Exabeam Fusion SIEM vs Splunk SOAR comparison

Sponsored
Microsoft Sentinel
Read 86 Microsoft Sentinel reviews
  • 17,297 Views
  • 9,622 Comparison Views
92% willing to recommend
Exabeam Fusion SIEM
Read 10 Exabeam Fusion SIEM reviews
  • 2,870 Views
  • 1,377 Comparison Views
80% willing to recommend
Splunk SOAR
Read 33 Splunk SOAR reviews
  • 6,452 Views
  • 3,805 Comparison Views
83% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Exabeam Fusion SIEM and Splunk SOAR based on real PeerSpot user reviews.

Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Exabeam Fusion SIEM vs. Splunk SOAR Report (Updated: May 2024).
Buyer's Guide
Exabeam Fusion SIEM vs. Splunk SOAR
May 2024
Download the complete report
Helped 787,061 peers since 2012
 

Categories and Ranking

Microsoft Sentinel
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
1st
Average Rating
8.2
Number of Reviews
86
Ranking in other categories
Security Information and Event Management (SIEM) (2nd), Microsoft Security Suite (5th)
Exabeam Fusion SIEM
Ranking in Security Orchestration Automation and Response (SOAR)
13th
Average Rating
8.0
Number of Reviews
10
Ranking in other categories
Log Management (33rd), Security Information and Event Management (SIEM) (28th), User Entity Behavior Analytics (UEBA) (5th)
Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.0
Number of Reviews
33
Ranking in other categories
No ranking in other categories
 

Market share comparison

As of June 2024, in the Security Orchestration Automation and Response (SOAR) category, the market share of Microsoft Sentinel is 20.3% and it increased by 15.1% compared to the previous year. The market share of Exabeam Fusion SIEM is 1.5% and it decreased by 47.0% compared to the previous year. The market share of Splunk SOAR is 8.1% and it decreased by 24.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
Unique Categories:
Security Information and Event Management (SIEM)
13.7%
Microsoft Security Suite
5.3%
Log Management
0.9%
No other categories found
 

Featured Reviews

HS
Nov 10, 2023
It's a plug-and-play solution, so you can start seeing benefits quickly using the out-of-the-box analytics rules and use cases
The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage. Sentinel's AI and automation capabilities make our SOC team's job easy. When logs come into Sentinel, the AI engine analyzes, contextualizes, and correlates them. The AI is correlating the data from multiple log sources and giving us alerts. We depend on that. We also perform automated remediation based on our SOAR playbooks.
Read full review
AYOUB ECH-CHKAF - PeerSpot reviewer
Jul 10, 2023
An easy-to-use solution, but its data lake features could be simple to understand
We use the solution to investigate incidents and create rules for use cases The solution provides an easy-to-use platform to create rules for use cases. The solution's data lake features could be easier to understand for end users. They should also provide detailed information about detecting…
Read full review
Nagendra Nekkala. - PeerSpot reviewer
Dec 1, 2023
Helps with visibility, offers helpful playbooks, and has good automation
The playbooks are great. They are very useful. We can define rules, including what the remediation should be. Everything gets clearly defined. You can set up different types of automation. It helps increase efficiency and productivity. The solution provides us with end-to-end visibility. It's easy to visualize and troubleshoot our cloud-native environment using Splunk. There's simple product management and quick detection and response that helps minimize risks. I can handle continuous monitoring from an operation control center. We can integrate with other systems. It's helped minimize incident tickets and my overall response time has been lowered. We began to realize benefits within three to four months of deployment. Splunk is very easy to use during an investigation. It's very straightforward. We've been able to reduce our security event volume by 50%. We've also been able to reduce our mean time to detect by about 25%. It's helped us save time and consolidate tools in our environment so that we can minimize staff appropriately. The automation makes all of this possible.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"We have no complaints about the features or functionality."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The UI of Sentinel is very good and easy to use, even for beginners."
More Microsoft Sentinel pros
"Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions."
"The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface."
"The setup is not difficult. It was easy."
"I have customers that like the EUBA functionality of it. The solution has the ability to build a session, basically. It pulls a lot of information together, for example, everything a user does in a specific timeframe. It's quite helpful."
"Timeline based analysis; good platform support"
"The user interface and the timelines they use are the most valuable features. The price model is very simple so that one can understand it easily and there are no surprises within it."
"The way it can connect with AWS is very useful, and the integrations are pretty good."
"The advanced analytics has a really great overview of user behavior."
More Exabeam Fusion SIEM pros
"So far, the interface is very easy to use."
"Technical support is helpful."
"The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me."
"It helps increase efficiency and productivity."
"Splunk SOAR's extensive library of pre-built integrations allows it to connect with a vast array of popular security and IT applications, streamlining workflows across our existing security stack."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"The customizable playbook is the most valuable aspect of the solution."
"The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time."
More Splunk SOAR pros
 

