Try our new research platform with insights from 80,000+ expert users

Cortex XSIAM vs Devo comparison

Palo Alto Networks and Devo are both solutions in the Security Information and Event Management (SIEM) category. Palo Alto Networks is ranked #13 with an average rating of 8.4, while Devo is ranked #23 with an average rating of 8.0. Palo Alto Networks holds a 2.6% mindshare in SIEM, compared to Devo’s 1.1% mindshare. Additionally, 100% of Palo Alto Networks users are willing to recommend the solution, compared to 95% of Devo users who would recommend it.
Cortex XSIAM
Read 15 Cortex XSIAM reviews
  • 7,566 Views
  • 3,253 Comparison Views
100% willing to recommend
Devo
Read 23 Devo reviews
  • 2,727 Views
  • 1,800 Comparison Views
95% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Cortex XSIAM and Devo based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cortex XSIAM vs. Devo Report (Updated: December 2025).
Buyer's Guide
Cortex XSIAM vs. Devo
December 2025
Download the complete report
Helped 879,259 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
4.6
Cortex XSIAM enhances incident management and provides significant financial returns by automating detection and response, reducing staffing needs.
Sentiment score
7.7
Devo enhances root cause remediation by 50%, offering cost savings, scalability, fast cloud deployment, and diverse client flexibility.
 

Customer Service

Sentiment score
5.8
Cortex XSIAM support varies; premium service excels, while non-premium experiences depend on distributor expertise and sometimes face delays.
Sentiment score
7.0
Devo's customer service is responsive and efficient, but improvements are needed in documentation and onboarding support.
With premium support, core Palo Alto technical experts handle issues directly.
joshiamarpreet
Team Lead, Security at seamlessinfotech.com
It is ineffective in terms of responding to basic queries and addressing future requirements.
reviewer2666148
Associate Director at a financial services firm with 5,001-10,000 employees
I would rate the support of Palo Alto a nine out of ten.
JohnTamakloe
Solutions Architect at ostec
For more quotes and insights, download the Cortex XSIAM report
No quotes available
For more quotes and insights, download the Devo report
AS
reviewer2666148 - PeerSpot reviewerJohnTamakloe - PeerSpot reviewer
 

Scalability Issues

Sentiment score
6.5
Cortex XSIAM is scalable for various business sizes with cloud-based integration, but lacks on-premises deployment and mixed reviews.
Sentiment score
7.6
Devo's cloud-based structure ensures seamless scalability, supporting diverse roles and extensive deployments for effective data handling and monitoring.
Without proper integration, scaling up with more servers is meaningless.
reviewer2666148
Associate Director at a financial services firm with 5,001-10,000 employees
Cortex XSIAM is highly scalable.
AKASH MAJUMDER
SOC Analyst at OVELOSEC
For more quotes and insights, download the Cortex XSIAM report
No quotes available
For more quotes and insights, download the Devo report
 

Stability Issues

Sentiment score
7.6
Cortex XSIAM is praised for its stability, rapid issue resolution, and efficient performance despite minor post-update challenges.
Sentiment score
7.3
Devo is highly stable and reliable, with minimal issues and efficient management, evolving positively as a cloud-native service.
The product was easy to install and set up and worked right.
Oscar Ojeda
Owner at Xelere
Overall, Cortex XSIAM is stable.
AKASH MAJUMDER
SOC Analyst at OVELOSEC
It works really nice and performs really efficiently after configuration.
HectorRios
IT COMMUNICATIONS AND NETWORKS at Américas BPS
For more quotes and insights, download the Cortex XSIAM report
No quotes available
For more quotes and insights, download the Devo report
Oscar Ojeda - PeerSpot reviewerAKASH MAJUMDER - PeerSpot reviewerHectorRios - PeerSpot reviewer
 

Room For Improvement

Cortex XSIAM needs improved integration, performance, interface, pricing, support, ASM, AI, onboarding, tagging, and identity management enhancements.
Devo faces performance, customization, integration, and pricing challenges, needing improvements in AI, reporting, and dashboard capabilities.
In terms of incident response automation, it is quite poor due to the lack of integration with all security tools, making manual intervention necessary.
reviewer2666148
Associate Director at a financial services firm with 5,001-10,000 employees
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.
AKASH MAJUMDER
SOC Analyst at OVELOSEC
Cortex XSIAM is on the expensive side and requires substantial improvement in pricing.
JohnTamakloe
Solutions Architect at ostec
For more quotes and insights, download the Cortex XSIAM report
Integrations with other sandboxes could be improved to better interpret data using AI and machine learning models.
Francisco JavierRomo
Strategic Account Executive at a computer software company with 51-200 employees
For more quotes and insights, download the Devo report
reviewer2666148 - PeerSpot reviewerAKASH MAJUMDER - PeerSpot reviewerJohnTamakloe - PeerSpot reviewer
FR
 

