We performed a comparison between Rapid7 InsightConnect and ServiceNow Security Operations based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The main benefit is the ease of integration."
"The machine learning and artificial intelligence on offer are great."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Free ingestion for Azure logs (with E5 licence)"
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The tool is stable. The initial setup is straightforward. The product is user-friendly."
"The product has a very simple UI."
"The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user."
"The solution is stable."
"The ease of use is great."
"The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"It's stable."
"It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"The reporting could be more structured."
"We'd like to see more connectors."
"There is room for improvement in entity behavior and the integration site."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The technical support should be improved."
"It's very slow. When you click a button or update a field, it takes forever to actually react."
"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."
"In future releases, I would like to add a follow-up and reminder feature. For the tickets in our queue, we could set reminders. This would help us prioritize older tickets before moving on to new ones."
"There is room for improvement in terms of developer support and documentation."
"The threat intelligence module needs a better dashboard."
"Process framework and best practices for ease of integration between IT and security teams via incident, problem, and change."
"The product is called SecOps, but it is not security operations in terms of SIEM solutions."
"The initial setup is difficult."
More ServiceNow Security Operations Pricing and Cost Advice →
Rapid7 InsightConnect is ranked 22nd in Security Orchestration Automation and Response (SOAR) with 2 reviews while ServiceNow Security Operations is ranked 8th in Security Orchestration Automation and Response (SOAR) with 14 reviews. Rapid7 InsightConnect is rated 8.0, while ServiceNow Security Operations is rated 8.0. The top reviewer of Rapid7 InsightConnect writes "Excellent security orchestration and automation AI features". On the other hand, the top reviewer of ServiceNow Security Operations writes "Mature with nice UI and customizable workflows". Rapid7 InsightConnect is most compared with Palo Alto Networks Cortex XSOAR, ThreatConnect Threat Intelligence Platform (TIP), CrowdStrike Falcon and Splunk SOAR, whereas ServiceNow Security Operations is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, IBM Resilient and Fortinet FortiSOAR. See our Rapid7 InsightConnect vs. ServiceNow Security Operations report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.