We performed a comparison between IBM Security QRadar and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The automation feature is valuable."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"Free ingestion for Azure logs (with E5 licence)"
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The features that stand out are the detection engine and its integration with multiple data sources."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"QRadar has somewhat of a new structure recently from last gen. They have moved from the standard UI based infrastructure."
"What's most valuable in IBM QRadar User Behavior Analytics is its higher availability than other tools."
"Flexible and valuable product that is modular, so you can easily set up a roadmap for your clients."
"It is a very good SIEM."
"It has a logical, user-friendly GUI."
"It has a lot of good correlation rules. From a customer's point of view, it is one of the best solutions because you don't need to create correlation rules from scratch. You just review them and customize them as you want."
"It's quite scalable. We have upgraded some solutions from 1000 APS up to 3500 APS to 5000 APS. It's a good solution, they have no scalability issues."
"No doubt about it, the solution is extremely stable."
"Many different playbooks are available and can be customized."
"What I like most about Palo Alto Networks Cortex XSOAR is how user-friendly it is for development. It is much simpler to work with compared to similar tools I've used."
"It has an extensive list of integrations that are available out of the box which makes it easy to start."
"The solution is user-friendly and easy to configure."
"The product can automate security tasks."
"Its agility and scalability are valuable."
"Palo Alto has gotten the investigators more presence to actually go in the report because being that the platform will email the investigator that it's been assigned to, now the investigators will jump in there and start going through the review process a lot quicker."
"I have found the solution very useful, it integrates well with other platforms."
"We are invoiced according to the amount of data generated within each log."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The troubleshooting has room for improvement."
"The solution could be more user-friendly; some query languages are required to operate it."
"The only thing is sometimes you can have a false positive."
"Sentinel's reporting is complex and can be more user-friendly."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"I would like to see the update process simplified."
"The solution should include remote action capabilities."
"It needs more resilience and functionality."
"Its architecture is very complicated."
"IMB should reduce the pricing, or reduce some of the features for a more economical solution for the customer."
"They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules."
"The released patch quality is poor. IBM should test those patches on their side, not on the client's side."
"The initial setup was complex, and it took six months."
"I think they should increase their collaboration base."
"The tool’s multi-tenancy feature must be improved."
"They should provide integration with machine learning platforms."
"The solution's technical support could be better."
"There should be an on-premise version available for customers to have different choices."
"The configuration of the solution could improve it is difficult."
"It doesn't offer automatic internet reports out of the box."
"The solution should be made a bit cheaper."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
IBM Security QRadar is ranked 4th in Security Orchestration Automation and Response (SOAR) with 198 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. IBM Security QRadar is rated 8.0, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient. See our IBM Security QRadar vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
