TrustRadius

Microsoft Sentinel vs. Splunk SOAR

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Microsoft Sentinel
Score 8.4 out of 10
N/A
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
$2.46
per GB ingested
Splunk SOAR
Score 8.3 out of 10
N/A
Splunk now offers a security orchestration, automation, and response (SOAR) platform via its acquisition of Phantom. Splunk Security Orchestration and Automation (Splunk SOAR) provides playbook automation and is available as a standalone solution.N/A
Pricing
Microsoft SentinelSplunk SOAR
Editions & Modules
Azure Sentinel
$2.46
per GB ingested
100 GB per day
$123.00
per day
200 GB per day
$221.40
per day
300 GB per day
$319.80
per day
400 GB per day
$410.00
per day
500 GB per day
$492.00
per day
More than 500 GB per day
$492.00 + $98.40
per day/plus each additional 100 GB increment
No answers on this topic
Offerings
Pricing Offerings
Microsoft SentinelSplunk SOAR
Free Trial
YesNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
Microsoft SentinelSplunk SOAR
Top Pros

No answers on this topic

Top Cons

No answers on this topic

Features
Microsoft SentinelSplunk SOAR
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Microsoft Sentinel
8.4
14 Ratings
7% above category average
Splunk SOAR
-
Ratings
Centralized event and log data collection8.614 Ratings00 Ratings
Correlation8.414 Ratings00 Ratings
Event and log normalization/management8.214 Ratings00 Ratings
Deployment flexibility9.213 Ratings00 Ratings
Integration with Identity and Access Management Tools8.513 Ratings00 Ratings
Custom dashboards and workspaces7.414 Ratings00 Ratings
Host and network-based intrusion detection7.613 Ratings00 Ratings
Data integration/API management8.214 Ratings00 Ratings
Behavioral analytics and baselining8.712 Ratings00 Ratings
Rules-based and algorithmic detection thresholds8.513 Ratings00 Ratings
Response orchestration and automation8.414 Ratings00 Ratings
Reporting and compliance management9.04 Ratings00 Ratings
Incident indexing/searching8.614 Ratings00 Ratings
Best Alternatives
Microsoft SentinelSplunk SOAR
Small Businesses
AlienVault USM
AlienVault USM
Score 8.0 out of 10

