Try our new research platform with insights from 80,000+ expert users
Cortex XSIAM Logo

Cortex XSIAM Reviews

Vendor: Palo Alto Networks
4.2 out of 5
Leave a review

What is Cortex XSIAM?

Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.

Get the Security Information and Event Management (SIEM) Buyer's Guide and find out what your peers are saying about Cortex XSIAM, CrowdStrike Falcon, Microsoft Sentinel and more!
Cortex XSIAM is the #5 ranked solution in top Identity Threat Detection and Response (ITDR) solutions, #7 ranked solution in top AI-Powered Cybersecurity Platforms solutions, and #15 ranked solution in top Security Information and Event Management (SIEM) solutions. PeerSpot users give Cortex XSIAM an average rating of 8.4 out of 10. Cortex XSIAM is most commonly compared to CrowdStrike Falcon: Cortex XSIAM vs CrowdStrike Falcon. Cortex XSIAM is popular among the large enterprise segment, accounting for 62% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 12% of all views.
Buyer's Guide
Security Information and Event Management (SIEM)
August 2025
Get the category report
Helped 866,088 peers since 2012

Featured Cortex XSIAM reviews

Read more reviews

Cortex XSIAM mindshare

Product category:
Security Information and Event Manage...
As of August 2025, the mindshare of Cortex XSIAM in the Security Information and Event Management (SIEM) category stands at 2.9%, up from 1.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Market Share Distribution
ProductMarket Share (%)
Cortex XSIAM2.9%
Wazuh11.8%
Splunk Enterprise Security9.4%
Other75.9%
Security Information and Event Management (SIEM)
 
 
Key learnings from peers

Valuable Features

Cortex XSIAM excels in SOAR capabilities, security intelligence, and detection enrichment. Its machine learning detects threats effectively, operating on a unified database for holistic analysis. Users value its integration with third-party vendors, forensic investigation, automation, and seamless onboarding of devices. Its advanced visualization refines alerts efficiently, while AI aids in vulnerability detection. Centralized endpoints remain secure, supporting enhanced workflows and playbooks. Competitive pricing and seamless ecosystem integration increase its appeal.
  • "The most valuable aspect is that Cortex XSIAM doesn't generate excessive alerts, refines all search results effectively, and filters out incidents where SOC intervention isn't necessary, allowing engineers to focus only on what matters."
  • "Since implementing Cortex XSIAM, incident response times have been significantly reduced by approximately twenty percent."
  • "I would give Cortex XSIAM a rating of ten out of ten."

Room for Improvement

Cortex XSIAM requires enhancement in its Attack Surface Management module for deeper context and better performance during multitasking. Integrations with diverse software and cybersecurity solutions, as well as improved automation for incident response, are needed. The interface usability, search functionality, and dashboard could be more intuitive. Pricing and technical support can be more competitive. There's a need for enriched AI analytics, response optimization for vulnerabilities, and more flexible licensing options.
  • "Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports."
  • "Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable compared to CrowdStrike."
  • "I would rate the overall stability a six or seven, as we have only used it for a few months and need a year of experience to provide a full assessment."

ROI

Organizations experienced returns exceeding five hundred thousand dollars from Cortex XSIAM, driven by automation of detection and response processes. This reduced the need for additional security personnel. Cortex XSIAM enabled handling of incidents previously unmanageable due to staffing. Some have yet to assess returns fully as they are in early stages of use. Returns vary with implementation but can be observed within months if specific incidents are addressed.

Pricing

Cortex XSIAM pricing is perceived as high, yet some find it competitive, particularly against Splunk and Microsoft Sentinel, aligning with budget expectations for a two-year contract. The standard licensing is favorably compared to Splunk due to log ingestion factors. Additional costs arise from optional add-ons, integrations, and support not included with Cortex. Licensing processes may be less comfortable than competitors like CrowdStrike, but XSIAM can offer value for money in certain markets.
  • "The product cost could be considered value for money compared to other solutions in the market, though it is quite high."
  • "Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."
  • "The solution is expensive compared to its competitors."

