No more typing reviews! Try our Samantha, our new voice AI agent.

Corelight Open NDR vs Fidelis Elevate comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 22, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Corelight Open NDR
Average Rating
8.8
Reviews Sentiment
7.6
Number of Reviews
7
Ranking in other categories
Network Traffic Analysis (NTA) (5th), Network Detection and Response (NDR) (7th)
Fidelis Elevate
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
7
Ranking in other categories
Endpoint Detection and Response (EDR) (60th), Threat Deception Platforms (8th), SSL/TLS Decryption (4th), Network Detection and Response (NDR) (22nd), Managed Detection and Response (MDR) (31st), Extended Detection and Response (XDR) (42nd)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
reviewer2834367 - PeerSpot reviewer
Growth And Strategy Lead at a computer software company with 51-200 employees
Network visibility has transformed how we detect nation state threats and protect critical industry
Before Corelight recently started pushing some of the agentic features, querying at times could be a little difficult, depending on your mastery of log scale. However, I think with a lot of the artificial intelligence that they are building in, it is getting a lot easier to query in the platform. I would definitely encourage them to continue down that path where anybody can hop into the platform and start running queries, whether it is a simple instruction like I want this, and an artificial intelligence process can actually build the query and do it. I think that would be super powerful. Cyber skill sets are in high demand, and there is a huge backlog in cyber talent. We cannot fill all the positions we need. The easier we can make these cyber systems for people to pick up and be effective on, I think is really key. Explainability of data is hyper important. In the past few artificial intelligence related updates we have gotten from Corelight, that has been one of the first questions our team has asked every time or that I have asked: show me what the model is doing, show me how it came to this analysis. Within Investigator platform, they are able to walk through and see exactly what data the artificial intelligence pulled from where and why it did what it did as far as making its suggestions. They have definitely built their system with artificial intelligence in mind up front, and having that openness as one of the key features of any of their artificial intelligence and machine learning processes in the platform is important. The issue with black boxes is obviously hallucinations from artificial intelligence and just not being able to trace to ground truth. When we are talking about these cyber incidents and being able to do forensics, you need to be able to pinpoint and tie everything together, and black boxes really obscure that and prevent you from doing so. Corelight has done a really good job of making sure that everything is explainable and everything is mapped when it comes to leveraging any of their artificial intelligence features.
Mostafa Ameen - PeerSpot reviewer
Information Security Engineer at ICT Misr
Advanced threat detection capabilities with comprehensive incident response features providing robust cybersecurity for organizations
The initial aspect concerns two engines. The first one mentioned is available for searching behaviors directly. The second engine involves the Google Ade tool, which operates on the machine. The challenge arises when attempting to rectify protection rules, causing confusion. It would be beneficial to enhance Rigixs Query. I encounter difficulty removing certain entries in behavior or alerts; likewise, I am unable to add specific calls.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's very stable. I've never experienced downtime for the ASM console or ASM core."
"This software helps us understand any issues that may arise when someone is not at work."
"The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
"The integrations are out-of-the-box, as are the playbooks."
"I've found the solution to be highly scalable for enterprises."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"It collects and caches and the knowledge of machine learning from different customers to take to the cloud, it makes it better to use for everybody, it allows for quick learning and updates and can, therefore, offer zero-day malware security, and this sharing of metadata helps make the solution very safe."
"Corelight Open NDR has had a positive impact on my company, providing visibility as the Suricata engine can scan huge volumes of traffic, including north-south and east-west, revealing signatures and exposures I was not expecting and enabling me to catch them with Suricata alerts."
"The most valuable feature is the embedded IDS from Suricata."
"It is easy to deploy and easy to handle."
"It's an easy way for us to get visibility in a client's environment."
"Corelight makes much easier the remediation of cyber attacks; instead of facing a chaotic amount of logs, Corelight provides correlated metrics that allow pivoting to find, in seconds, all the data related to an alert, detection, or asset."
"Corelight is easy to use."
"Technical support seems to be good."
"It's easy to create additional dashboards specific to supporting specific tasks."
"It ensures the stability of network behavior across various aspects of our network and offers responsive capabilities to address incidents promptly"
"It is used as our primary in-line IDS/IPS system, replacing FireEye NX, and it catches more, looks at more ports than FireEye NX, and is a scalable appliance, unlike our NX which was saturated and shut itself down."
"The solution's technical support is perfect, so I rate the technical support a ten out of ten"
"There are many valuable features. The NDR gives very good network visibility, and the endpoint module has a great feature called "Live Connect" for remote connections. They also have "Tasks" that can be run on endpoints to gather specific information or retrieve logs."
"The technical support is very helpful."
"It has a rating system now so you can rate things up or down, depending on your environment. This means alerting can be customized, yet still pick up anomalies."
"What I like the most about this solution is the complexity. It covers a lot of areas, unlike other solutions."
"Reporting is great, it is easy to do a quick search through 45 days of data for something of interest."
 

