Try our new research platform with insights from 80,000+ expert users

Exabeam vs Splunk SOAR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Exabeam
Ranking in Security Orchestration Automation and Response (SOAR)
8th
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
18
Ranking in other categories
Security Information and Event Management (SIEM) (16th), User Entity Behavior Analytics (UEBA) (2nd), Security Incident Response (5th), Threat Intelligence Platforms (7th), AI-Powered Cybersecurity Platforms (9th)
Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
43
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of February 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Exabeam is 1.8%, down from 2.6% compared to the previous year. The mindshare of Splunk SOAR is 7.2%, down from 8.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Stephen-Armstrong - PeerSpot reviewer
The SIEM provides a user-friendly UI experience
When events come into the system, the dashboard categorizes them by the highest risk score, not when they appear on the system. When you've got multiple ongoing incidents you can only see the highest risk score at the top of the list rather than the most recent detection. Exabeam's reporting dashboard could have included a filtering option to filter by the most recent detection.
Shubham Sinha. - PeerSpot reviewer
Helped eliminate repetitive and redundant tasks, but custom functions and reporting need a lot of work
The visibility of the solution’s playbook viewer depends on the right you assign to the analyst. SOAR has the flexibility to distinguish between the roles of analyst and owner. If the analyst's role is to just work on a ticket, they cannot view the playbook design platform. That is limited to the owner. That can be both a good and bad thing. A major problem I have faced in SOAR's rights distribution is roles and responsibilities. Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch, just to amend the rights and responsibilities of one role. This bug was not fixed. Also, the latest GUI is terrible. The previous one was better. Another point is that while using Splunk SOAR in an investigation is not difficult, there are some complex parameters. We have SOAR case management, but the licensing is going to put a big hole in your pocket. Also, there is an issue with investigation node addition. When you are doing node additions you cannot grant the entire environment to have SOAR visibility into the incident. So when you integrate it with an ITSM tool, like ServiceNow or Jira for ticketing purposes, there is a challenge. When you do nodes for investigation on a regular basis, sometimes it does not update our ServiceNow platform, which is terrible. It is a redundant activity for an analyst to update that in the case management as well as in the ITSM tool. Although SOAR provides integration, the functionality of investigation and nodes is terrible when it comes to integration. An additional area for improvement is custom function creation. It's terrible. A newbie cannot create custom functions right away. They would require a solid understanding first. Also, the reporting is really awful. If I want to do a report for a customized time period, such as the last three days or the last four days, or from the 10th to the 12th of June, that is not available in SOAR at all. That kind of feature is available in Cortex XSOAR. Reporting is a real challenge.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The ThreatHunter in Advanced Analytics is the most valuable. It helps analyze compromised assets and provides analysis for any entity within my client's environment."
"The platform is not extremely expensive compared to its direct competitors; I would rate its pricing around six out of ten."
"It's a very user-friendly product and it's a very comprehensive technology."
"Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions."
"I have customers that like the EUBA functionality of it. The solution has the ability to build a session, basically. It pulls a lot of information together, for example, everything a user does in a specific timeframe. It's quite helpful."
"The solution's initial setup process is easy."
"The advanced analytics has a really great overview of user behavior."
"The setup is not difficult. It was easy."
"My understanding is the initial setup isn't too hard."
"Very flexible integration with other tools"
"Splunk integrates with so many products. It provides us with good information for us to be able to do our jobs."
"Technical support is helpful."
"Workflow management is most valuable. It is easily customizable"
"The customization continues to be excellent."
"The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools."
"Splunk SOAR's quick response to incidents is the most valuable part."
 

Cons

"The solution's reporting and dashboarding could be improved."
"Exabeam's reporting dashboard could have included a filtering option to filter by the most recent detection."
"Adding to the number of certifications that they have, for example, ISO 27001, would be helpful."
"Exabeam lacks customizable dashboards, which might be a limitation if visualization is a key requirement."
"The only problem is that the UI is not very impressive."
"One area for the solution's improvement is integration capabilities, particularly out-of-the-box integration which sometimes requires additional professional services."
"Exabeam should be a bit faster, especially in loading and vulnerability scanning."
"One area that needs improvement is interacting with Exabeam's API. There was a headache regarding the API; the documentation wasn't clear, and the syntax wasn't very precise."
"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks."
"The cost of Splunk SOAR has room for improvement."
"Providing Splunk app developers and playbook developers Python Stub files so that way when they create custom code through their IDE, they can have IntelliCode suggestions."
"The number of playbooks on offer should be increased."
"Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch.."
"They can improve on what they are currently doing. They can provide more playbooks or at least template playbooks that are in their repository."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"Splunk's support for integration is subpar and has room for improvement."
 

Pricing and Cost Advice

"Exabeam is not a cheap solution."
"There is an annual license required to use Exabeam Fusion SIEM. The price of the solution should be reduced."
"Exabeam Fusion SIEM's pricing is reasonable."
"They have a great model for pricing that can be based either on user count or gigabits per day."
"The platform is not extremely expensive compared to its direct competitors; I would rate its pricing around six out of ten."
"The solution is expensive."
"Splunk SOAR is an expensive solution for an organization of our size."
"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."
"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."
"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."
"The licensing cost is reasonable."
"I don't know the exact price, but for my region, it is very expensive."
"I found the price of Splunk SOAR to be good."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
838,640 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
12%
Manufacturing Company
9%
Healthcare Company
6%
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
11%
Government
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendlier GUI and are not licensed based on capacity (amount of logs and information in...
What do you like most about Exabeam Fusion SIEM?
The solution's initial setup process is easy.
What is your experience regarding pricing and costs for Exabeam Fusion SIEM?
I do not have much information about the pricing. However, I am aware that Exabeam is cheaper than Palo Alto based on discussions in meetings.
What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
What is your experience regarding pricing and costs for Splunk Phantom?
I rate Splunk SOAR two out of 10 for affordability. Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all ...
What needs improvement with Splunk Phantom?
The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginne...
 

Also Known As

No data available
Phantom
 

Overview

 

Sample Customers

Hulu, ADP, Safeway, BBCN Bank
Recorded Future, Blackstone
Find out what your peers are saying about Exabeam vs. Splunk SOAR and other solutions. Updated: January 2025.
838,640 professionals have used our research since 2012.