Popular Use Cases

Organizations utilize Cortex XSIAM primarily for its comprehensive SIEM and EDR functionality, incorporating data collection, detection, and integration features. They leverage it for automating security operations, integrating third-party logs, and protecting endpoints against threats like ransomware. It is used for SOC services, policy application, and threat detection, emphasizing seamless integration with existing Palo Alto Networks products and third-party data. The tool is favored for its ability to replace competitors like CrowdStrike and Trend Micro.

Service and Support

Customer service and support for Cortex XSIAM receive mixed feedback. Users appreciate premium support for efficiency and expertise, emphasizing direct handling by core technical experts. However, non-premium support often involves routing through distributors, which may result in varying response times and expertise levels. Challenges arise from support staff learning on the go, leading to potentially slow resolutions. Despite some inefficiencies, users note that clear guidance and helpful responses are common when issues are escalated properly.

Deployment

Cortex XSIAM's initial setup is mostly intuitive and straightforward, requiring only broker deployment for automatic integration connections. SaaS operations ease the process, taking one week for a thousand users. Compared to Splunk and QRadar, Cortex XSIAM is simpler. Though documentation needs improvement, cloud-based deployment usually takes one to two weeks. Some challenges include manual configuration for playbooks. On a difficulty scale, Cortex XSIAM scores between seven and eight out of ten.

Scalability

Cortex XSIAM demonstrates remarkable scalability, particularly due to its cloud-based nature. Users find it easy to expand by adding tenants and integrating new features. Many organizations, from small teams to enterprise-level, report effective scaling across various tasks. While some remain unsure without testing in a real setup or giving high ratings due to integration dependencies, most have experienced it as highly adaptable, with some rating it near the top for scalability.

Stability

Cortex XSIAM demonstrates high stability, with users noting only rare downtime and quick issue resolutions. Its cloud-based design contributes to reliability, often scored ten out of ten for consistency. Some experience fluctuations after updates, yet performance remains commendable. Initial ease of setup adds to its reliability. While some rate stability between six and 7.5, longer usage may provide more insight. Users report occasional crashes, but quickly address these for continued performance.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Security Information and Event Management (SIEM) Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business8
Midsize Enterprise2
Large Enterprise3
By reviewers
By visitors reading reviews
Company SizeCount
Small Business360
Midsize Enterprise239
Large Enterprise997
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
12%
Manufacturing Company
10%
Financial Services Firm
10%
Government
7%
Comms Service Provider
5%
Retailer
5%
Energy/Utilities Company
4%
Insurance Company
4%
Healthcare Company
4%
University
4%
Media Company
4%
Construction Company
3%
Outsourcing Company
3%
Educational Organization
3%
Legal Firm
2%
Real Estate/Law Firm
2%
Transportation Company
2%
Performing Arts
2%
Wholesaler/Distributor
2%
Hospitality Company
1%
Recreational Facilities/Services Company
1%
Non Profit
1%
Engineering Company
1%
Pharma/Biotech Company
1%
Logistics Company
1%
Consumer Goods Company
1%
Security Firm
1%
Marketing Services Firm
1%
Recruiting/Hr Firm
1%

Compare Cortex XSIAM with alternative products

Go!

Learn more about Cortex XSIAM

Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.

What are Cortex XSIAM's key features?

  • Security Orchestration: Streamlines processes across security operations.
  • Automation and Response: Efficient incident response management.
  • Detection Enrichment: Enhances identification of threats.
  • Centralized Endpoint Security: Comprehensive protection and monitoring of endpoints.
  • Forensic Investigation: Automated investigation to expedite threat analysis.

What benefits are evident in Cortex XSIAM reviews?

  • Cost-Effectiveness: Provides economical options compared to other market players.
  • Comprehensive Integration: Seamlessly integrates with multiple data sources and vendors.
  • Reduced Management Effort: Simplifies the administration of security operations.
  • Enhanced Threat Detection: Strengthens identification and remediation processes.

Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.

Related articles

Julia Miller - PeerSpot reviewer
Top SIEM Solutions & Success Stories: Strengthening Cybersecurity in Diverse Industries
Read more

Related questions

  • 182
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 57
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 102
What are the main differences between Nessus and Arcsight?
  • 32
What's The Best Way to Trial SIEM Solutions?
  • 139
Which is the best SIEM solution for a government organization?
  • 814
What is the difference between IT event correlation and aggregation?
  • 65
What Is SIEM Used For?
  • 40
RSA-EMC vs. other SIEM products?
  • 349
What Questions Should I Ask Before Buying SIEM?
  • 124
What are the pros and cons of internal SOC vs SOC-as-a-Service?

