One of the disadvantages of Swimlane is that to manage the platform, we need hardcore developers. We have recently seen new products such as Tines and Blink Ops coming into the market, where a person with a good knowledge of APIs and JSON format can manage the platform and create playbooks. Even a security analyst can create some playbooks on those platforms. However, on Swimlane, it's difficult for security analysts since they must mandatorily know Python to create the playbooks. In terms of pricing, Swimlane is on the slightly expensive side. Swimlane is scalable in general, but there are some limitations. It involves maintenance overhead because you need a complete engineer who knows the product in and out to scale it for the on-prem environment, while in a SaaS model, it works without many problems. Installation can be quite complex, especially when we have to use Kubernetes, and if we need to create load balancing. In those situations, it requires a good engineer to deploy the platform. In relation to bugs, sometimes the enrichment playbook we have does not enrich the alert, resulting in missing details, so in those scenarios, the automation team has to manually run the playbook again. Improvements could be made in terms of quality, particularly.
Swimlane should enhance its integration features beyond the current task assignment, reaction, and persistence capabilities. It should support integrations with multiple signals or queues. Additionally, Swimlane's tight coupling with Appian standalone applications limits its scalability. It should be exposed so external clients can use it without needing a local setup. This would improve its dynamic adaptability and scalability.
I would prefer to have more colors added to represent different risks or notations, which can be used for the prioritization of risks and the significance of information.
There is a need for enhanced version control in Swimlane. Currently, our version does not support it, making it tough to move changes between environments during significant updates. Furthermore, despite being advertised as a no-code tool, it remains code-reliant, demanding users to build solutions through coding.
L2 SOC Analyst at a security firm with 11-50 employees
Real User
2023-07-12T15:41:10Z
Jul 12, 2023
We faced a lot of issues with the product’s stability. Sometimes we find bugs in the plug-ins. We experience some latency when we have a huge amount of data.
The stability of the solution has room for improvement. I would like Swimlane to provide a single space where we can go to code, build, and automate. Where we have a provision to create tables, playbooks, and tables to produce results, connect all the dots, and make the flow automated. This would make it much easier to navigate than having to jump to different places. I would like to have a single button to click that would start me on the journey of creating my own code from the ground up, from the workflow algorithm to the automation process. This would be simpler than what I had with Splunk Phantom, where I had to piece things together and connect the dots to get the full picture. With this new feature, I could create the full picture with just one button click.
Swimlane is a leader in security orchestration, automation and response (SOAR). By automating time-intensive, manual processes and operational workflows and delivering powerful, consolidated analytics, real time dashboards and reporting from across your security infrastructure, Swimlane maximizes the incident response capabilities of over-burdened and understaffed security operations.
Swimlane was founded to deliver scalable innovative and flexible security solutions to organizations...
One of the disadvantages of Swimlane is that to manage the platform, we need hardcore developers. We have recently seen new products such as Tines and Blink Ops coming into the market, where a person with a good knowledge of APIs and JSON format can manage the platform and create playbooks. Even a security analyst can create some playbooks on those platforms. However, on Swimlane, it's difficult for security analysts since they must mandatorily know Python to create the playbooks. In terms of pricing, Swimlane is on the slightly expensive side. Swimlane is scalable in general, but there are some limitations. It involves maintenance overhead because you need a complete engineer who knows the product in and out to scale it for the on-prem environment, while in a SaaS model, it works without many problems. Installation can be quite complex, especially when we have to use Kubernetes, and if we need to create load balancing. In those situations, it requires a good engineer to deploy the platform. In relation to bugs, sometimes the enrichment playbook we have does not enrich the alert, resulting in missing details, so in those scenarios, the automation team has to manually run the playbook again. Improvements could be made in terms of quality, particularly.
Swimlane should enhance its integration features beyond the current task assignment, reaction, and persistence capabilities. It should support integrations with multiple signals or queues. Additionally, Swimlane's tight coupling with Appian standalone applications limits its scalability. It should be exposed so external clients can use it without needing a local setup. This would improve its dynamic adaptability and scalability.
I would prefer to have more colors added to represent different risks or notations, which can be used for the prioritization of risks and the significance of information.
There is a need for enhanced version control in Swimlane. Currently, our version does not support it, making it tough to move changes between environments during significant updates. Furthermore, despite being advertised as a no-code tool, it remains code-reliant, demanding users to build solutions through coding.
We faced a lot of issues with the product’s stability. Sometimes we find bugs in the plug-ins. We experience some latency when we have a huge amount of data.
The stability of the solution has room for improvement. I would like Swimlane to provide a single space where we can go to code, build, and automate. Where we have a provision to create tables, playbooks, and tables to produce results, connect all the dots, and make the flow automated. This would make it much easier to navigate than having to jump to different places. I would like to have a single button to click that would start me on the journey of creating my own code from the ground up, from the workflow algorithm to the automation process. This would be simpler than what I had with Splunk Phantom, where I had to piece things together and connect the dots to get the full picture. With this new feature, I could create the full picture with just one button click.
The initial setup and deployment are complex.