Exabeam vs Splunk SOAR comparison

Sponsored
Microsoft Sentinel
Read 87 Microsoft Sentinel reviews
  • 16,806 Views
  • 9,333 Comparison Views
93% willing to recommend
Exabeam
Read 10 Exabeam reviews
  • 2,700 Views
  • 1,294 Comparison Views
80% willing to recommend
Splunk SOAR
Read 37 Splunk SOAR reviews
  • 6,310 Views
  • 3,702 Comparison Views
85% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Exabeam and Splunk SOAR based on real PeerSpot user reviews.

Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Exabeam vs. Splunk SOAR Report (Updated: May 2024).
Buyer's Guide
Exabeam vs. Splunk SOAR
May 2024
Download the complete report
Helped 790,637 peers since 2012
 

Categories and Ranking

Microsoft Sentinel
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
1st
Average Rating
8.2
Number of Reviews
87
Ranking in other categories
Security Information and Event Management (SIEM) (2nd), Microsoft Security Suite (5th)
Exabeam
Ranking in Security Orchestration Automation and Response (SOAR)
13th
Average Rating
8.0
Number of Reviews
10
Ranking in other categories
Security Information and Event Management (SIEM) (28th), User Entity Behavior Analytics (UEBA) (5th), Security Incident Response (7th), Threat Intelligence Platforms (21st), AI-Powered Cybersecurity Platforms (4th)
Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.0
Number of Reviews
37
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2024, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Microsoft Sentinel is 22.4%, up from 20.0% compared to the previous year. The mindshare of Exabeam is 1.6%, down from 2.4% compared to the previous year. The mindshare of Splunk SOAR is 7.9%, down from 10.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
Unique Categories:
Security Information and Event Management (SIEM)
11.8%
Microsoft Security Suite
5.5%
User Entity Behavior Analytics (UEBA)
5.0%
No other categories found
 

Featured Reviews

Sachin Paul - PeerSpot reviewer
Dec 11, 2023
Makes data integration very easy for our SOC
It enables data integration within our hybrid, multi-cloud environment, and it makes this data integration very easy for our security operations center. Sentinel has helped improve our visibility into user and network behavior. It helps in identifying risky users, creating a watch list for specific users and their activities, which is very important. It has also been saving us time. It's a complete cloud-based solution, so there is no time wasted on setting up servers, infrastructure, et cetera. It also reduces the work involved in event investigation because it puts together detection logic through detection rules. That helps in automating incident identification.
Read full review
AYOUB ECH-CHKAF - PeerSpot reviewer
Jul 10, 2023
An easy-to-use solution, but its data lake features could be simple to understand
We use the solution to investigate incidents and create rules for use cases The solution provides an easy-to-use platform to create rules for use cases. The solution's data lake features could be easier to understand for end users. They should also provide detailed information about detecting…
Read full review
VG
May 8, 2024
Customized workflows, easy to onboard, and lots of time savings
A major use case for my customer was dealing with DDoS attacks. The customer is in the BFSI industry. The major issue for them was people trying to get access to customer accounts by logging in or generating OTPs from different locations. They wanted to limit access to OTPs and logins from particular geographies because 95% of their customer base is from an Asia-Pacific country. They were able to do that and solve that issue. They were also able to reduce the cost of customer care because when a customer gets a message about an OTP for a withdrawal, they tend to call customer care. Instead of generating an OTP, they created a workflow to avoid generating an OTP when it is requested from other geographies. They developed a workflow to make a call to the customer and confirm if they have requested the OTP for money withdrawal. In our geography, rules are becoming stricter and stricter, and banks are held responsible for such cases. The customer was able to meet the requirements of the government. They were also able to save money and reduce operational costs. They could save 75% of operational costs. I have used the solution's playbooks and the visual playbook editor to help automate tasks. I am a technical person, so it is easy for me to use the playbooks and visual playbook editor. I also write playbooks at the code level. Spunk SOAR has saved us time in alert triage. Spunk SOAR has saved time in threat response. They were able to stop 75% of the cases of sending OTPs to the wrong people. Spunk SOAR's automation helped reduce tedious manual tasks. Based on the input that I got for the first two quarters, there was somewhere about a 75% reduction.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The automation feature is valuable."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The Log analytics are useful."
"The UI-based analytics are excellent."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
More Microsoft Sentinel pros
"The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface."
"I have customers that like the EUBA functionality of it. The solution has the ability to build a session, basically. It pulls a lot of information together, for example, everything a user does in a specific timeframe. It's quite helpful."
"The setup is not difficult. It was easy."
"The user interface and the timelines they use are the most valuable features. The price model is very simple so that one can understand it easily and there are no surprises within it."
"The solution's initial setup process is easy."
"Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions."
"It's a very user-friendly product and it's a very comprehensive technology."
"The advanced analytics has a really great overview of user behavior."
More Exabeam pros
"Very flexible integration with other tools"
"The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable."
"My understanding is the initial setup isn't too hard."
"Surprisingly, the mobile app is valuable because it is very convenient for our on-call analysts to respond and get alerted to security alerts and events wherever they are. We are able to harness the power of Splunk SOAR and everything that we are doing, and we are also able to alert our on-call analysts 24/7. From their mobile phone, they can respond to those alerts."
"The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time."
"Workflow management is most valuable. It is easily customizable"
"Splunk SOAR's quick response to incidents is the most valuable part."
"The most valuable feature is the risk-based access control."
More Splunk SOAR pros
 

