• Home
  • DFLabs IncMan SOAR vs. ThreatConnect Threat Intelligence Platform (TIP)

DFLabs IncMan SOAR vs ThreatConnect Threat Intelligence Platform (TIP) comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo

Microsoft Sentinel

Read 85 Microsoft Sentinel reviews
17,980 views|10,109 comparisons
92% willing to recommend
DFLabs Logo

DFLabs IncMan SOAR

Read 1 DFLabs IncMan SOAR review
283 views|172 comparisons
0% willing to recommend
ThreatConnect Logo

ThreatConnect Threat Intelligence Platform (TIP)

Read 4 ThreatConnect Threat Intelligence Platform (TIP) reviews
1,213 views|911 comparisons
100% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
April 2024
Executive Summary

We performed a comparison between DFLabs IncMan SOAR and ThreatConnect Threat Intelligence Platform (TIP) based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR).
To learn more, read our detailed Security Orchestration Automation and Response (SOAR) Report (Updated: April 2024).
Download the complete report
768,578 professionals have used our research since 2012.
Featured Review
Nagendra Nekkala
Provides a unified set of tools to detect, investigate, and respond to incidents and enables proactive threat hunting
We use the tool because we want a solution that can quickly analyze large volumes of data across the enterprise. Microsoft Sentinel is a one-stop... Read more →
Anonymous User
Protects an organization from the threat of a data breach or cyberattack
Sai-Charan
The tool could be integrated into any environment, but it was expensive, and the deployment process was complex
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products.""Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements.""The Log analytics are useful.""The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found.""The initial setup is very simple and straightforward.""Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises.""There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive.""It has basic out-of-the-box integrations with multiple log sources."

More Microsoft Sentinel Pros →

"The vendors themselves will actually help with any customizations a client may require"

More DFLabs IncMan SOAR Pros →

"It's a solid platform and is stable enough. It is not complicated and is easy to use.""ThreatConnect has a highly user-friendly interface.""The most valuable features are ease of use and the ability to customize it.""The product automatically generated a threat score based on the maliciousness of an IP."

More ThreatConnect Threat Intelligence Platform (TIP) Pros →

Cons
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products.""While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate.""If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries.""The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations.""Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities.""The playbook is a bit difficult and could be improved.""Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field.""The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."

More Microsoft Sentinel Cons →

"The support is not 24/7."

More DFLabs IncMan SOAR Cons →

"I couldn’t get any training videos online when I was working with the tool.""Integration is an area that could use some improvement.""They should make it a little bit easier to generate events and share them with the community""It would be good to have more feeds and more integrated sources for enrichment."

More ThreatConnect Threat Intelligence Platform (TIP) Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

    Information Not Available
  • "The price of this product is in the mid-range, not too expensive, nor inexpensive."
  • "The price could be better."
  • "The tool is expensive."

    • More ThreatConnect Threat Intelligence Platform (TIP) Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
    See Recommendations
    768,578 professionals have used our research since 2012.
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    Ask a question

    Earn 20 points

    What do you like most about ThreatConnect Threat Intelligence Platform (T...
    Top Answer:The product automatically generated a threat score based on the maliciousness of an IP.
    Read all 4 answers   →
    What is your experience regarding pricing and costs for ThreatConnect Thr...
    Top Answer:The tool is expensive. It is worth the money, though.
    Read all 3 answers   →
    What needs improvement with ThreatConnect Threat Intelligence Platform (T...
    Top Answer:The building of playbooks could be more refined. The training is not openly available. I couldn’t get any training… more »
    Read all 4 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    DFLabs IncMan Incident Response
    Learn More
    Microsoft
    DFLabs
    ThreatConnect
    Video Not Available
    Interactive Demo
    Microsoft
    Demo Not Available
    DFLabs
    Demo Not Available
    ThreatConnect
    Watch a demo
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    DFLabs' Security Orchestration, Automation and Response (SOAR) platform, IncMan SOAR, is designed for SOCs, CSIRTs and MSSPs to automate, orchestrate and measure security operations and incident response processes and tasks, all from within one single, intuitive platform. By integrating security tools, fusing intelligence, sharing knowledge and implementing seamless workflows, IncMan SOAR enables every security incident to be detected, responded to, and remediated in the fastest possible time frame.