Cons

"The price could be a little lower."
"It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."
"I have faced some issues with Cortex XDR by Palo Alto Networks; there is room for improvement in the sense that certain options prevent us from seeing and segregating data."
"There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration."
"The deployment is pretty hard."
"When it comes to core analysis, and security analysis, Cortex needs to provide more information."
"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."
"This is a very costly product."
"It's an expensive solution and the price could be reduced."
"The solution’s architecture is complex and difficult to understand. There are multiple machines and VMs."
"Before Corelight recently started pushing some of the agentic features, querying at times could be a little difficult, depending on your mastery of log scale."
"Machine learning could be a good improvement, but it's very costly."
"They can enhance the interface of the product. They can make it more interactive and also easier to use for feature access."
"Corelight hasn’t added features in a long time."
"In the next release, building a graphical user interface would be helpful."
"The interface bug needs to be squashed once and for all. This has been the predominant issue with an otherwise stellar product. It reboots itself unscheduled, about once a month, due to a memory buffer flaw in the interface."
"The interface bug needs to be squashed once and for all."
"Fidelis Endpoint is an expensive product making it one of its shortcomings that needs improvement."
"Configuration, in terms of building the collector and communicating with endpoints, is complex."
"The reports in the endpoint area of Elevate can be improved."
"There is room for improvement in email security. It's a security issue. If you're aiming for XDR, covering the entire threat landscape is crucial."
"I encounter difficulty removing certain entries in behavior or alerts; likewise, I am unable to add specific calls."
"We position the solution as an antivirus, but this part of the solution needs improvement. They need to generally enhance the features that they have, rather than adding anything new."
 

Pricing and Cost Advice

"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."
"It has a yearly renewal."
"Every customer has to pay for a license because it doesn't work with what you get from a managed services provider."
"It is "expensive" and flexible."
"Cortex XDR's pricing is ok."
"Compared to CrowdStrike, Cortex XDR is an expensive solution."
"The cost of Cortex XDR by Palo Alto Networks is $55 to $90 USD per endpoint per month."
"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
"It's a yearly fee and depends on what you are looking for."
"It's somehow expensive. From one to ten, I would rate it a five. They need to improve the prices. It's very high."
"Fidelis Endpoint is an expensive product. My company makes yearly payments toward the licensing cost of the solution."
"You license by the number of days of logs you need to maintain visibility for. Forty-five days is a good solid number for a company with around a 10k user base."
"It's quite expensive but we can customize it to reduce the price."
report
Use our free recommendation engine to learn which Network Detection and Response (NDR) solutions are best for your needs.
903,118 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
12%
Government
12%
Computer Software Company
8%
Real Estate/Law Firm
7%
Financial Services Firm
15%
Construction Company
11%
Manufacturing Company
11%
Comms Service Provider
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise2
Large Enterprise1
By reviewers
Company SizeCount
Small Business6
Large Enterprise2
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for Corelight?
I have a fortunate experience with pricing, setup costs, and licensing of Corelight Open NDR, as being a principal ar...
What needs improvement with Corelight?
Corelight Open NDR does not need any improvements or additional features in the next releases. The product is excelle...
What is your primary use case for Corelight?
I have been using Corelight Open NDR solution for approximately three years. I leverage the Suricata engine heavily f...
Ask a question
Earn 20 points
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Corelight Open NDR
Fidelis Elevate Platform, Fidelis Enterprise, Fidelis Cloud, Fidelis Managed Detection and Response, Fidelis Deception, Fidelis Decryption, Fidelis Endpoint, Fidelis Network
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
CarrefourEdnonGrand Canyon EducationSektorCERTTietoevryVolkswagen Financial Services
First Midwest Bank
Find out what your peers are saying about Corelight Open NDR vs. Fidelis Elevate and other solutions. Updated: June 2026.
903,118 professionals have used our research since 2012.