Splunk SOAR vs Tines comparison

Sponsored
Microsoft Sentinel
Read 86 Microsoft Sentinel reviews
  • 17,297 Views
  • 9,622 Comparison Views
92% willing to recommend
Splunk SOAR
Read 33 Splunk SOAR reviews
  • 6,452 Views
  • 3,805 Comparison Views
83% willing to recommend
Tines
Read 1 Tines review
  • 1,343 Views
  • 1,190 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Feb 18, 2024

We compared Splunk SOAR and Tines based on our user reviews across 4 parameters. After reading all of the collected data, you can find our conclusion below.

Splunk SOAR is praised for its competitive pricing, automation capabilities, orchestration functionality, and integration options with various security tools. Users appreciate the platform's reporting and analytics tools, customer service, and positive ROI. Tines is valued for its simplicity, flexibility, automation capabilities, integration options, affordability, and positive ROI. Users highlight the ease of use, customization options, and centralized workflows. Both products have areas for improvement, with Splunk SOAR needing enhancements in user interface, automation workflows, documentation, and integration capabilities, while Tines can improve in certain areas to meet user expectations and satisfaction levels.

Features: Splunk SOAR is praised for its strong automation, customization, and scalability capabilities, along with easy integration with Splunk products. Tines is highlighted for its user-friendly automation features and extensive integrations library, but it may be challenging for new users to learn and could be costly for smaller teams.

Pricing and ROI: Splunk SOAR's setup cost has been deemed reasonable and competitive, with flexible licensing options. In contrast, Tines is lauded for its affordability, straightforward setup process, fair licensing terms, making it an attractive option for users looking for cost-effective solutions. Splunk SOAR's ROI is driven by streamlined operations, reduced response times, and robust automation. Tines' ROI focuses on increased productivity, efficiency, and customizable features for improved outcomes.

Room for Improvement: Splunk SOAR has room for improvement in enhancing user interface, automation workflows, documentation, and integrating third-party tools. Tines could benefit from enhancements to meet user expectations and satisfaction levels.

Deployment and Customer Support: Splunk SOAR's setup process has mixed feedback regarding its complexity and time frame, which can take anywhere from hours to months. Tines stands out for its speedy and straightforward deployment, intuitive interface, and streamlined workflow configuration. While opinions vary on Splunk SOAR's customer service, with some experiencing challenges, Tines is known for providing swift and comprehensive responses, as well as going the extra mile to address issues.

The summary above is based on 24 interviews we conducted recently with Splunk SOAR and Tines users. To access the review's full transcripts, download our report.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Security Orchestration Automation and Response (SOAR) Report (Updated: May 2024).
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
May 2024
Download the complete report
Helped 787,061 peers since 2012
 

Categories and Ranking

Microsoft Sentinel
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
1st
Average Rating
8.2
Number of Reviews
86
Ranking in other categories
Security Information and Event Management (SIEM) (2nd), Microsoft Security Suite (5th)
Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.0
Number of Reviews
33
Ranking in other categories
No ranking in other categories
Tines
Ranking in Security Orchestration Automation and Response (SOAR)
17th
Average Rating
8.0
Number of Reviews
1
Ranking in other categories
Vulnerability Management (36th), Threat Intelligence Platforms (24th), Endpoint Detection and Response (EDR) (51st)
 

Market share comparison

As of June 2024, in the Security Orchestration Automation and Response (SOAR) category, the market share of Microsoft Sentinel is 20.3% and it increased by 15.1% compared to the previous year. The market share of Splunk SOAR is 8.1% and it decreased by 24.4% compared to the previous year. The market share of Tines is 5.8% and it increased by 14.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
Unique Categories:
Security Information and Event Management (SIEM)
13.7%
Microsoft Security Suite
5.3%
No other categories found
Vulnerability Management
0.3%
 

Featured Reviews

HS
Nov 10, 2023
It's a plug-and-play solution, so you can start seeing benefits quickly using the out-of-the-box analytics rules and use cases
The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage. Sentinel's AI and automation capabilities make our SOC team's job easy. When logs come into Sentinel, the AI engine analyzes, contextualizes, and correlates them. The AI is correlating the data from multiple log sources and giving us alerts. We depend on that. We also perform automated remediation based on our SOAR playbooks.
Read full review
SA
Jul 20, 2023
Has the ability to connect it to external apps
The ability to connect it to external apps is the most valuable feature. We've also gotten a lot of use from writing custom apps for some of our authentication systems for password scramble. Splunk's ability to predict, identify, and problem-solve in real time is really good. Splunk's ability to provide business resilience by empowering staff is fairly high. It detects issues as they come up and responds to them. We have seen time to value. I did help configure it, but we do have the cloud solution, so it was mostly in place. It has definitely helped to reduce our meantime to resolve. Having it there to automatically take action as events come in and not needing the analysts to have to go out and have a look is how it saved time.
Read full review
MR
May 20, 2024
Vendor-neutral, increases response time, and enables to reduce staff by 30%
I run a security operation center. We used the solution for alert detection. We evaluated it for managed detection and response It was helpful to get additional data to the analysts without having them do manual work. The tool was vendor-neutral. We liked that a lot. Tines was a little bit more…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The UI-based analytics are excellent."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
More Microsoft Sentinel pros
"I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work."
"Workflow management is most valuable. It is easily customizable"
"My understanding is the initial setup isn't too hard."
"The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point."
"The automation part of the product is great."
"It helps increase efficiency and productivity."
"Very flexible integration with other tools"
"The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me."
More Splunk SOAR pros
"The tool was vendor-neutral."
 

