We performed a comparison between Splunk SOAR and ThreatConnect Threat Intelligence Platform (TIP) based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The analytic rule is the most valuable feature."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The customizable playbook is the most valuable aspect of the solution."
"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"I'm just a beginner on the solution and it's pretty easy for me to use."
"The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools."
"Very flexible integration with other tools"
"It helps increase efficiency and productivity."
"I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful."
"ThreatConnect has a highly user-friendly interface."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
"The most valuable features are ease of use and the ability to customize it."
"The product automatically generated a threat score based on the maliciousness of an IP."
More ThreatConnect Threat Intelligence Platform (TIP) Pros →
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"We'd like also a better ticketing system, which is older."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"There is a lot of room for improvement with the UI."
"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
"It could be easier to implement."
"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"We've run into a few minor issues. Some of the playbook writing is a bit complicated. We've had a few hiccups with the source control. We'd really like to use GitHub deployment keys for a dedicated account. We haven't been able to do that. I think those are some of the major ones."
"And most of the challenges that I have faced with the solution can be found in the documentation itself."
"Some of the training materials are on a basic level."
"Integration is an area that could use some improvement."
"I couldn’t get any training videos online when I was working with the tool."
"It would be good to have more feeds and more integrated sources for enrichment."
"They should make it a little bit easier to generate events and share them with the community"
More ThreatConnect Threat Intelligence Platform (TIP) Cons →
More ThreatConnect Threat Intelligence Platform (TIP) Pricing and Cost Advice →
Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews while ThreatConnect Threat Intelligence Platform (TIP) is ranked 19th in Security Orchestration Automation and Response (SOAR) with 4 reviews. Splunk SOAR is rated 8.0, while ThreatConnect Threat Intelligence Platform (TIP) is rated 8.0. The top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". On the other hand, the top reviewer of ThreatConnect Threat Intelligence Platform (TIP) writes "The tool could be integrated into any environment, but it was expensive, and the deployment process was complex". Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Exabeam Fusion SIEM, whereas ThreatConnect Threat Intelligence Platform (TIP) is most compared with Anomali ThreatStream, Recorded Future, ThreatQ, Palo Alto Networks Cortex XSOAR and IBM X-Force Exchange. See our Splunk SOAR vs. ThreatConnect Threat Intelligence Platform (TIP) report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
