We performed a comparison between Fortinet FortiSOAR and Splunk SOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The UI-based analytics are excellent."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"We have no complaints about the features or functionality."
"It has a quick detection and response time."
"The reputation of the brand is very good."
"It's great that the solution is integrated with FortiAnalyzer."
"The most valuable feature of Fortinet FortiSOAR is the number of available connectors and the simplicity to start to automate."
"We use the product for security."
"The solution is easy to implement and includes 450 built-in connectors."
"The initial setup is straightforward."
"The good news is that FortiSOAR is not hard to maintain. If you prepared well and deployed strong initially, then maintenance will take half an hour every other week, not more than that. A single person can do it."
"I'm just a beginner on the solution and it's pretty easy for me to use."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"The customization continues to be excellent."
"Splunk SOAR's quick response to incidents is the most valuable part."
"The customizable playbook is the most valuable aspect of the solution."
"So far, the interface is very easy to use."
"My understanding is the initial setup isn't too hard."
"The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools."
"The solution should allow for a streamlined CI/CD procedure."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Fortinet's tech support overall is not great when they are at their best."
"The technology and integrations are important so should continue to be enhanced."
"Technical support could be improved."
"Fortinet FortiSOAR should improve its analysis."
"Fortinet FortiSOAR's dashboard is not easy to understand."
"Fortinet FortiSOAR should add more documentation for some use cases."
"I don't currently see where the solution is lacking features. For us and for our clients it works very well and we're pleased with it."
"The UI design of the solution needs to be changed since it can get difficult for a newbie to operate."
"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"Splunk SOAR should improve its ease of upgrade, which is a pain point for us right now."
"The cost of Splunk SOAR has room for improvement."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."
"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks."
"The scalability could be better."
"Some of the training materials are on a basic level."
Fortinet FortiSOAR is ranked 10th in Security Orchestration Automation and Response (SOAR) with 11 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. Fortinet FortiSOAR is rated 7.4, while Splunk SOAR is rated 8.0. The top reviewer of Fortinet FortiSOAR writes "A stable solution that has a number of available connectors and is simple to automate". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". Fortinet FortiSOAR is most compared with Palo Alto Networks Cortex XSOAR, ServiceNow Security Operations, Swimlane, Cisco SecureX and D3 Security, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Tines and Cisco SecureX. See our Fortinet FortiSOAR vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.