Setup Cost

Cortex XSIAM is viewed as competitively priced but complex, aligning with market expectations despite some regional variations.
Devo offers competitive pricing with flexible licensing, though metadata costs and subscription models may affect overall expenses.
The product is very expensive.
reviewer2666148
Associate Director at a financial services firm with 5,001-10,000 employees
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable.
Rajiv John
Director at MICROLOGIC NETWORKS PRIVATE LIMITED
The first impression is that XSIAM would be more expensive than others we tried.
Oscar Ojeda
Owner at Xelere
For more quotes and insights, download the Cortex XSIAM report
No quotes available
For more quotes and insights, download the Devo report
reviewer2666148 - PeerSpot reviewer
RJ
Oscar Ojeda - PeerSpot reviewer
 

Valuable Features

Cortex XSIAM excels in machine learning threat detection, SOAR features, and advanced automation for efficient security management.
Devo's Activeboards offer intuitive, fast data visualization with high-speed queries, real-time analytics, and seamless integration for effective insights.
The advanced visualization capabilities of the product are important for understanding security trends in an organization.
JohnTamakloe
Solutions Architect at ostec
Its signature-less subscriptions and robust detection power stand out in improving threat detection.
Jitendra_Singh
Senior Vice President at Chi Networks
Cortex XSIAM allows us to onboard almost every device, whether they are on-prem or on SaaS.
AKASH MAJUMDER
SOC Analyst at OVELOSEC
For more quotes and insights, download the Cortex XSIAM report
When they see a spike in a line chart for a failed login, which could be a true or false attempt, they can click that spike, and a table widget on the same active board instantly populates with raw logs of data for those specific failed logins.
Francisco JavierRomo
Strategic Account Executive at a computer software company with 51-200 employees
For more quotes and insights, download the Devo report
JohnTamakloe - PeerSpot reviewerJitendra_Singh - PeerSpot reviewerAKASH MAJUMDER - PeerSpot reviewer
FR
 

Categories and Ranking

Cortex XSIAM
Ranking in Security Information and Event Management (SIEM)
13th
Average Rating
8.6
Reviews Sentiment
6.7
Number of Reviews
15
Ranking in other categories
Identity Threat Detection and Response (ITDR) (7th), AI-Powered Cybersecurity Platforms (8th)
Devo
Ranking in Security Information and Event Management (SIEM)
23rd
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
23
Ranking in other categories
Log Management (28th), IT Operations Analytics (9th), AIOps (20th)
 

Mindshare comparison

As of December 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Cortex XSIAM is 2.6%, up from 2.1% compared to the previous year. The mindshare of Devo is 1.1%, up from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Market Share Distribution
ProductMarket Share (%)
Cortex XSIAM2.6%
Devo1.1%
Other96.3%
Security Information and Event Management (SIEM)
 

Featured Reviews

reviewer2666148 - PeerSpot reviewer
reviewer2666148
Associate Director at a financial services firm with 5,001-10,000 employees
Integration challenges highlight the need for manual workflows
The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long. The solution would benefit from having more standard playbooks and templates available, as in other partners. Currently, everything must be created from scratch. In terms of incident response automation, it is quite poor due to the lack of integration with all security tools, making manual intervention necessary.
Read full review
FR
Francisco JavierRomo
Strategic Account Executive at a computer software company with 51-200 employees
Has improved investigative workflows with interactive dashboards and simplified data correlation
The data analytics cloud component focuses on real-time analytics, which is very impressive. The SIEM collects and correlates logs data from different sources and can integrate with ServiceNow, hardware asset management, and software asset management. The security orchestration, automation, and response (SOAR) is another valuable feature. The security data platform serves as the foundation of Devo. Regarding advanced query capabilities, Devo offers several models including query logs, visual query builder, language integrated query, and SQL, with SQL being the most frequently used querying data capability. The single pane of glass that Devo offers is the SOC. The tools in Devo's active ports are for investigating, not just viewing data. They are more interactive than other market solutions. The drill-down reports capabilities allow analysts to click on any element in a widget. When they see a spike in a line chart for a failed login, which could be a true or false attempt, they can click that spike, and a table widget on the same active board instantly populates with raw logs of data for those specific failed logins. This is particularly important for enterprise companies with numerous endpoints and users. The dynamic filtering of inputs significantly reduces the time cybersecurity analysts spend trying to figure out failed logins and identifying false positives.
Read full review
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
879,259 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
12%
Financial Services Firm
10%
Manufacturing Company
9%
Government
7%
Financial Services Firm
15%
Computer Software Company
10%
University
8%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise2
Large Enterprise4
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise4
Large Enterprise11
 