Cons

"The solution could improve the playbooks."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
More Microsoft Sentinel cons
"They should provide detailed information about detecting phishing emails."
"We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with."
"The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward."
"Adding to the number of certifications that they have, for example, ISO 27001, would be helpful."
"They need to focus on more of the MITRE ATT&CK Framework and coverage. They claim they cover about 70 to 80%. I'm not sure if it's really quite that much, however."
"Updating the new release of Exabeam Fusion SIEM takes time and slows our performance."
"The organzation is rigid and not flexible in the way they operate"
"I believe if it were more flexible it would be a better product."
More Exabeam cons
"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks."
"Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much."
"The UI can be more customizable for the clients."
"And most of the challenges that I have faced with the solution can be found in the documentation itself."
"Portability is one thing that is currently lacking. The open-source product that I evaluated had portability. It would require a lot of development effort, but it will save the cost of rewriting all the playbooks."
"Splunk's support for integration is subpar and has room for improvement."
"Unfortunately, not all of our analysts are iPhone users or iOS users. The mobile app is only supported on iOS. Our analysts who have Android do not have that benefit. That would be a nice thing to have so that we can have it across the board and not just for iOS."
"Splunk SOAR should improve its ease of upgrade, which is a pain point for us right now."
More Splunk SOAR cons
 

Pricing and Cost Advice

"There are no additional costs other than the initial costs of Sentinel."
"In comparison to other security solutions, Microsoft Sentinel offers a reasonable price for the features included."
"The pay-as-you-go model is beneficial to customers."
"No license is required to make use of Sentinel, but you need to buy products to get the data. In general, the price of those products is comparable to similar products."
"Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
"Cost-wise, Sentinel is based on the volume of information being ingested, so it can be quite pricey. The ability to use strategies to control what data is being ingested is important."
"Microsoft Sentinel can be costly, particularly for data management."
"Sentinel is costly compared to other solutions, but it's fair. SIEM solutions like CrowdStrike charge based on daily log volume. They generally process a set number of logs for free before they start charging. Microsoft's pricing is clearer. It's free under five gigabytes. Some of these logs we ingest have a cost, so they don't hide it. I believe the tenant pays the price, and Microsoft helps create awareness of the cost."
More Microsoft Sentinel pricing and cost advice
"There is an annual license required to use Exabeam Fusion SIEM. The price of the solution should be reduced."
"The solution is expensive."
"Exabeam Fusion SIEM's pricing is reasonable."
"They have a great model for pricing that can be based either on user count or gigabits per day."
"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."
"I don't know the exact price, but for my region, it is very expensive."
"The tool is not cheap."
"Splunk SOAR is more expensive compared to other options for SOAR."
"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."
"The licensing cost is reasonable."
"The cost is high and the licensing is on an annual basis."
"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
More Splunk SOAR pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
See recommendations
790,637 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Government
9%
Manufacturing Company
8%
Computer Software Company
14%
Financial Services Firm
12%
Manufacturing Company
8%
Government
8%
Computer Software Company
15%
Financial Services Firm
15%
Manufacturing Company
11%
Government
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel an...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...
See all answers
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
See all answers
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendli...
See all answers
What do you like most about Exabeam Fusion SIEM?
The solution's initial setup process is easy.
See all answers
What is your experience regarding pricing and costs for Exabeam Fusion SIEM?
The solution is expensive.
See all answers
What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
See all answers
What is your experience regarding pricing and costs for Splunk Phantom?
Everything good comes with a price. The tool is not cheap. However, if we use it to its full potential, it will be be...
See all answers
What needs improvement with Splunk Phantom?
The solution must provide more AIOps to improve predictability.
See all answers
 

