We performed a comparison between Splunk SOAR and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."The Log analytics are useful."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The product can integrate with any device."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The UI-based analytics are excellent."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The pricing of the product is excellent."
"It helps increase efficiency and productivity."
"The customizable playbook is the most valuable aspect of the solution."
"Splunk SOAR's quick response to incidents is the most valuable part."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"It's pretty easy when it comes to setting up assets. If you want to fetch emails or call a REST API, you can set up an asset and grab that information."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable."
"Technical support is helpful."
"The solution does very well as a baseline EDR and provides good process-level management."
"Integration and scalability are the most valuable."
"We also took full advantage of its incident response reporting capabilities to act as a “black box” for our infrastructure around strings of suspicious activity. The reporting and incident response capabilities were incredibly helpful during active security concerns."
"The ability to isolate an endpoint with only the host name and a click of a button is a major time saver."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"The most valuable feature of VMware Carbon Black Cloud is the possibility of securing any PC worldwide."
"Carbon Black insures the probability that any ransomware will be stopped before spreading."
"They're highly stable in comparison with other solutions I have."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The reporting could be more structured."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers."
"Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient."
"The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."
"Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch.."
"The algorithm and machine learning have room for improvement and can be more user-friendly."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
"In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration."
"The cloud console has a lot of bugs and issues in the analysis part."
"Technical support for the solution should be improved because there is a scarcity of support teams in the Middle East."
"It's not simple."
"Training and education for both partner and customer, including product marketing need to be improved."
"They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides..."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"The biggest issue I encountered was one where old logs were not being overwritten as expected so the system drive kept filling up from time to time. However, support was usually quite responsive and happy to jump on a remote session to take a look at it for us. That log bug has probably been resolved with an update by now."
"The dashboard should be more user-friendly."
Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews while VMware Carbon Black Cloud is ranked 2nd in Security Incident Response with 18 reviews. Splunk SOAR is rated 8.0, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Cisco SecureX, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate and Palo Alto Networks Cortex XSOAR.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.