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Identity Threat Detection and Response (ITDR)
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Cortex XSIAM Logo
CrowdStrike Falcon vs Cortex XSIAM
Microsoft Sentinel vs Cortex XSIAM Logo
Microsoft Sentinel vs Cortex XSIAM
Splunk Enterprise Security vs Cortex XSIAM Logo
Splunk Enterprise Security vs Cortex XSIAM
Darktrace vs Cortex XSIAM Logo
Darktrace vs Cortex XSIAM
IBM Security QRadar vs Cortex XSIAM Logo
IBM Security QRadar vs Cortex XSIAM
Cortex XDR by Palo Alto Networks vs Cortex XSIAM Logo
Cortex XDR by Palo Alto Networks vs Cortex XSIAM
Elastic Security vs Cortex XSIAM Logo
Elastic Security vs Cortex XSIAM
Varonis Platform vs Cortex XSIAM Logo
Varonis Platform vs Cortex XSIAM
Trend Vision One vs Cortex XSIAM Logo
Trend Vision One vs Cortex XSIAM
Vectra AI vs Cortex XSIAM Logo
Vectra AI vs Cortex XSIAM
Microsoft Defender for Identity vs Cortex XSIAM Logo
Microsoft Defender for Identity vs Cortex XSIAM
Rapid7 InsightIDR vs Cortex XSIAM Logo
Rapid7 InsightIDR vs Cortex XSIAM
Fortinet FortiSIEM vs Cortex XSIAM Logo
Fortinet FortiSIEM vs Cortex XSIAM
Cribl vs Cortex XSIAM Logo
Cribl vs Cortex XSIAM
Google Chronicle Suite vs Cortex XSIAM Logo
Google Chronicle Suite vs Cortex XSIAM
See all alternatives
 
Cortex XSIAM Reviews Summary
Author infoRatingReview Summary
Associate Director at a financial services firm with 10,001+ employees2.5I am evaluating Cortex XSIAM in my new organization, having used its older version before. The solution offers flexibility in manual workflows and effective ticketing. However, it lacks integrations and playbooks, hindering automation and incident response efficiency. ROI remains absent.
SOC Analyst at OVELOSEC4.0In our organization, we use Cortex XSIAM for SOC monitoring, onboarding devices, and integrating log parsers. While it's effective, improvements are needed in data onboarding and AI analytics. We previously used Splunk User Behavior Analytics before switching.
Senior Vice President at Chi Networks4.0We use Cortex XSIAM for endpoint protection, applying policies, and automating processes through API integration. Its signature-less detection enhances security, though dashboard improvements are needed. Previously using ESET, we chose XSIAM for its automation and customization features.
Owner at a retailer with 51-200 employees4.0We partner and train users on Cortex XSIAM, valuing its AI for detecting vulnerabilities. While we appreciate its ease of setup and rule optimization, improvements in detection and resolution are desired. Compared to IBM QRadar, Cortex justifies its cost.
Team Lead, Security at seamlessinfotech.com4.0I've used Cortex XSIAM for four years and find it effective for incident correlation, automation, and reducing unnecessary alerts. While its interface could be more intuitive, deployment is smooth and the ROI is typically realized in a few months.
Senior Manager - Security Operations at First Advantage Corporation4.5In our organization, Cortex XSIAM serves as our primary SIEM solution, excelling in security orchestration, intelligence, and detection enrichment. We achieved over $500k ROI without expanding our team, unlike Sentinel or Splunk, which need more staffing.
Subject Matter Expert at Softcell Technologies Limited4.5I suggest Cortex XSIAM as a cost-effective alternative to CrowdStrike or Trend Micro, particularly since it offers competitive pricing in India. Customers appreciate its integration with existing Palo Alto solutions, though support speed could be improved.
Director at MICROLOGIC NETWORKS PRIVATE LIMITED5.0I primarily use Cortex XSIAM to protect against ransomware, finding its ability to detect and block malicious behavior valuable. However, it's expensive, with a less convenient licensing process compared to CrowdStrike, which offers annual recurring revenue options.