We performed a comparison between DFLabs IncMan SOAR and IBM Resilient based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"It has basic out-of-the-box integrations with multiple log sources."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The vendors themselves will actually help with any customizations a client may require"
"The product is very good at incident response."
"The solution is simple to use and to integrate with IBM QRadar."
"The solution is very easy to use."
"As a whole, the product is stable...Technical support is very good."
"The most valuable thing about it is how easy it is to navigate the user interface."
"It is a stable solution...It is a scalable solution."
"The initial setup of IBM Resilient is not that complex since my company already has a support license that we use internally. In general, the product's deployment phase is not that complex."
"It's really simple and has a flexible interface."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"The AI capabilities must be improved."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"We are invoiced according to the amount of data generated within each log."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"The support is not 24/7."
"There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future."
"The product must provide more integration with other tools."
"The tool needs to improve its documentation on license scripts."
"The product needs a bit more development."
"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution."
"It is not very straightforward to set up custom integrations, especially with services like Azure. You need an additional server for integration."
"The ability to analyze incidents needs to be improved in the solution."
"One thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading."
Earn 20 points
DFLabs IncMan SOAR is ranked 28th in Security Orchestration Automation and Response (SOAR) while IBM Resilient is ranked 7th in Security Orchestration Automation and Response (SOAR) with 17 reviews. DFLabs IncMan SOAR is rated 0.0, while IBM Resilient is rated 7.6. The top reviewer of DFLabs IncMan SOAR writes "Protects an organization from the threat of a data breach or cyberattack". On the other hand, the top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". DFLabs IncMan SOAR is most compared with Palo Alto Networks Cortex XSOAR, whereas IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, ServiceNow Security Operations, Fortinet FortiSOAR and Swimlane.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
