Unlike traditional tools requiring command lines, Splunk SOAR lets us manage integrations and cloud access entirely within the user-friendly GUI, streamlining the process. Splunk SOAR has significantly reduced our manual workload by automating many previously time-consuming processes. We only began to see the full benefits after about five months. Splunk simplifies security investigations by offering pre-built processes and leveraging the rich functionality embedded within Phantom's alerts. This combination provides a powerful toolkit for investigators. Splunk SOAR has significantly improved our security alert resolution efficiency. While the specific time saved depends on the individual case, we've seen a general reduction in resolution time from around 20 minutes to five minutes thanks to the variety of use cases it supports. Splunk has reduced our mean time to detection by 15 minutes. Our mean time to resolution is now down to five minutes. Splunk SOAR streamlined our security operations by consolidating multiple tools. We've successfully integrated and replaced approximately 15 individual applications into a more unified environment.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The main benefit is the ease of integration."
"Sentinel pricing is good"
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"It has basic out-of-the-box integrations with multiple log sources."
"The UI-based analytics are excellent."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"It has a lot of great features."
More Microsoft Sentinel pros
"The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud."
"I like that AWS Security Hub currently has several good features, around four or five. The technical support for AWS Security Hub is also responsive."
"Finding out if your infrastructure is secure is a valuable feature."
"AWS Security Hub has very good integration features. It allows for AWS native services integration, and it helps us to integrate some of the services outside of AWS. They have partners, such as Amazon Preferred Network Partners (APN). If you have different security tools around APN, we can integrate those findings with AWS Security Hub reducing the need to refer to different portals or different UIs. You can have AWS Security Hub act as a single common go-to dashboard."
"Cloudposse is a valuable feature as it guarantees my security."
"It's a security posture management tool from AWS. Basically, it identifies misconfigurations, similar to Trusted Advisor but on a larger scale."
"The platform has valuable features for security."
"Very good at detection and providing real-time alerts."
More AWS Security Hub pros
"The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools."
"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"Splunk SOAR's quick response to incidents is the most valuable part."
"Splunk SOAR's extensive library of pre-built integrations allows it to connect with a vast array of popular security and IT applications, streamlining workflows across our existing security stack."
"The most valuable feature of Splunk SOAR that stands out is it has a great SOAR. The automation and orchestration module is highly mature. A lot of use cases are on user entity and behavioral analytics (UEBA), which is artificial intelligence and machine learning-based (AIML)."
"The tool's most valuable feature is its searchability and ease of action on the logs. I can easily search within the logs and take action on them, and I can trace them back to my environment because the way the logs are written is very helpful for us."
"The product’s integration with other Splunk products is valuable."
More Splunk SOAR pros
 

Cons

"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
More Microsoft Sentinel cons
"It's not user-friendly. Too much going on, too many unnecessary findings, not very visual. You can't do much compared to other similar tools that are cheaper and better."
"The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach."
"Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub."
"The solution should be easier to learn and use"
"Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement."
"From an improvement perspective, there is a need to add more compliance since, right now, AWS Security Hub only provides four to five compliances to control the tool."
"The solution lacks self-sufficiency."
"The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results."
More AWS Security Hub cons
"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"We've run into a few minor issues. Some of the playbook writing is a bit complicated. We've had a few hiccups with the source control. We'd really like to use GitHub deployment keys for a dedicated account. We haven't been able to do that. I think those are some of the major ones."
"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks."
"The technical support for the Splunk SIEM solution was average."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
"have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning."
"Some of the training materials are on a basic level."
"The UI can be more customizable for the clients."
More Splunk SOAR cons
 

Pricing and Cost Advice

"There are no additional costs other than the initial costs of Sentinel."
"Microsoft Sentinel is pretty expensive, and they recently announced that they will increase the price of all Microsoft services running in Azure by 11 percent. Luckily, I'm not responsible for the financial side. For one of my clients, the estimated cost is 880,000 euros for one year. There are additional costs for the service agreement."
"Sentinel's price is comparable to pretty much everything out there. None of it is cheap, but we didn't think we could save money by going a different route. Sentinel was part of our Azure expenditures, so it was easier to add the expense instead of having a completely separate vendor."
"The combination of the ease of accessibility and the free cost of the service is great. But we buy storage based on our events per second and on how many sources are integrated into the solution."
"No license is required to make use of Sentinel, but you need to buy products to get the data. In general, the price of those products is comparable to similar products."
"I am not involved on the financial side, but from an enterprise-wide use perspective, I think the price is good enough."
"Microsoft Sentinel is included in our E5 license."
"From a cost perspective, there are some additional charges in addition to the licensing."
More Microsoft Sentinel pricing and cost advice
"The price of the solution is not very competitive but it is reasonable."
"AWS Security Hub's pricing is pretty reasonable."
"The price of AWS Security Hub is average compared to other solutions."
"Security Hub is not an expensive solution."
"The pricing is fine. It is not an expensive tool."
"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"There are multiple subscription models, like yearly, monthly, and packaged."
"Splunk SOAR is more expensive compared to other options for SOAR."
"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
"Splunk SOAR is an expensive solution for an organization of our size."
"The licensing cost is reasonable."
"The cost is high and the licensing is on an annual basis."
"I don't know the exact price, but for my region, it is very expensive."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
"It's very overpriced because it is based on the number of users. There is no bulk licensing."
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
See recommendations
787,061 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Government
9%
Manufacturing Company
7%
Computer Software Company
17%
Financial Services Firm
13%
Manufacturing Company
8%
Government
6%
Computer Software Company
14%
Financial Services Firm
14%
Government
10%
Manufacturing Company
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel an...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...
See all answers
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
See all answers
What do you like most about AWS Security Hub?
The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances...
See all answers
What needs improvement with AWS Security Hub?
The solution should be easier to learn and use, and data exportation should be more user-friendly. If a user doesn't ...
See all answers
What is your primary use case for AWS Security Hub?
The solution provides first-hand integration into tools like Amazon Inspector and Amazon Detective. The tool can also...
See all answers
What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
See all answers
What is your experience regarding pricing and costs for Splunk Phantom?
The cost is high and the licensing is on an annual basis.
See all answers
What needs improvement with Splunk Phantom?
The tool's response is slower because it has to search through a huge dataset, which can be improved for latency.
See all answers
 

