• Home
  • ServiceNow Security Operations vs. Splunk SOAR

ServiceNow Security Operations vs Splunk SOAR comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo

Microsoft Sentinel

Read 85 Microsoft Sentinel reviews
17,980 views|10,109 comparisons
92% willing to recommend
ServiceNow Logo

ServiceNow Security Operations

Read 14 ServiceNow Security Operations reviews
3,392 views|1,750 comparisons
92% willing to recommend
Splunk Logo

Splunk SOAR

Read 30 Splunk SOAR reviews
6,753 views|4,009 comparisons
85% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
ServiceNow Security Operations vs. Splunk SOAR
March 2024
Executive Summary

We performed a comparison between ServiceNow Security Operations and Splunk SOAR based on real PeerSpot user reviews.

Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed ServiceNow Security Operations vs. Splunk SOAR Report (Updated: March 2024).
Download the complete report
768,578 professionals have used our research since 2012.
Featured Review
Hari Shankar
Researched Splunk SOAR but chose Microsoft Sentinel: It's a plug-and-play solution, so you can start seeing benefits quickly using the out-of-the-box analytics rules and use cases
Sentinel has reduced our mean time to resolution, one of our KPIs, by about 30 to 40 percent and enabled us to identify vulnerabilities faster. The... Read more →
Anonymous User
Streamlines processes, collects data, and allows you to manage the solution through dashboards
It streamlines processes. It collects data. It takes data and turns it into information. It allows you to manage through dashboards and work lists.... Read more →
Anonymous User
Has the ability to connect it to external apps
It has definitely saved a decent amount of time for our analysts so they can focus on other tasks. This gives us more value for man hours. It has... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment.""It has a lot of great features.""It's pretty powerful and its performance is pretty good.""The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects.""The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards.""Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information.""Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly.""I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."

More Microsoft Sentinel Pros →

"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process.""What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution. ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes.""It's stable.""The solution is stable.""​Integration to other security tools allows for a consolidated view of all vulnerabilities, incidents, etc. for all sorts of leverage in a single platform to assess governance risk and compliance as well as an enhanced, enriched intelligence.​""The solution is available over the cloud and is easy to manage.""Reduces time to closure and closure metrics for vulnerabilities.""It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities."

More ServiceNow Security Operations Pros →

"The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable.""The customization continues to be excellent.""I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful.""My understanding is the initial setup isn't too hard.""I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks.""It has definitely saved a decent amount of time for our analysts so they can focus on other tasks.""Very flexible integration with other tools""The most valuable feature of Splunk SOAR that stands out is it has a great SOAR. The automation and orchestration module is highly mature. A lot of use cases are on user entity and behavioral analytics (UEBA), which is artificial intelligence and machine learning-based (AIML)."

More Splunk SOAR Pros →

Cons
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel.""If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies.""The AI capabilities must be improved.""The only thing is sometimes you can have a false positive.""Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel.""They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome.""I think the number one area of improvement for Sentinel would be the cost.""When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."

More Microsoft Sentinel Cons →

"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better.""​Process framework and best practices for ease of integration between IT and security teams via incident, problem, and change.​""It doesn't interact with things very well.""They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases.""It's very slow. When you click a button or update a field, it takes forever to actually react.""There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution.""The initial setup is difficult.""The threat intelligence module needs a better dashboard."

More ServiceNow Security Operations Cons →

"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks.""Splunk SOAR should improve its ease of upgrade, which is a pain point for us right now.""And most of the challenges that I have faced with the solution can be found in the documentation itself.""It would be ideal if we could automate processes even more.""The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement.""It could be easier to implement.""What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed.""There is a lot of room for improvement with the UI."

More Splunk SOAR Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "This product is a good value for the money."
  • "If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that."
  • "The solution is more expensive than BMC Remedy, the other ITSM tool available in the market."

    • More ServiceNow Security Operations Pricing and Cost Advice →

  • "I don't know the exact price, but for my region, it is very expensive."
  • "In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
  • "It's very overpriced because it is based on the number of users. There is no bulk licensing."
  • "Splunk SOAR is more expensive compared to other options for SOAR."
  • "The licensing cost is reasonable."
  • "When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
  • "Splunk SOAR is an expensive solution for an organization of our size."
  • "The cost is high and the licensing is on an annual basis."

