We performed a comparison between Splunk SOAR and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The UI of Sentinel is very good and easy to use, even for beginners."
"Free ingestion for Azure logs (with E5 licence)"
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"So far, the interface is very easy to use."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"Scalability is the best feature of the solution."
"The customizable playbook is the most valuable aspect of the solution."
"The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable."
"It helps increase efficiency and productivity."
"Technical support is helpful."
"I'm just a beginner on the solution and it's pretty easy for me to use."
"Threat hunting is the most valuable feature of VMware Carbon Black Cloud."
"The most valuable features are its lightweight design, ensuring minimal impact on end-users, and its real-time protection."
"The solution does very well as a baseline EDR and provides good process-level management."
"Setting up and managing the setup for this solution is okay. It is stable, scalable, and it runs just fine. No issues with technical support."
"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts."
"They're highly stable in comparison with other solutions I have."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The solution could be more user-friendly; some query languages are required to operate it."
"Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers."
"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."
"And most of the challenges that I have faced with the solution can be found in the documentation itself."
"The technical support for the Splunk SIEM solution was average."
"Splunk's support for integration is subpar and has room for improvement."
"Some of the training materials are on a basic level."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration."
"The product detects too many false positives initially and it could integrate better with other security solutions."
"Additionally, it is complex to use, and the pricing should be improved."
"Training and education for both partner and customer, including product marketing need to be improved."
"The solution's support could be improved."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"The solution can only handle about 500 bans or blocks."
"Setup is incredibly complex and poorly documented. Every time an upgrade was needed we would need to engage Professional Services for troubleshooting help. Certificates and web services proved to be the most significant sticking points. Since the product runs on a Linux platform, perhaps having staff with more Linux experience could have alleviated some difficulty."
"They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides..."
Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews while VMware Carbon Black Cloud is ranked 2nd in Security Incident Response with 18 reviews. Splunk SOAR is rated 8.0, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Cisco SecureX, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate and Palo Alto Networks Cortex XSOAR.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
