We performed a comparison between Proofpoint Threat Response and Splunk SOAR based on real PeerSpot user reviews.
Find out what your peers are saying about VMware, ServiceNow, IBM and others in Security Incident Response."It has reduced our manual efforts to remove emails from each user's inbox, and in this case we do not have to ask our IT department or users to do so."
"The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature."
"Support is very responsive."
"The customization continues to be excellent."
"It's pretty easy when it comes to setting up assets. If you want to fetch emails or call a REST API, you can set up an asset and grab that information."
"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."
"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."
"I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful."
"The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable."
"My understanding is the initial setup isn't too hard."
"I'm just a beginner on the solution and it's pretty easy for me to use."
"If the reporting gets improved then it would be better, but the product is running amazing as it is."
"Has some quirks."
"The interface within Threat Response could be made simpler."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."
"And most of the challenges that I have faced with the solution can be found in the documentation itself."
"The scalability could be better."
"It could be easier to implement."
"We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
Proofpoint Threat Response is ranked 5th in Security Incident Response with 3 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. Proofpoint Threat Response is rated 8.4, while Splunk SOAR is rated 8.0. The top reviewer of Proofpoint Threat Response writes "Tracks and mitigates email security incidents with Auto-Pull, and has good stability and performance". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". Proofpoint Threat Response is most compared with ServiceNow Security Operations and Cofense Triage, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Swimlane.
We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.