    DFLabs IncMan SOAR is the only Security Orchestration, Automation and Response (SOAR) platform capable of full incident lifecycle automation, that includes built-in, automated threat intelligence gathering, risk assessment, triage and notification, context enrichment, hunting and investigating, threat containment and more. This feature rich, unique and scalable SOAR platform provides context to security incidents, automates actions, orchestrates response to activities, while enabling full reporting and measurement functionality across all stakeholders.

    DFLabs covers the entire spectrum of security orchestration, automation and response components as outlined by Gartner, with a unique combination of features and capabilities, driven through continuous improvement and innovation. IncMan SOAR is the only platform to offer full incident response lifecycle management with machine learning and threat hunting. Acting as a force multiplier, it enables security teams to do more with less, empowering security analysts, while ensuring organizations stay one step ahead of any potential threat.

    Automate. Orchestrate. Measure.

    IncMan SOAR provides three critical functions as an enabler to your security program. Automation and orchestration which in turn enables response, as well as measurement.

    Automate

    Augment analysts by automating common, repetitive and menial tasks driven by machine learning for faster response to all alerts.

    Orchestrate

    Establish repeatable, enforceable, measurable and effective incident response workflows, orchestrating your security tool set into one seamless response process.

    Measure

    Measure, benchmark and optimize security operations and incident response activities and performance from one intuitive and collaborative platform.

    Seamlessly Integrate and Orchestrate Your Tools Together as One.

    Improve efficiencies by enabling your security analysts to access and manage all tools, technologies and processes from one intuitive platform. IncMan SOAR supports hundreds of 3rd party security technologies via QIC, API, CEF, Syslog and Email, with a constantly growing list of certified bidirectional integrations and Open Integration Framework for custom integrations.

    Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

    See IncMan SOAR in Action.

    The ThreatConnect Threat Intelligence Operations (TIOps) Platform lets organizations operationalize and evolve their cyber threat intel program, enabling cybersecurity operations teams to measurably improve their organization’s resilience to attacks. The TIOps Platform enhances collaboration across teams to drive proactive threat defense, and improve threat detection and response. The AI- and automation-powered TI Ops Platform enables analysts to perform all their work effectively and efficiently in a single, unified platform, allowing threat intel to be aggregated, analyzed, prioritized, and actioned against the most relevant threats. 

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    University of Advancing Technology, Cybersecurity Ventures
    Oracle, IBM, General Dynamics, Scotiabank, Sony, Athena Health, Berkshire Hathaway Energy, Workday, TikTok
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Financial Services Firm20%
    Energy/Utilities Company15%
    Government11%
    Insurance Company10%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm16%
    Government11%
    Manufacturing Company9%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    VISITORS READING REVIEWS
    Small Business31%
    Midsize Enterprise15%
    Large Enterprise54%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise12%
    Large Enterprise70%
    Buyer's Guide
    Security Orchestration Automation and Response (SOAR)
    April 2024
    Download Free Report
    Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: April 2024.
    DOWNLOAD NOW
    768,578 professionals have used our research since 2012.

    DFLabs IncMan SOAR is ranked 28th in Security Orchestration Automation and Response (SOAR) while ThreatConnect Threat Intelligence Platform (TIP) is ranked 19th in Security Orchestration Automation and Response (SOAR) with 4 reviews. DFLabs IncMan SOAR is rated 0.0, while ThreatConnect Threat Intelligence Platform (TIP) is rated 8.0. The top reviewer of DFLabs IncMan SOAR writes "Protects an organization from the threat of a data breach or cyberattack". On the other hand, the top reviewer of ThreatConnect Threat Intelligence Platform (TIP) writes "The tool could be integrated into any environment, but it was expensive, and the deployment process was complex". DFLabs IncMan SOAR is most compared with IBM Resilient and Palo Alto Networks Cortex XSOAR, whereas ThreatConnect Threat Intelligence Platform (TIP) is most compared with Anomali ThreatStream, Recorded Future, ThreatQ, Palo Alto Networks Cortex XSOAR and Anomali Match.

    See our list of best Security Orchestration Automation and Response (SOAR) vendors.

    We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.