We performed a comparison between D3 Security and DFLabs IncMan SOAR based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The UI-based analytics are excellent."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"It has a lot of great features."
"It is an out-of-the-box automated integration with our 20 departments. We perform L1 LiveOps automatically through the portal."
"The vendors themselves will actually help with any customizations a client may require"
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"Reporting needs improvement. MTTR and MTTD metrics aren't directly available in playbooks and require manual effort to achieve."
"The support is not 24/7."
Earn 20 points
D3 Security is ranked 20th in Security Orchestration Automation and Response (SOAR) with 1 review while DFLabs IncMan SOAR is ranked 28th in Security Orchestration Automation and Response (SOAR). D3 Security is rated 8.0, while DFLabs IncMan SOAR is rated 0.0. The top reviewer of D3 Security writes "Offers open API for integrating any available tools without any recurring costs". On the other hand, the top reviewer of DFLabs IncMan SOAR writes "Protects an organization from the threat of a data breach or cyberattack". D3 Security is most compared with Palo Alto Networks Cortex XSOAR, Fortinet FortiSOAR and Splunk SOAR, whereas DFLabs IncMan SOAR is most compared with IBM Resilient and Palo Alto Networks Cortex XSOAR.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
