We performed a comparison between McAfee ePolicy Orchestrator and Splunk SOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The initial setup is very simple and straightforward."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"While Microsoft Sentinel provides a log of security events, its true power lies in its integration with Microsoft Defender."
"It is a highly scalable solution. Scalability-wise, I rate the solution a ten out of ten."
"The best part is management in McAfee ePolicy Orchestrator."
"We implemented data transfer protection, which allows transfer in one direction only. Users can copy from the PC to the USB but not from the USB to the PC. That way, if someone is carrying a virus on a USB, it will not be transferred to the PC."
"The central management console is the solution's most valuable aspect."
"The most valuable feature of the solution is the central management console, which is used for DLP, endpoint security, drive encryption, and application control."
"You have to have some experience, however, it's pretty simple to understand."
"The graphical interface of the solution is its most valuable aspect."
"The DLP feature in McAfee ePolicy Orchestrator is good."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"The customization continues to be excellent."
"So far, the interface is very easy to use."
"The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time."
"The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."
"Splunk SOAR's quick response to incidents is the most valuable part."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"We are invoiced according to the amount of data generated within each log."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"The solution could be more user-friendly; some query languages are required to operate it."
"The Virtual Patching feature needs to be improved."
"They have to do something to make the solution more resilient or recoverable from power failure events, which may include creating their own database."
"While there are bugs and a few functionality issues, it is just a matter of raising them with the support team. However, support is part of the problem as well. You want everything to be seamless in a perfect world, but the support is spread across different countries. They have Level 1, 2, and 3. Level 1 is most likely in a developing country. They don't provide the best service."
"There is a problem when it comes to agent communication and duplicate records, where the rebooting of a machine leads to the installation of a new agent and you get a lot of duplicate records that ultimately affect your compliance monitoring."
"One thing that I don't like is that McAfee products change very often and upgrade very often."
"The detection aspect should be improved so that signatures are updated more quickly."
"There are some issues relating to the automation of reports. That's why I wanted the DLP reports. There are some problems in this area. Sometimes it does not work even though all the configuration words are right. There are also some problems with automatic updates."
"McAfee ePolicy Orchestrator should improve its integration with other tools."
"have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning."
"Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much."
"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"We've run into a few minor issues. Some of the playbook writing is a bit complicated. We've had a few hiccups with the source control. We'd really like to use GitHub deployment keys for a dedicated account. We haven't been able to do that. I think those are some of the major ones."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"It would be ideal if we could automate processes even more."
"The UI can be more customizable for the clients."
"Portability is one thing that is currently lacking. The open-source product that I evaluated had portability. It would require a lot of development effort, but it will save the cost of rewriting all the playbooks."
McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 39 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 32 reviews. McAfee ePolicy Orchestrator is rated 8.0, while Splunk SOAR is rated 8.0. The top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". McAfee ePolicy Orchestrator is most compared with Symantec Data Loss Prevention, Zscaler DLP, Elastic Security, Trend Micro Integrated Data Loss Prevention and Forcepoint Data Loss Prevention, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and ThreatConnect Threat Intelligence Platform (TIP). See our McAfee ePolicy Orchestrator vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.