We performed a comparison between Splunk SOAR and Trellix Helix based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"It's pretty powerful and its performance is pretty good."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."
"So far, the interface is very easy to use."
"The customization continues to be excellent."
"It helps increase efficiency and productivity."
"I'm just a beginner on the solution and it's pretty easy for me to use."
"When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"The most valuable features include predefined use cases and threatening states."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"The cost of Splunk SOAR has room for improvement."
"In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration."
"The scalability could be better."
"The technical support for the Splunk SIEM solution was average."
"Some of the training materials are on a basic level."
"There is a lot of room for improvement with the UI."
"It should have more cloud connectors. It could also be cheaper."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"Integrations could be improved, and the dashboard could be a little better."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews while Trellix Helix is ranked 32nd in Security Information and Event Management (SIEM) with 7 reviews. Splunk SOAR is rated 8.0, while Trellix Helix is rated 8.6. The top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Fortinet FortiSOAR, whereas Trellix Helix is most compared with LogRhythm SIEM, Splunk Enterprise Security, Trellix ESM, IBM Security QRadar and USM Anywhere.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