Cons

"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The on-prem log sources still require a lot of development."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
More Microsoft Sentinel cons
"I believe if it were more flexible it would be a better product."
"We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with."
"The organzation is rigid and not flexible in the way they operate"
"The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward."
"They need to focus on more of the MITRE ATT&CK Framework and coverage. They claim they cover about 70 to 80%. I'm not sure if it's really quite that much, however."
"Updating the new release of Exabeam Fusion SIEM takes time and slows our performance."
"The only problem is that the UI is not very impressive."
"Adding to the number of certifications that they have, for example, ISO 27001, would be helpful."
More Exabeam Fusion SIEM cons
"Splunk SOAR should improve its ease of upgrade, which is a pain point for us right now."
"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
"The UI can be more customizable for the clients."
"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
"It could be easier to implement."
"Portability is one thing that is currently lacking. The open-source product that I evaluated had portability. It would require a lot of development effort, but it will save the cost of rewriting all the playbooks."
More Splunk SOAR cons
 

Pricing and Cost Advice

"There are no additional costs other than the initial costs of Sentinel."
"Some of the licensing models can be a little bit difficult to understand and confusing at times, but overall it's a reasonable licensing model compared to some other SIEMs that charge you a lot per data."
"The are two native advantages for customers that use M365 Security and Sentinel. The first advantage is that the log or security-event ingestion into Sentinel is free. Cost-wise, they're saving a lot and that is a major advantage."
"The pricing isn't very high. It depends on the number of logs you have. If you're expecting to ingest 50 to 60G in a day, but you're only ingesting 20 to 25G per day at first and you have a good team to analyze the logs, then you can segregate the ingestion at under 15G."
"The price is reasonable because Sentinel includes features like user behavior analytics and SOAR that are typically sold separately. Overall, a standalone on-prem solution would require some high-end servers, and there's a different cost. It is a cloud-based solution, so there are backend cloud computing costs, but they are negligible."
"The solution is expensive and there is a daily usage fee."
"It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
"Microsoft Sentinel is expensive."
More Microsoft Sentinel pricing and cost advice
"They have a great model for pricing that can be based either on user count or gigabits per day."
"Exabeam Fusion SIEM's pricing is reasonable."
"The solution is expensive."
"There is an annual license required to use Exabeam Fusion SIEM. The price of the solution should be reduced."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
"I don't know the exact price, but for my region, it is very expensive."
"The licensing cost is reasonable."
"Splunk SOAR is an expensive solution for an organization of our size."
"Splunk SOAR is more expensive compared to other options for SOAR."
"The cost is high and the licensing is on an annual basis."
"It's very overpriced because it is based on the number of users. There is no bulk licensing."
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
See recommendations
787,061 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Government
9%
Manufacturing Company
7%
Computer Software Company
14%
Financial Services Firm
12%
Manufacturing Company
8%
Government
8%
Financial Services Firm
14%
Computer Software Company
14%
Manufacturing Company
10%
Government
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel an...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...
See all answers
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
See all answers
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendli...
See all answers
What do you like most about Exabeam Fusion SIEM?
The solution's initial setup process is easy.
See all answers
What is your experience regarding pricing and costs for Exabeam Fusion SIEM?
The solution is expensive.
See all answers
What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
See all answers
What is your experience regarding pricing and costs for Splunk Phantom?
The cost is high and the licensing is on an annual basis.
See all answers
What needs improvement with Splunk Phantom?
The tool's response is slower because it has to search through a huge dataset, which can be improved for latency.
See all answers
 

