We performed a comparison between Splunk SOAR and Swimlane based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Sentinel pricing is good"
"Free ingestion for Azure logs (with E5 licence)"
"I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work."
"The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me."
"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."
"The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools."
"The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point."
"When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved."
"I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful."
"I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks."
"It provides us with a single portal for our logs from different solutions."
"The technical support from Swimlane is very good."
"The most valuable feature of the solution is the support."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The solution could be more user-friendly; some query languages are required to operate it."
"We'd like to see more connectors."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"We'd like also a better ticketing system, which is older."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The AI capabilities must be improved."
"The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"It would be ideal if we could automate processes even more."
"The scalability could be better."
"Splunk's support for integration is subpar and has room for improvement."
"Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers."
"The technical support for the Splunk SIEM solution was average."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
"The initial setup and deployment are complex."
"The stability of the solution has room for improvement."
"We faced a lot of issues with the product’s stability."
Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews while Swimlane is ranked 17th in Security Orchestration Automation and Response (SOAR) with 3 reviews. Splunk SOAR is rated 8.0, while Swimlane is rated 7.6. The top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". On the other hand, the top reviewer of Swimlane writes "Great support, scalable, and easier to code". Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Cisco SecureX, whereas Swimlane is most compared with Palo Alto Networks Cortex XSOAR, Tines, Fortinet FortiSOAR, ServiceNow Security Operations and Cyware Fusion and Threat Response. See our Splunk SOAR vs. Swimlane report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.