We performed a comparison between DFLabs IncMan SOAR and ThreatQ based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The product can integrate with any device."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"Free ingestion for Azure logs (with E5 licence)"
"The vendors themselves will actually help with any customizations a client may require"
"The reporting services are great. With reporting services, if you have customers that just visit a URL you can see the result - including why it's blocked and how and how the URL was first recognized as malicious."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"I would like to be able to monitor applications outside of the Azure Cloud."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"There is room for improvement in entity behavior and the integration site."
"The support is not 24/7."
"The solution should be simpler for the end-user in terms of reporting and navigating the product."
Earn 20 points
Earn 20 points
DFLabs IncMan SOAR is ranked 27th in Security Orchestration Automation and Response (SOAR) while ThreatQ is ranked 25th in Security Orchestration Automation and Response (SOAR). DFLabs IncMan SOAR is rated 0.0, while ThreatQ is rated 7.0. The top reviewer of DFLabs IncMan SOAR writes "Protects an organization from the threat of a data breach or cyberattack". On the other hand, the top reviewer of ThreatQ writes "Good reporting and pretty stable but needs to be simpler to use". DFLabs IncMan SOAR is most compared with IBM Resilient and Palo Alto Networks Cortex XSOAR, whereas ThreatQ is most compared with ThreatConnect Threat Intelligence Platform (TIP), Anomali ThreatStream, Recorded Future, Palo Alto Networks Cortex XSOAR and CrowdStrike Falcon.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.