CRITICALSTART vs Splunk SOAR comparison

You must select at least 2 products to compare!
Microsoft Logo
17,980 views|10,109 comparisons
92% willing to recommend
Critical Start Logo
347 views|130 comparisons
100% willing to recommend
Splunk Logo
6,753 views|4,009 comparisons
85% willing to recommend
Comparison Buyer's Guide
Executive Summary

We performed a comparison between CRITICALSTART and Splunk SOAR based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR).
To learn more, read our detailed Security Orchestration Automation and Response (SOAR) Report (Updated: April 2024).
768,246 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found.""Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it.""Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment.""The Log analytics are useful.""The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance.""The main benefit is the ease of integration.""The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it.""The machine learning and artificial intelligence on offer are great."

More Microsoft Sentinel Pros →

"From where we were prior to going into them, the service has increased our analysts’ efficiency to the point that they can focus on other areas of the business. It gives me the ability to allow analysts to do Level 3 and 4 work and stay out of the weeds of the alerts, where you tend to get alert fatigue. The service takes care of much of the Tier 1 and Tier 2 triage. It is more effective than what we had been used to, because it allows the filtering of Level 1 and Level 2 type alerts to be taken care of. This leaves less for us to handle, which is a good thing.""The new mobile app is awesome. It is one of the best I've ever seen. It's much better than its predecessor. It's more intuitive, a whole lot easier to navigate and get where you need to go. It's less repetitive and just generally easier to use. It allows me to not have to be sitting at my computer all the time. I can be on my phone or tablet or wherever I'm at. It makes it a lot easier to answer tickets and do that kind of thing.""There is a team of people who monitor our traffic and processes 24/7, so if anything raises a flag or alert, it will escalate back to me right away. That's the most incredible part: Humans working behind the scenes 24/7 to monitor our networks.""Their Zero Trust Analytics Platform (ZTAP) engine, which is kind of their correlation engine, is by far and away one of the best in the business. We can filter and utilize different lists to build out different alerts, such as, what to alert on and when not to alert. This engine helps reduce our number of alerts and false positives.""The quick interaction between the agents is the most valuable feature. If we have questions, they're quick to answer. If we make a change to our system, they quickly make the changes that are necessary to filter the logs correctly.""The most valuable feature of their service is their tuning... If we were getting 1,000 alerts a day without them, they tune it until they know what to do for 999 of them, and one will make it through to us per day. That tuning is the most valuable part of their solution.""Outside of using the platform to manage alerts, the feature of the service that we get the most value from is being able to reach out to them and say, "Hey, we might go buy a SIEM," for example. They give us their overview of what's out there, what they've dealt with, what they integrate with, and what that looks like. That's been pretty powerful over the years for us.""Customer service and their response are phenomenal. I would give their customer support a nine point five (out of 10). Our easy access to their SOC analyst, sales team, and leadership team instills confidence in me that they are there for us 24/7."


"The product’s integration with other Splunk products is valuable.""Our customers find it easy to conduct searches and consider it an excellent content management system.""The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable.""I like the integration capabilities of Phantom. It has a lot of integrations with other products. Its searching methodologies are also good. It is also easy to understand and easy to create playbooks.""The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need.""Scalability is the best feature of the solution.""I'm just a beginner on the solution and it's pretty easy for me to use.""The most valuable feature is the risk-based access control."

More Splunk SOAR Pros →

"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook.""The reporting could be more structured.""Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel.""It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more.""We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers.""The solution could be more user-friendly; some query languages are required to operate it.""They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work.""There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."

More Microsoft Sentinel Cons →

"They could dig a little bit deeper into the Splunk alerts when they feel like they need to be escalated to us. For example, if a locked account shows up, they could do a little extra digging to verify that the locked account was due to a bad password on the local system. They could just do a little extra digging within the Splunk environment instead of pushing it onto us to go do that extra little digging.""The UI has become slower but it's not something I would call them out on.""There is room for improvement with the new UI, and that's about it. I would like to see a more intuitive design.""During the six-month integration and rollout, there were some bumpy roads along the way. There were communication breakdowns between the project manager, CRITICALSTART leadership, and us (as the customer). I expressed my displeasure during the integration in their inability to effectively communicate when there were holdups or issues. They were going through some growing pains at that time, but they have been right there for us ever since.""The updated UI is actually pretty bad. Regarding the intuitiveness, it is fairly easy to use, but the responsiveness, on a scale of one to 10, is a one. It's really poor performance.""The only thing I can think of that I would like to see, and I'm sure they could work this into a service pretty easily, is not only alerts on issues that are affecting my company, but some threat intelligence of a general nature on what's out there in the environment. That might be a nice add-in.""In terms of responsiveness, when I open up an alert, sometimes it takes a bit of time to load. However, it only happened once or twice.""They just did a user interface overhaul to the website portal that you use for troubleshooting tickets. The old one was fine. The new one is not intuitive..."