No answers on this topic

Medium-sized Companies
Splunk Enterprise
Splunk Enterprise
Score 8.4 out of 10
Qualys TruRisk Platform
Qualys TruRisk Platform
Score 8.3 out of 10
Enterprises
Splunk Enterprise
Splunk Enterprise
Score 8.4 out of 10
Palo Alto Networks Cortex XSOAR
Palo Alto Networks Cortex XSOAR
Score 8.5 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Microsoft SentinelSplunk SOAR
Likelihood to Recommend
8.6
(21 ratings)
8.6
(40 ratings)
Likelihood to Renew
-
(0 ratings)
8.1
(3 ratings)
Usability
7.3
(4 ratings)
8.2
(1 ratings)
Performance
-
(0 ratings)
8.9
(40 ratings)
Support Rating
8.0
(3 ratings)
8.2
(1 ratings)
Online Training
-
(0 ratings)
8.2
(1 ratings)
Implementation Rating
-
(0 ratings)
8.2
(1 ratings)
Configurability
-
(0 ratings)
8.2
(1 ratings)
Product Scalability
-
(0 ratings)
8.2
(1 ratings)
Professional Services
5.0
(1 ratings)
-
(0 ratings)
User Testimonials
Microsoft SentinelSplunk SOAR
Likelihood to Recommend
Microsoft
Sentinel is the best "cloud-native" in the market yet, so if the organization has a cloud presence (which almost everyone has) then Sentinel is the right choice for having a single pane of glass for all your security monitoring needs. Sentinel is a very good tool for log analysis and event management purposes as well. With KQL and ASIM parsers, organizations can retrieve invaluable insights even from the most complex data. And of course, Sentinel is a great choice for automating the incident response process to a very good extent.
Yash Mudaliar | TrustRadius Reviewer
Yash Mudaliar
Associate Lead Security Admin
Read full review
Splunk
Our company has very complex and dynamic security operations because of the large number of security tools and systems that we need to manage and coordinate. Moreover, it helps us to meet many regulatory and compliance requirements because it helps us to automate and document our security operations. We also use it to streamline our security operations and improve our response to potential threats.
PK
Priya Kumar
Security Engineer
Read full review
Pros
Microsoft
  • It has a native integration with all Microsoft products, from Entra to Azure, Microsoft 365
  • Being built upon native Azure functionality benefits in automation and infrastructual solutions
  • The KQL language is relatively easy to learn and powerful.
  • Microsoft is listening very careful to the customers and develops new functionality at a fast pace
Verified User
Anonymous
Read full review
Splunk
  • Its security orchestration and integration capability that supports multiple tools.
  • Easy coding that automates our security actions.
  • Enables us to easily collaborate and respond to security issues faster.
  • Splunk SOAR is a flexible product that is easy to deploy.
  • Efficient tracking and monitoring capability.
  • Excellent real-time reporting functionality.
Angelica Cavalli | TrustRadius Reviewer
Angelica Cavalli
Senior Software Engineer
Read full review
Cons
Microsoft
  • It takes some time to learn how to use and install it properly, and it does not connect effectively with external PaaS systems such as Salesforce CRM, Salesforce Commerce Cloud, and so on.
  • Microsoft can simplify the display of the logs to make them easier to study, and the user interface occasionally delays, which can also be enhanced.
Glenn H. Miller | TrustRadius Reviewer
Glenn H. Miller
Chief Engineer
Read full review
Splunk
  • A lack of instruction It can be difficult to contact the support staff. Limited experience from current users.
  • It takes some effort to set up and learn new technology at first. More assistance is required from the support staff. The product's price needs to go down.
  • Cost of the larger version.
Pavan sreevatsav Akula | TrustRadius Reviewer
Pavan sreevatsav Akula
Cybersecurity Analyst
Read full review
Likelihood to Renew
Microsoft
No answers on this topic
Splunk
As we already have a lot of clients being catered with Splunk SOAR and because Splunk SOAR is robust and efficient, we are already using it, and we have understood the product to a certain extent, I feel we are personally more enticed to use and scale it to a lot of business.
Gaurav S | TrustRadius Reviewer
Gaurav S
Senior Security Specialist
Read full review
Usability
Microsoft
The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
Flavio Pereira | TrustRadius Reviewer
Flavio Pereira
Analista de sistemas
Read full review
Splunk
Not immediate: it always requires a training.
Giuseppe Cusello | TrustRadius Reviewer
Giuseppe Cusello
GRC Director
Read full review
Performance
Microsoft
No answers on this topic
Splunk
We are able to automate almost every one of our use cases, even our threat-hunting, and threat intel procedures. We have 20+ playbooks and cover almost everything, even searching logs into Splunk, looking into TIP and external systems, enrichment, and collecting evidence for analysts; it can perform concurrent playbooks running.
Muhammed Ali CETİN | TrustRadius Reviewer
Muhammed Ali CETİN
senior Security Engineer
Read full review
Support Rating
Microsoft
Azure Sentinel is very easy to use and configure. If you are stuck somewhere, Microsoft support is excellent in assisting and solving your issue.
Verified User
Anonymous
Read full review
Splunk
Splunk Support is always great! In addition the Community is very efficient and active.
Giuseppe Cusello | TrustRadius Reviewer
Giuseppe Cusello
GRC Director
Read full review
In-Person Training
Microsoft
No answers on this topic
Splunk
I never followed an in-person training, I gave my evaluation based on the online training
Giuseppe Cusello | TrustRadius Reviewer
Giuseppe Cusello
GRC Director
Read full review
Online Training
Microsoft
No answers on this topic
Splunk
I followed training for Phantom admins and it opened a world for me
Giuseppe Cusello | TrustRadius Reviewer
Giuseppe Cusello
GRC Director
Read full review
Implementation Rating
Microsoft
No answers on this topic
Splunk
I already said that the main key insight is the knowledge of Phantom, so a detailed training for all the people involeved.
Giuseppe Cusello | TrustRadius Reviewer
Giuseppe Cusello
GRC Director
Read full review
Alternatives Considered
Microsoft
The key advantage of using Sentinel lies in Microsoft already being a renowned name in cloud services. Hence, the Collection of data at the cloud scale across all users, devices, applications, and infrastructure, both on-premises and especially in the MS Cloud, is super easy. Additionally, leveraging Threat Intel from Microsoft itself gives a sense of security, given their years of experience in the collection of intel. The AI and Machine learning features provided by MS is one of the finest.
Verified User
Anonymous
Read full review
Splunk
Splunk Phantom integrates well with Splunk ES and has many integrations. One thing that I liked about XSOAR as compared to Phantom is that it has an "app-store" where you can download not only app integrations (similar to Phantom) but Playbooks and dashboards as well.
Verified User
Anonymous
Read full review
Scalability
Microsoft
No answers on this topic
Splunk
me and the customers I encountered found it flexible and scalable
Giuseppe Cusello | TrustRadius Reviewer
Giuseppe Cusello
GRC Director
Read full review
Professional Services
Microsoft
Did not use professional services
MB
Michael Bobo
IT Director
Read full review
Splunk
No answers on this topic
Return on Investment
Microsoft
  • Microsoft Sentinel is a good investment, especially when sided with other solutions such as Microsoft 365 Defender, as it provides 360° protection on every level of the infrastructure.
  • When deployed on infrastructures that have never had an SIEM, Microsoft Sentinel helps to assess vulnerabilities and misconfigurations.
  • As with any other SIEM, Microsoft Sentinel basically eliminates the need to put effort into every single platform (like EDR, NDR, XDR) and converge that effort on a single product that correlates and orchestrates the rest.
Verified User
Anonymous
Read full review
Splunk
  • The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable
  • Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task
Verified User
Anonymous
Read full review
ScreenShots

Microsoft Sentinel Screenshots

Screenshot of Screenshot of Screenshot of Microsoft Sentinel Capabilities