    • More Splunk SOAR Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
    See Recommendations
    768,578 professionals have used our research since 2012.
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    What do you like most about ServiceNow Security Operations?
    Top Answer:The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product.
    Read all 10 answers   →
    What is your experience regarding pricing and costs for ServiceNow Securi...
    Top Answer:I'm not aware of the pricing. I don't handle licensing.
    Read all 7 answers   →
    What needs improvement with ServiceNow Security Operations?
    Top Answer:There is room for improvement in terms of developer support and documentation. While they offer some assistance, a more… more »
    Read all 11 answers   →
    What do you like most about Splunk Phantom?
    Top Answer:Splunk SOAR's quick response to incidents is the most valuable part.
    Read all 20 answers   →
    What is your experience regarding pricing and costs for Splunk Phantom?
    Top Answer:The cost is high and the licensing is on an annual basis.
    Read all 18 answers   →
    What needs improvement with Splunk Phantom?
    Top Answer:The cost of Splunk SOAR has room for improvement.
    Read all 19 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    Phantom
    Learn More
    Microsoft
    ServiceNow
    Video Not Available
    Splunk
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    ServiceNow Security Operations is a cutting-edge security solution designed to elevate organizations' security incident response (SIR) processes through automation and orchestration. Going beyond traditional SOAR, this comprehensive Security Operations Suite integrates seamlessly with other ServiceNow products and offers a wide array of features. Its components include Security Incident Response (SIR), which automates incident workflows and offers pre-built playbooks; Security Configuration Compliance (SCC), continuously scanning and automating compliance tasks; Vulnerability Response (VR), prioritizing and remediating vulnerabilities; Threat Intelligence (TI), aggregating threat data for proactive threat hunting; and additional features like IT Service Management integration, Machine Learning and AI, reporting, and a mobile app. The benefits span improved incident response speed, reduced mean time to resolution, increased security posture, enhanced compliance, collaborative synergy between security and IT teams, and operational cost reductions. 

    Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

    Go from overwhelmed to in-control

    Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

    Force multiply your team

    Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

    From 30 minutes to 30 seconds

    Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

    End-to-end security operations made easy

    Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    DXC Technology, Freedom Security Alliance, Prime Therapeutics, Seton Hall University, York Risk Services
    Recorded Future, Blackstone
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Computer Software Company44%
    Financial Services Firm33%
    Analyst Firm11%
    Manufacturing Company11%
    VISITORS READING REVIEWS
    Financial Services Firm19%
    Computer Software Company12%
    Government10%
    Manufacturing Company8%
    REVIEWERS
    Financial Services Firm38%
    Computer Software Company13%
    University13%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company14%
    Government10%
    Manufacturing Company10%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business33%
    Midsize Enterprise13%
    Large Enterprise53%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise9%
    Large Enterprise75%
    REVIEWERS
    Small Business30%
    Midsize Enterprise20%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise13%
    Large Enterprise69%
    Buyer's Guide
    ServiceNow Security Operations vs. Splunk SOAR
    March 2024
    Free Report: ServiceNow Security Operations vs. Splunk SOAR
    Find out what your peers are saying about ServiceNow Security Operations vs. Splunk SOAR and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,578 professionals have used our research since 2012.

    ServiceNow Security Operations is ranked 8th in Security Orchestration Automation and Response (SOAR) with 14 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. ServiceNow Security Operations is rated 8.0, while Splunk SOAR is rated 8.0. The top reviewer of ServiceNow Security Operations writes "Mature with nice UI and customizable workflows". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". ServiceNow Security Operations is most compared with Palo Alto Networks Cortex XSOAR, IBM Resilient, Fortinet FortiSOAR, Swimlane and ThreatConnect Threat Intelligence Platform (TIP), whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, Torq, Swimlane and Cisco SecureX. See our ServiceNow Security Operations vs. Splunk SOAR report.

    See our list of best Security Orchestration Automation and Response (SOAR) vendors.

    We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.