Comparisons

IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Compared 12% of the time
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Compared 6% of the time
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Compared 5% of the time
Microsoft Defender for Cloud vs Microsoft Sentinel Logo
Microsoft Defender for Cloud vs Microsoft Sentinel
Compared 5% of the time
Splunk Enterprise Security vs Microsoft Sentinel Logo
Splunk Enterprise Security vs Microsoft Sentinel
Compared 5% of the time
More Microsoft Sentinel Competitors
Prisma Cloud by Palo Alto Networks vs AWS Security Hub Logo
Prisma Cloud by Palo Alto Networks vs AWS Security Hub
Compared 12% of the time
Wiz vs AWS Security Hub Logo
Wiz vs AWS Security Hub
Compared 12% of the time
Microsoft Defender for Cloud vs AWS Security Hub Logo
Microsoft Defender for Cloud vs AWS Security Hub
Compared 8% of the time
Google Chronicle Suite vs AWS Security Hub Logo
Google Chronicle Suite vs AWS Security Hub
Compared 4% of the time
Oracle Security Monitoring and Analytics Cloud Service vs AWS Security Hub Logo
Oracle Security Monitoring and Analytics Cloud Service vs AWS Security Hub
Compared 3% of the time
More AWS Security Hub Competitors
Palo Alto Networks Cortex XSOAR vs Splunk SOAR Logo
Palo Alto Networks Cortex XSOAR vs Splunk SOAR
Compared 25% of the time
Cortex XSIAM vs Splunk SOAR Logo
Cortex XSIAM vs Splunk SOAR
Compared 18% of the time
ServiceNow Security Operations vs Splunk SOAR Logo
ServiceNow Security Operations vs Splunk SOAR
Compared 8% of the time
Torq vs Splunk SOAR Logo
Torq vs Splunk SOAR
Compared 7% of the time
Exabeam Fusion SIEM vs Splunk SOAR Logo
Exabeam Fusion SIEM vs Splunk SOAR
Compared 1% of the time
More Splunk SOAR Competitors
 

Product Reports

Buyer's Guide
Microsoft Sentinel
May 2024
Microsoft Sentinel reportDownload Microsoft Sentinel product report
Buyer's Guide
AWS Security Hub
June 2024
AWS Security Hub reportDownload AWS Security Hub product report
Buyer's Guide
Splunk SOAR
May 2024
Splunk SOAR reportDownload Splunk SOAR product report
 

Also Known As

Azure Sentinel
No data available
Phantom
 

Learn More

Microsoft
Amazon Web Services (AWS)
Splunk
 

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

AWS Security Hub is a comprehensive security service that provides a centralized view of security alerts and compliance status across an AWS environment. It collects data from various AWS services, partner solutions, and AWS Marketplace products to provide a holistic view of security posture. With Security Hub, users can quickly identify and prioritize security issues, automate compliance checks, and streamline remediation efforts. 

The service offers a range of features including continuous monitoring, threat intelligence integration, and customizable dashboards. It also provides automated insights and recommendations to help users improve their security posture. Security Hub integrates with other AWS services like Amazon GuardDuty, AWS Config, and AWS Macie to provide a unified security experience. Additionally, it supports integration with third-party security tools through its API, allowing users to leverage their existing security investments. 

With its user-friendly interface and powerful capabilities, AWS Security Hub is a valuable tool for organizations looking to enhance their security and compliance posture in the cloud.

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Edmunds, Frame.io, GoDaddy, Realtor.com
Recorded Future, Blackstone
Buyer's Guide
AWS Security Hub vs. Splunk SOAR
May 2024
Free Report: AWS Security Hub vs. Splunk SOAR
Find out what your peers are saying about AWS Security Hub vs. Splunk SOAR and other solutions. Updated: May 2024.
DOWNLOAD NOW
787,061 professionals have used our research since 2012.
See our AWS Security Hub vs. Splunk SOAR report.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.