We performed a comparison between IBM Resilient and Splunk SOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"It's pretty powerful and its performance is pretty good."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The machine learning and artificial intelligence on offer are great."
"The solution is reliable in our usage."
"The UBA, User Behavior Analytics, is very good."
"It's really simple and has a flexible interface."
"The initial setup of IBM Resilient is not that complex since my company already has a support license that we use internally. In general, the product's deployment phase is not that complex."
"It is a stable solution...It is a scalable solution."
"The most valuable features of IBM Resilient are its flexibility and customization options for incident response."
"IBM Resilient is scalable."
"The most valuable thing about it is how easy it is to navigate the user interface."
"Technical support is helpful."
"It's pretty easy when it comes to setting up assets. If you want to fetch emails or call a REST API, you can set up an asset and grab that information."
"The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable."
"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."
"When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved."
"The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me."
"The product’s integration with other Splunk products is valuable."
"The most valuable feature is the risk-based access control."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"The product can be improved by reducing the cost to use AI machine learning."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution."
"This product could be improved with better customization. This product isn't the best on the market like QRadar, but it's actually a good solution. However, some competitors' solutions contain more integration, support, automation, or flexibility."
"The product needs a bit more development."
"What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products."
"The response time of the support is an area of concern where improvements are required."
"The implementation could be a bit simpler."
"The ability to analyze incidents needs to be improved in the solution."
"Its price needs improvement."
"We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them."
"There is a lot of room for improvement with the UI."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"The scalability could be better."
"The technical support for the Splunk SIEM solution was average."
"I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region."
"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
IBM Resilient is ranked 7th in Security Orchestration Automation and Response (SOAR) with 17 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. IBM Resilient is rated 7.6, while Splunk SOAR is rated 8.0. The top reviewer of IBM Resilient writes "Simple deployment, scalable, but lacking third-party solution compatibility ". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". IBM Resilient is most compared with Palo Alto Networks Cortex XSOAR, ServiceNow Security Operations, Fortinet FortiSOAR, IBM Cloud Pak for Security and IBM Security QRadar, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Cisco SecureX. See our IBM Resilient vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.