Splunk SOAR vs Tines comparison

Sponsored
Microsoft Sentinel
Read 86 Microsoft Sentinel reviews
  • 17,297 Views
  • 9,628 Comparison Views
92% willing to recommend
Splunk SOAR
Read 35 Splunk SOAR reviews
  • 6,452 Views
  • 3,809 Comparison Views
84% willing to recommend
Tines
Read 1 Tines review
  • 1,343 Views
  • 1,193 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Feb 18, 2024

We compared Splunk SOAR and Tines based on our user reviews across 4 parameters. After reading all of the collected data, you can find our conclusion below.

Splunk SOAR is praised for its competitive pricing, automation capabilities, orchestration functionality, and integration options with various security tools. Users appreciate the platform's reporting and analytics tools, customer service, and positive ROI. Tines is valued for its simplicity, flexibility, automation capabilities, integration options, affordability, and positive ROI. Users highlight the ease of use, customization options, and centralized workflows. Both products have areas for improvement, with Splunk SOAR needing enhancements in user interface, automation workflows, documentation, and integration capabilities, while Tines can improve in certain areas to meet user expectations and satisfaction levels.

Features: Splunk SOAR is praised for its strong automation, customization, and scalability capabilities, along with easy integration with Splunk products. Tines is highlighted for its user-friendly automation features and extensive integrations library, but it may be challenging for new users to learn and could be costly for smaller teams.

Pricing and ROI: Splunk SOAR's setup cost has been deemed reasonable and competitive, with flexible licensing options. In contrast, Tines is lauded for its affordability, straightforward setup process, fair licensing terms, making it an attractive option for users looking for cost-effective solutions. Splunk SOAR's ROI is driven by streamlined operations, reduced response times, and robust automation. Tines' ROI focuses on increased productivity, efficiency, and customizable features for improved outcomes.

Room for Improvement: Splunk SOAR has room for improvement in enhancing user interface, automation workflows, documentation, and integrating third-party tools. Tines could benefit from enhancements to meet user expectations and satisfaction levels.

Deployment and Customer Support: Splunk SOAR's setup process has mixed feedback regarding its complexity and time frame, which can take anywhere from hours to months. Tines stands out for its speedy and straightforward deployment, intuitive interface, and streamlined workflow configuration. While opinions vary on Splunk SOAR's customer service, with some experiencing challenges, Tines is known for providing swift and comprehensive responses, as well as going the extra mile to address issues.

The summary above is based on 24 interviews we conducted recently with Splunk SOAR and Tines users. To access the review's full transcripts, download our report.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Security Orchestration Automation and Response (SOAR) Report (Updated: June 2024).
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
June 2024
Download the complete report
Helped 787,817 peers since 2012
 

Categories and Ranking

Microsoft Sentinel
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
1st
Average Rating
8.2
Number of Reviews
86
Ranking in other categories
Security Information and Event Management (SIEM) (2nd), Microsoft Security Suite (5th)
Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.0
Number of Reviews
35
Ranking in other categories
No ranking in other categories
Tines
Ranking in Security Orchestration Automation and Response (SOAR)
17th
Average Rating
8.0
Number of Reviews
1
Ranking in other categories
Vulnerability Management (36th), Threat Intelligence Platforms (25th), Endpoint Detection and Response (EDR) (51st)
 

Mindshare comparison

As of June 2024, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Microsoft Sentinel is 20.2%, up from 17.6% compared to the previous year. The mindshare of Splunk SOAR is 8.1%, down from 10.7% compared to the previous year. The mindshare of Tines is 5.8%, up from 5.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
Unique Categories:
Security Information and Event Management (SIEM)
13.7%
Microsoft Security Suite
5.3%
No other categories found
Vulnerability Management
0.2%
 

Featured Reviews

HS
Nov 10, 2023
It's a plug-and-play solution, so you can start seeing benefits quickly using the out-of-the-box analytics rules and use cases
The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage. Sentinel's AI and automation capabilities make our SOC team's job easy. When logs come into Sentinel, the AI engine analyzes, contextualizes, and correlates them. The AI is correlating the data from multiple log sources and giving us alerts. We depend on that. We also perform automated remediation based on our SOAR playbooks.
Read full review
Volodymyr-Savov - PeerSpot reviewer
Feb 2, 2024
Is user-friendly, integrates well, and is stable
Splunk SOAR streamlines the handling of common customer scenarios that arise across diverse situations. Even when specific expertise within our team varies, Splunk SOAR empowers all users with pre-built playbooks, guiding them through the required actions in any circumstance Splunk SOAR's UI is…
Read full review
MR
May 20, 2024
Vendor-neutral, increases response time, and enables to reduce staff by 30%
I run a security operation center. We used the solution for alert detection. We evaluated it for managed detection and response It was helpful to get additional data to the analysts without having them do manual work. The tool was vendor-neutral. We liked that a lot. Tines was a little bit more…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"We have no complaints about the features or functionality."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The automation feature is valuable."
"The product can integrate with any device."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
More Microsoft Sentinel pros
"It helps increase efficiency and productivity."
"Workflow management is most valuable. It is easily customizable"
"The automation part of the product is great."
"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."
"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"Very flexible integration with other tools"
"I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful."
More Splunk SOAR pros
"The tool was vendor-neutral."
 