Cons

"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The AI capabilities must be improved."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"The only thing is sometimes you can have a false positive."
"Sentinel's reporting is complex and can be more user-friendly."
More Microsoft Sentinel cons
"The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."
"Splunk's support for integration is subpar and has room for improvement."
"have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning."
"Various aspects of the playbook development process itself can be optimized."
"The UI can be more customizable for the clients."
"There is a lot of room for improvement with the UI."
"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them."
More Splunk SOAR cons
"Tines was a little bit more expensive than Torq."
 

Pricing and Cost Advice

"The cost of Sentinel is high. It typically costs more than $100 for five to ten users of the licenses or subscriptions. It costs around $123 per day on the cloud. Small- to mid-sized organizations would need a dedicated budget to adopt this solution; however, the cost may not be an issue for large, enterprise-level organizations."
"It varies on a case-by-case basis. It is about $2,000 per month. The cost is very low in comparison to other SIEMs if you are already a Microsoft customer. If you are using the complete Microsoft stack, the cost reduces by almost 42% to 50%. Its cost depends on the number of logs and the type of subscription you have. You need to have an Azure subscription, and there are charges for log ingestion, and there are charges for the connectors."
"I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
"Currently, given our use case, the cost of Sentinel is justified, but it is expensive."
"Microsoft Sentinel is expensive."
"Sentinel is costly compared to other solutions, but it's fair. SIEM solutions like CrowdStrike charge based on daily log volume. They generally process a set number of logs for free before they start charging. Microsoft's pricing is clearer. It's free under five gigabytes. Some of these logs we ingest have a cost, so they don't hide it. I believe the tenant pays the price, and Microsoft helps create awareness of the cost."
"Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
"From a cost point of view, it is not a cheap product. It's, like, an enterprise-level application. So if you compare it with a low-level application, it's expensive, but if you compare it with the same-level application, it's pretty much cost-effective, I think."
More Microsoft Sentinel pricing and cost advice
"It's very overpriced because it is based on the number of users. There is no bulk licensing."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
"Splunk SOAR is an expensive solution for an organization of our size."
"The cost is high and the licensing is on an annual basis."
"The licensing cost is reasonable."
"I don't know the exact price, but for my region, it is very expensive."
"Splunk SOAR is more expensive compared to other options for SOAR."
"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
Information not available
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
See recommendations
787,061 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Government
9%
Manufacturing Company
7%
Financial Services Firm
14%
Computer Software Company
14%
Manufacturing Company
10%
Government
10%
Computer Software Company
18%
Financial Services Firm
12%
Government
8%
Educational Organization
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel an...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...
See all answers
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
See all answers
What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
See all answers
What is your experience regarding pricing and costs for Splunk Phantom?
The cost is high and the licensing is on an annual basis.
See all answers
What needs improvement with Splunk Phantom?
The tool's response is slower because it has to search through a huge dataset, which can be improved for latency.
See all answers
Ask a question
Earn 20 points
 

Comparisons

AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
Compared 17% of the time
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Compared 12% of the time
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Compared 6% of the time
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Compared 5% of the time
Microsoft Defender for Cloud vs Microsoft Sentinel Logo
Microsoft Defender for Cloud vs Microsoft Sentinel
Compared 5% of the time
More Microsoft Sentinel Competitors
Palo Alto Networks Cortex XSOAR vs Splunk SOAR Logo
Palo Alto Networks Cortex XSOAR vs Splunk SOAR
Compared 25% of the time
Cortex XSIAM vs Splunk SOAR Logo
Cortex XSIAM vs Splunk SOAR
Compared 18% of the time
ServiceNow Security Operations vs Splunk SOAR Logo
ServiceNow Security Operations vs Splunk SOAR
Compared 8% of the time
Torq vs Splunk SOAR Logo
Torq vs Splunk SOAR
Compared 7% of the time
Siemplify vs Splunk SOAR Logo
Siemplify vs Splunk SOAR
Compared 3% of the time
More Splunk SOAR Competitors
Torq vs Tines Logo
Torq vs Tines
Compared 51% of the time
Palo Alto Networks Cortex XSOAR vs Tines Logo
Palo Alto Networks Cortex XSOAR vs Tines
Compared 20% of the time
Swimlane vs Tines Logo
Swimlane vs Tines
Compared 7% of the time
ServiceNow Security Operations vs Tines Logo
ServiceNow Security Operations vs Tines
Compared 3% of the time
More Tines Competitors
 

Product Reports

Buyer's Guide
Microsoft Sentinel
May 2024
Microsoft Sentinel reportDownload Microsoft Sentinel product report
Buyer's Guide
Splunk SOAR
May 2024
Splunk SOAR reportDownload Splunk SOAR product report
Buyer's Guide
Vulnerability Management
June 2024
Tines reportDownload Tines product report
 

Also Known As

Azure Sentinel
Phantom
No data available
 

Learn More

Microsoft
Splunk
Tines
 

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Tines helps the world's most security-conscious companies automate their repetitive workflows. With a laser-focus on automation, Tines is powerful, flexible, and robust enough to run all of the security team’s critical workflows.

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Recorded Future, Blackstone
Information Not Available
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
May 2024
Download Free Report
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: May 2024.
DOWNLOAD NOW
787,061 professionals have used our research since 2012.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.