No more typing reviews! Try our Samantha, our new voice AI agent.

ConnectWise SIEM vs Trellix Active Response comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
ConnectWise SIEM
Ranking in Endpoint Detection and Response (EDR)
55th
Average Rating
8.6
Reviews Sentiment
6.6
Number of Reviews
3
Ranking in other categories
Security Information and Event Management (SIEM) (48th), Secure Access Service Edge (SASE) (22nd), Managed Detection and Response (MDR) (24th)
Trellix Active Response
Ranking in Endpoint Detection and Response (EDR)
49th
Average Rating
7.0
Reviews Sentiment
5.1
Number of Reviews
5
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of ConnectWise SIEM is 0.8%, up from 0.2% compared to the previous year. The mindshare of Trellix Active Response is 0.6%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Trellix Active Response0.6%
ConnectWise SIEM0.8%
Other95.0%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
reviewer2711757 - PeerSpot reviewer
Cyber Security Software Engineer at a tech services company with 11-50 employees
Automated alerting and reporting excel while cost and feature limitations remain
I find automation to be one of the best and most valuable features of the product. Machine learning is incorporated into the solution, though AI is a broader term that I wouldn't apply here. I haven't personally explored AI yet, but I will investigate it. Machine learning functions more as automation in my experience, as there's no training involved yet. I want to conduct R&D on another project with Wazuh to determine how to capture usage, for example, tracking user logins and time spent. This is where I need to implement machine learning. Additionally, the extraction of GeoIP adds complexity. The solution is effectively reducing incident response times in operations.
ED
Senior Manager Operational Technology and Cyber Security at Eskom Ltd
Operational efficiencies increase with immediate threat alerts for endpoints
We use Trellix Active Response primarily for our endpoints, including desktop computers. It monitors all the tools that our users use for their day-to-day work The alerts provided by Trellix Active Response are its most valuable feature. They notify us immediately of any vulnerabilities on the…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."
"We have a complete overview of all our PCs and it's very easy to handle and to use the interface. It has a lot of benefits for us."
"Once you become familiar with it, Cortex XDR by Palo Alto Networks is a more powerful tool and I would say that I prefer it over MDE because it is a stronger tool for me."
"The main benefit of using Cortex XDR by Palo Alto Networks while employing Palo Alto Firewall at the internet edge is that it improves security on our endpoint devices, integrating seamlessly with Palo Alto Firewalls to deliver comprehensive network, analyst, and security details all in a single dashboard, which allows us to manage everything from our network devices."
"The stability is pretty good except for one or two cases, and based on the performance, it's been okay with pretty high performance, no bugs or glitches, and it doesn't crash or freeze."
"My advice for others looking into using Cortex is that it is very easy to use and very useful for the customer environment, whether it's a public or private one."
"From the Palo Alto side, whatever they buy, they integrate that really well into their integration suite, and that makes a massive difference."
"We have found the solution has great functionality and it is easy to use."
"The integration capabilities of ConnectWise SIEM are off the shelf, making it easy to buy and use; you just unpack it and use it."
"One valuable feature of ConnectWise Fortify is the ability to add other teams and receive notifications when customers make changes or remove multi-factor authentication in Microsoft or SAP environments."
"It's a little lighter compared to the older version, which was mostly signature-based."
"The continuous monitoring component of this solution allows Trellix to launch the MDR solution, which correlates all incidents and provides investigation reports within a short period of time, hence offering an advantage to the customers using Trellix Active Response and its integrated products."
"The alerts provided by Trellix Active Response are its most valuable feature."
"The solution is scalable."
"We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home. About half of our workers are still remote, so Active Response gives us that visibility and lets us automate a number of those events."
"With the ADR parts of it or the Active Response parts of it, we're able to get a little more information compared to the older version, such as analytics, user behavior analytics, triaging, and meaningful reporting."
 

Cons

"For Cortex XDR by Palo Alto Networks, if I had to point out improvements, I would say the UI is still somewhat difficult for beginners."
"Cortex XDR could improve its sales support team, including better commission structures and referral programs."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"Additionally, I think the price is very high, and if it can be adjusted, I believe it will be a very good solution."
"It takes time to scan the servers and devices."
"Cortex XDR should have a lightweight agent, and the agent size should not be heavy."
"The downsides of Cortex XDR by Palo Alto Networks are that in many incidents, when I enter the causality chain, there are numerous logs."
"To jump from the partner to Palo Alto directly was challenging."
"The manage portion of the solution is complicated and should be simplified by having different versions to meet the needs of different size companies."
"ConnectWise SIEM is primarily focused on notifications and is limited in that aspect, while Wazuh can automate the elimination process."
"ConnectWise Fortify could work on covering more areas, like phishing messages, which have become more complicated to detect."
"I would rate technical support from Trellix Active Response as a seven because sometimes we face difficulties finding engineers quickly, leading to customer frustration."
"While the product is good, we are currently facing support issues."
"The only area for improvement is regarding operational technology devices, specifically the engineering automation systems."
"There are some components on the cloud that should also reside in the on-prem deployment models but don't."
"I also expected Active Response 's user interface to be much more analytical."
"The truth, however, is that I was really looking for something much more advanced with user behavior analytics and some AI features that the other competitor's next-gen AV does offer."
 

Pricing and Cost Advice

"Our license will require renewal in August, after which the maintenance will continue as usual."
"Our customers have expressed that the price is high."
"This is an expensive solution."
"The price of the solution is high for the license and in general."
"Licensing for Palo Alto Networks Cortex XDR can be costly, especially when it comes to a hundred users. A license is required for each user, and the subscription must be renewed on a yearly basis."
"The price of the solution could be reduced. I have customers that have voiced that the solution is good for the value but if I want to sell more of the solution the price reduction would help."
"The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version."
"Very costly product."
"The solution is expensive."
"Our costs were somewhere around $600K in Trinidad dollars, which might be about $100K US. We have the ETP plus the EDR. Our recent renewal was 1800 licenses as opposed to the full amount. Our transaction cost was about $600K Trinidad dollars, which is somewhere around $90-100K US."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Computer Software Company
15%
Construction Company
12%
Comms Service Provider
10%
Financial Services Firm
7%
Construction Company
18%
Financial Services Firm
18%
Comms Service Provider
12%
Performing Arts
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
No data available
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What needs improvement with ConnectWise Fortify?
I haven't utilized the advanced threat intelligence capabilities with ConnectWise SIEM. Advanced threat intelligence ...
What is your primary use case for ConnectWise Fortify?
I do not have experience with ConnectWise SIEM for RMM, as I mostly work on Wazuh, and I have a team that handles Con...
What advice do you have for others considering ConnectWise Fortify?
The review can be made anonymous if just my name and not the company name is used. I would assess the real-time visib...
What is your experience regarding pricing and costs for McAfee Active Response?
Based on our evaluations, Trellix Active Response's pricing was the most feasible from a cost perspective. I rate the...
What needs improvement with McAfee Active Response?
For Trellix Active Response, there is room for improvement in the platform area and security area to make the dashboa...
What is your primary use case for McAfee Active Response?
The typical use case for Trellix Active Response is to provide quick incident response, as the product collects and c...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
ConnectWise Security Management, ConnectWise Fortify, Continuum Fortify, ConnectWise SIEM, ConnectWise SASE
McAfee Active Response
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Techvera, Syrex, Clark Integrated Technologies
Liquor Control Board of Ontario
Find out what your peers are saying about ConnectWise SIEM vs. Trellix Active Response and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.