Comparisons

AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
Compared 17% of the time
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Compared 12% of the time
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Compared 6% of the time
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Compared 5% of the time
Microsoft Defender for Cloud vs Microsoft Sentinel Logo
Microsoft Defender for Cloud vs Microsoft Sentinel
Compared 5% of the time
More Microsoft Sentinel Competitors
IBM Security QRadar vs Exabeam Fusion SIEM Logo
IBM Security QRadar vs Exabeam Fusion SIEM
Compared 10% of the time
Splunk User Behavior Analytics vs Exabeam Fusion SIEM Logo
Splunk User Behavior Analytics vs Exabeam Fusion SIEM
Compared 9% of the time
Splunk Enterprise Security vs Exabeam Fusion SIEM Logo
Splunk Enterprise Security vs Exabeam Fusion SIEM
Compared 8% of the time
Palo Alto Networks Cortex XSOAR vs Exabeam Fusion SIEM Logo
Palo Alto Networks Cortex XSOAR vs Exabeam Fusion SIEM
Compared 8% of the time
LogRhythm SIEM vs Exabeam Fusion SIEM Logo
LogRhythm SIEM vs Exabeam Fusion SIEM
Compared 2% of the time
More Exabeam Fusion SIEM Competitors
Palo Alto Networks Cortex XSOAR vs Splunk SOAR Logo
Palo Alto Networks Cortex XSOAR vs Splunk SOAR
Compared 25% of the time
Cortex XSIAM vs Splunk SOAR Logo
Cortex XSIAM vs Splunk SOAR
Compared 18% of the time
ServiceNow Security Operations vs Splunk SOAR Logo
ServiceNow Security Operations vs Splunk SOAR
Compared 8% of the time
Torq vs Splunk SOAR Logo
Torq vs Splunk SOAR
Compared 7% of the time
More Splunk SOAR Competitors
 

Product Reports

Buyer's Guide
Microsoft Sentinel
May 2024
Microsoft Sentinel reportDownload Microsoft Sentinel product report
Buyer's Guide
Exabeam Fusion SIEM
June 2024
Exabeam Fusion SIEM reportDownload Exabeam Fusion SIEM product report
Buyer's Guide
Splunk SOAR
May 2024
Splunk SOAR reportDownload Splunk SOAR product report
 

Also Known As

Azure Sentinel
No data available
Phantom
 

Learn More

Microsoft
Exabeam
Splunk
 

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Exabeam Fusion SIEM is a cloud-delivered solution that that enables you to:

-Leverage turnkey threat detection, investigation, and response
-Collect, search and enhance data from anywhere
-Detect threats missed by other tools, using market-leading behavior analytics
-Achieve successful SecOps outcomes with prescriptive, threat-centric use case packages
-Enhance productivity and reduce response times with automation
-Meet regulatory compliance and audit requirements with ease

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Hulu, ADP, Safeway, BBCN Bank
Recorded Future, Blackstone
Buyer's Guide
Exabeam Fusion SIEM vs. Splunk SOAR
May 2024
Free Report: Exabeam Fusion SIEM vs. Splunk SOAR
Find out what your peers are saying about Exabeam Fusion SIEM vs. Splunk SOAR and other solutions. Updated: May 2024.
DOWNLOAD NOW
787,061 professionals have used our research since 2012.
See our Exabeam Fusion SIEM vs. Splunk SOAR report.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.