"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations.""The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement.""We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them.""The number of playbooks on offer should be increased.""The algorithm and machine learning have room for improvement and can be more user-friendly.""We want to see improvements made to the APIs such that we can connect to many different systems and data sources.""The scalability could be better.""And most of the challenges that I have faced with the solution can be found in the documentation itself."

More Splunk SOAR Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
  • More Microsoft Sentinel Pricing and Cost Advice →

  • "There are contractual penalties if their SLAs are not met. This commitment was very important in our decision to go with this service, because not having downtime is extremely important to us. The providers has not missed an SLA in the 18 months that I have worked with them."
  • "I've told CRITICALSTART that I think the managed service they provide is cheaper than it should be. It's a really good deal."
  • "As far as the expense goes, it's very competitive pricing and the services you get are almost like you have a person on your team."
  • "It costs a lot for what we felt comfortable to spend."
  • "Overall, for what I'm paying for it, and the benefit I'm getting out of it, it is right where it needs to be, if not a little bit in my favor. For what it costs me to actually have this service, I could afford one internal person to do that job, but now I have a team of 10 or more who are doing that job, and they don't sleep because they work shifts."
  • "The pricing of other services was so insane that they weren't even an option."
  • "The pricing has always been competitive. They have always been good to us. They will make it a fight. They don't try to hide anything; it's always been fully transparent and well-worth what we pay for it."
  • More CRITICALSTART Pricing and Cost Advice →

  • "I don't know the exact price, but for my region, it is very expensive."
  • "In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
  • "It's very overpriced because it is based on the number of users. There is no bulk licensing."
  • "Splunk SOAR is more expensive compared to other options for SOAR."
  • "The licensing cost is reasonable."
  • "When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
  • "Splunk SOAR is an expensive solution for an organization of our size."
  • "The cost is high and the licensing is on an annual basis."
  • More Splunk SOAR Pricing and Cost Advice →

    Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
    768,246 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Ask a question

    Earn 20 points

    Top Answer:Splunk SOAR's quick response to incidents is the most valuable part.
    Top Answer:The cost is high and the licensing is on an annual basis.
    Top Answer:The cost of Splunk SOAR has room for improvement.
    Also Known As
    Azure Sentinel
    Critical Start, CriticalStart
    Learn More

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    The cybersecurity landscape is growing more complex by the day with the arrival of new threats and new tools supposedly designed for combating them. The problem is it’s all creating more noise and confusion for security professionals to sort through.

    CRITICALSTART is the only MDR provider committed to eliminating acceptable risk and leaving nothing to chance. They believe that companies should never have to settle for “good enough.” Their award-winning portfolio includes end-to-end Professional Services and Managed Detection and Response (MDR). CRITICALSTART MDR puts a stop to alert fatigue by leveraging the Zero Trust Analytics Platform (ZTAP) plus the industry-leading Trusted Behavior Registry, which eliminates false positives at scale by resolving known-good behaviors. Driven by 24x7x365 human-led, end-to-end monitoring, investigation and remediation of alerts, their on-the-go threat detection and response capabilities are enabled via a fully interactive MOBILESOC app.

    Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

    Go from overwhelmed to in-control

    Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

    Force multiply your team

    Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

    From 30 minutes to 30 seconds

    Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

    End-to-end security operations made easy

    Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Information Not Available
    Recorded Future, Blackstone
    Top Industries
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    Computer Software Company16%
    Financial Services Firm10%
    Manufacturing Company7%
    Energy/Utilities Company38%
    Financial Services Firm25%
    Logistics Company13%
    Hospitality Company13%
    Computer Software Company14%
    Financial Services Firm9%
    Energy/Utilities Company8%
    Healthcare Company7%
    Financial Services Firm38%
    Computer Software Company13%
    Comms Service Provider6%
    Financial Services Firm15%
    Computer Software Company14%
    Manufacturing Company9%
    Company Size
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    Small Business36%
    Midsize Enterprise27%
    Large Enterprise36%
    Small Business26%
    Midsize Enterprise13%
    Large Enterprise62%
    Small Business30%
    Midsize Enterprise20%
    Large Enterprise50%
    Small Business18%
    Midsize Enterprise13%
    Large Enterprise69%
    Buyer's Guide
    Security Orchestration Automation and Response (SOAR)
    April 2024
    Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: April 2024.
    768,246 professionals have used our research since 2012.

    CRITICALSTART is ranked 29th in Security Orchestration Automation and Response (SOAR) while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. CRITICALSTART is rated 9.4, while Splunk SOAR is rated 8.0. The top reviewer of CRITICALSTART writes "Offers the ability to close review tickets or alerts through a mobile phone and to interact with engineers on their side via the app". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". CRITICALSTART is most compared with Arctic Wolf Managed Detection and Response, BlueVoyant CORE, ReliaQuest GreyMatter, CrowdStrike Falcon Complete and Red Canary MDR, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Fortinet FortiSOAR.

    See our list of best Security Orchestration Automation and Response (SOAR) vendors.

    We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.