Comparisons

AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
Compared 17% of the time
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Compared 12% of the time
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Compared 6% of the time
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Compared 5% of the time
Microsoft Defender for Cloud vs Microsoft Sentinel Logo
Microsoft Defender for Cloud vs Microsoft Sentinel
Compared 5% of the time
More Microsoft Sentinel Competitors
IBM Security QRadar vs Exabeam Logo
IBM Security QRadar vs Exabeam
Compared 9% of the time
Splunk User Behavior Analytics vs Exabeam Logo
Splunk User Behavior Analytics vs Exabeam
Compared 9% of the time
Palo Alto Networks Cortex XSOAR vs Exabeam Logo
Palo Alto Networks Cortex XSOAR vs Exabeam
Compared 9% of the time
Splunk Enterprise Security vs Exabeam Logo
Splunk Enterprise Security vs Exabeam
Compared 8% of the time
ArcSight Intelligence vs Exabeam Logo
ArcSight Intelligence vs Exabeam
Compared 2% of the time
More Exabeam Competitors
Palo Alto Networks Cortex XSOAR vs Splunk SOAR Logo
Palo Alto Networks Cortex XSOAR vs Splunk SOAR
Compared 25% of the time
Cortex XSIAM vs Splunk SOAR Logo
Cortex XSIAM vs Splunk SOAR
Compared 21% of the time
ServiceNow Security Operations vs Splunk SOAR Logo
ServiceNow Security Operations vs Splunk SOAR
Compared 8% of the time
Swimlane vs Splunk SOAR Logo
Swimlane vs Splunk SOAR
Compared 7% of the time
More Splunk SOAR Competitors
 

Product Reports

Buyer's Guide
Microsoft Sentinel
June 2024
Microsoft Sentinel reportDownload Microsoft Sentinel product report
Buyer's Guide
Exabeam
June 2024
Exabeam reportDownload Exabeam product report
Buyer's Guide
Splunk SOAR
June 2024
Splunk SOAR reportDownload Splunk SOAR product report
 

Also Known As

Azure Sentinel
No data available
Phantom
 

Learn More

Microsoft
Exabeam
Splunk
 

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Exabeam Fusion is a cloud-delivered solution that that enables you to:

-Leverage turnkey threat detection, investigation, and response
-Collect, search and enhance data from anywhere
-Detect threats missed by other tools, using market-leading behavior analytics
-Achieve successful SecOps outcomes with prescriptive, threat-centric use case packages
-Enhance productivity and reduce response times with automation
-Meet regulatory compliance and audit requirements with ease

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Hulu, ADP, Safeway, BBCN Bank
Recorded Future, Blackstone
Buyer's Guide
Exabeam vs. Splunk SOAR
May 2024
Free Report: Exabeam vs. Splunk SOAR
Find out what your peers are saying about Exabeam vs. Splunk SOAR and other solutions. Updated: May 2024.
DOWNLOAD NOW
790,637 professionals have used our research since 2012.
See our Exabeam vs. Splunk SOAR report.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.