We use the solution to automate our SIEM tools and incidents.
The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
We use the solution to automate our SIEM tools and incidents.
The solution's correlation rules and playbooks should be improved.
I have been using Palo Alto Networks Cortex XSOAR for six to seven months.
I rate the solution seven and a half out of ten for stability.
More than 100 users are using the solution in our organization.
I rate the solution a six out of ten for the scalability of its on-premises version.
I also use the ArcSight solution.
The solution can be deployed within a few minutes.
We are using the latest version of Palo Alto Networks Cortex XSOAR. The solution's on-premises version is not scalable. Around five people are involved with the solution’s maintenance.
Overall, I rate the solution an eight out of ten.
The SOC team needs the tool to understand the network and determine why an incident happens. The tool helps understand user behavior and helps with threat hunting.
The solution has a lot of information, like playbooks and incidents. It goes really deep. The vendor provides training, knowledge bases, workshops, and webinars. The product can automate security tasks. Playbooks are the most beneficial feature. We can create a playbook. We can get visibility on incidents.
We can also analyze user behavior and understand whether it is a true positive or a false positive. We have so many false positives these days in security, so it's nice when we can put things in the block list. We can perform investigations. The product can be integrated with third-party tools.
The solution is complicated to learn. Customers find it difficult to learn how the solution works. We need professionals to learn and understand how the tool works to expand it further. Our customers want to see more use cases. They want to have more facilitations and more visibility on how it works. We need more skilled people inside and outside the team to understand how it works. It’s difficult to find skilled people to understand how the tool works.
The solution is suitable for enterprise businesses.
We can send an email to the online support portal. We can contact Palo Alto engineers immediately and open a ticket. The engineers will take care of the issue depending on the severity level of the ticket.
Positive
The initial setup is really easy. We just have to order it. When we have the tool, someone from Palo Alto will provide us with the account information. After that, we must set up the users, customers, and resellers. We can do onboarding immediately. The deployment takes one or two days.
Whether the product is cheap or expensive depends on the company and how much they are willing to spend on security. Nowadays, security is important. The solution is not suitable for small businesses. It is better suited for medium and enterprise businesses because it starts with 200 endpoints.
SentinelOne is an endpoint protection tool. However, Palo Alto gives us more security features.
I work with a distributor. I recommend the product to my customers. I'm really satisfied with the tool. It's a very nice tool. It can work and give us what we need. We just need to be patient and learn how it works. The incidents can be handled very easily. Overall, I rate the product a nine out of ten.