Cons

"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"There is room for improvement in entity behavior and the integration site."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"I think the number one area of improvement for Sentinel would be the cost."
More Microsoft Sentinel cons
"The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
"Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient."
"And most of the challenges that I have faced with the solution can be found in the documentation itself."
"The technical support for the Splunk SIEM solution was average."
"Various aspects of the playbook development process itself can be optimized."
More Splunk SOAR cons
"Tines was a little bit more expensive than Torq."
 

Pricing and Cost Advice

"We are charged based on the amount of data used, which can become expensive."
"It's costly to maintain and renew."
"Cost-wise, Sentinel is based on the volume of information being ingested, so it can be quite pricey. The ability to use strategies to control what data is being ingested is important."
"The pricing is reasonable, and we think Sentinel is worth what we pay for it."
"Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
"Sentinel is costly."
"From a cost point of view, it is not a cheap product. It's, like, an enterprise-level application. So if you compare it with a low-level application, it's expensive, but if you compare it with the same-level application, it's pretty much cost-effective, I think."
"Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
More Microsoft Sentinel pricing and cost advice
"I don't know the exact price, but for my region, it is very expensive."
"The licensing cost is reasonable."
"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."
"It's very overpriced because it is based on the number of users. There is no bulk licensing."
"Splunk SOAR is more expensive compared to other options for SOAR."
"Splunk SOAR is an expensive solution for an organization of our size."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
"The tool is not cheap."
More Splunk SOAR pricing and cost advice
Information not available
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
See recommendations
787,817 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Government
9%
Manufacturing Company
7%
Computer Software Company
15%
Financial Services Firm
14%
Manufacturing Company
10%
Government
10%
Computer Software Company
18%
Financial Services Firm
12%
Government
8%
Educational Organization
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel an...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...
See all answers
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
See all answers
What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
See all answers
What is your experience regarding pricing and costs for Splunk Phantom?
The cost is high and the licensing is on an annual basis.
See all answers
What needs improvement with Splunk Phantom?
The tool's response is slower because it has to search through a huge dataset, which can be improved for latency.
See all answers
What needs improvement with Tines?
Tines was a little bit more expensive than Torq.
See all answers
What is your primary use case for Tines?
I run a security operation center. We used the solution for alert detection. We evaluated it for managed detection an...
See all answers
What advice do you have for others considering Tines?
I will recommend the product to others. Overall, I rate the solution an eight out of ten.
See all answers
 

Comparisons

AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
Compared 17% of the time
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Compared 12% of the time
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Compared 6% of the time
Splunk Enterprise Security vs Microsoft Sentinel Logo
Splunk Enterprise Security vs Microsoft Sentinel
Compared 5% of the time
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Compared 5% of the time
More Microsoft Sentinel Competitors
Palo Alto Networks Cortex XSOAR vs Splunk SOAR Logo
Palo Alto Networks Cortex XSOAR vs Splunk SOAR
Compared 24% of the time
Cortex XSIAM vs Splunk SOAR Logo
Cortex XSIAM vs Splunk SOAR
Compared 18% of the time
ServiceNow Security Operations vs Splunk SOAR Logo
ServiceNow Security Operations vs Splunk SOAR
Compared 8% of the time
Torq vs Splunk SOAR Logo
Torq vs Splunk SOAR
Compared 7% of the time
Siemplify vs Splunk SOAR Logo
Siemplify vs Splunk SOAR
Compared 3% of the time
More Splunk SOAR Competitors
Torq vs Tines Logo
Torq vs Tines
Compared 52% of the time
Palo Alto Networks Cortex XSOAR vs Tines Logo
Palo Alto Networks Cortex XSOAR vs Tines
Compared 20% of the time
Swimlane vs Tines Logo
Swimlane vs Tines
Compared 7% of the time
ServiceNow Security Operations vs Tines Logo
ServiceNow Security Operations vs Tines
Compared 3% of the time
More Tines Competitors
 

Product Reports

Buyer's Guide
Microsoft Sentinel
June 2024
Microsoft Sentinel reportDownload Microsoft Sentinel product report
Buyer's Guide
Splunk SOAR
May 2024
Splunk SOAR reportDownload Splunk SOAR product report
Buyer's Guide
Vulnerability Management
June 2024
Tines reportDownload Tines product report
 

Also Known As

Azure Sentinel
Phantom
No data available
 

Learn More

Microsoft
Splunk
Tines
 

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Tines helps the world's most security-conscious companies automate their repetitive workflows. With a laser-focus on automation, Tines is powerful, flexible, and robust enough to run all of the security team’s critical workflows.

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Recorded Future, Blackstone
Information Not Available
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
June 2024
Download Free Report
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: June 2024.
DOWNLOAD NOW
787,817 professionals have used our research since 2012.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.