We performed a comparison between Fortinet FortiSOAR and Splunk SOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The connectivity and analytics are great."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"It has a quick detection and response time."
"It's great that the solution is integrated with FortiAnalyzer."
"The solution is easy to implement and includes 450 built-in connectors."
"The product can be automated for network security purposes. The solution offers a great security automation response."
"The most valuable feature of Fortinet FortiSOAR is the number of available connectors and the simplicity to start to automate."
"The most valuable feature of Fortinet FortiSOAR is the playbook, which has to be defined to apply the policies."
"It is a scalable solution...The implementation phase of the product was not tough or difficult."
"We use the product for security."
"I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful."
"The customizable playbook is the most valuable aspect of the solution."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."
"Very flexible integration with other tools"
"The most valuable feature is the risk-based access control."
"I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks."
"The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"There is room for improvement in entity behavior and the integration site."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"The solution could be more user-friendly; some query languages are required to operate it."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Technical support could be improved."
"The technology and integrations are important so should continue to be enhanced."
"Fortinet FortiSOAR should improve its analysis."
"The solution doesn't connect well with the network devices."
"I have found that Fortinet FortiSOAR needs a lot of improvement. The Orchestration needs to be improved."
"The UI design of the solution needs to be changed since it can get difficult for a newbie to operate."
"Fortinet FortiSOAR's dashboard is not easy to understand."
"The area that needs improvement is integration with multiple third-party vendors."
"The UI can be more customizable for the clients."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
"In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration."
"There is a lot of room for improvement with the UI."
"The number of playbooks on offer should be increased."
"I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region."
Fortinet FortiSOAR is ranked 10th in Security Orchestration Automation and Response (SOAR) with 12 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. Fortinet FortiSOAR is rated 7.4, while Splunk SOAR is rated 8.0. The top reviewer of Fortinet FortiSOAR writes "A stable solution that has a number of available connectors and is simple to automate". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". Fortinet FortiSOAR is most compared with Palo Alto Networks Cortex XSOAR, Swimlane, ServiceNow Security Operations, Cisco SecureX and SECDO Platform, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Cisco SecureX. See our Fortinet FortiSOAR vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.