Questions from the Community

What do you like most about Cortex XSIAM?
It is an effective solution in terms of performance and functionalities.
See all answers
What is your experience regarding pricing and costs for Cortex XSIAM?
I did not participate in pricing discussions for Cortex XSIAM solutions, so I cannot provide a review regarding prices for this solution.
See all answers
What needs improvement with Cortex XSIAM?
Cortex XSIAM is on the expensive side and requires substantial improvement in pricing. There are other features that could be improved, including integration with vendors such as CyberArk. I would ...
See all answers
What is your experience regarding pricing and costs for Devo?
Compared to Splunk or SentinelOne, it is really expensive. I rate the product’s pricing a nine out of ten, where one is cheap and ten is expensive.
See all answers
What needs improvement with Devo?
The single pane of glass that Devo offers could be improved. The tools in Devo's active ports need enhancement in their investigative capabilities. The drill-down reports capabilities, while useful...
See all answers
What is your primary use case for Devo?
During my time at MetaBase Q and as a partner integrator of ServiceNow, I had the chance to understand and be part of projects integrating SOCs, NOCs, and Security Operation Centers with Devo. Most...
See all answers
 

Comparisons

Palo Alto Networks Cortex XSOAR vs Cortex XSIAM Logo
Palo Alto Networks Cortex XSOAR vs Cortex XSIAM
Compared 25% of the time
Microsoft Sentinel vs Cortex XSIAM Logo
Microsoft Sentinel vs Cortex XSIAM
Compared 12% of the time
Cortex XDR by Palo Alto Networks vs Cortex XSIAM Logo
Cortex XDR by Palo Alto Networks vs Cortex XSIAM
Compared 9% of the time
CrowdStrike Falcon vs Cortex XSIAM Logo
CrowdStrike Falcon vs Cortex XSIAM
Compared 7% of the time
IBM Security QRadar vs Cortex XSIAM Logo
IBM Security QRadar vs Cortex XSIAM
Compared 6% of the time
More Cortex XSIAM Competitors
LogRhythm SIEM vs Devo Logo
LogRhythm SIEM vs Devo
Compared 13% of the time
Splunk Enterprise Security vs Devo Logo
Splunk Enterprise Security vs Devo
Compared 10% of the time
IBM Security QRadar vs Devo Logo
IBM Security QRadar vs Devo
Compared 9% of the time
Microsoft Sentinel vs Devo Logo
Microsoft Sentinel vs Devo
Compared 8% of the time
Elastic Security vs Devo Logo
Elastic Security vs Devo
Compared 5% of the time
More Devo Competitors
 

Product Reports

Buyer's Guide
Cortex XSIAM
December 2025
Cortex XSIAM reportDownload Cortex XSIAM product report
Buyer's Guide
Devo
December 2025
Devo reportDownload Devo product report
 

Overview

Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.

Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.

What are Cortex XSIAM's key features?

  • Security Orchestration: Streamlines processes across security operations.
  • Automation and Response: Efficient incident response management.
  • Detection Enrichment: Enhances identification of threats.
  • Centralized Endpoint Security: Comprehensive protection and monitoring of endpoints.
  • Forensic Investigation: Automated investigation to expedite threat analysis.

What benefits are evident in Cortex XSIAM reviews?

  • Cost-Effectiveness: Provides economical options compared to other market players.
  • Comprehensive Integration: Seamlessly integrates with multiple data sources and vendors.
  • Reduced Management Effort: Simplifies the administration of security operations.
  • Enhanced Threat Detection: Strengthens identification and remediation processes.

Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.

Palo Alto Networks

Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

Devo
 

Sample Customers

Information Not Available
United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
Buyer's Guide
Cortex XSIAM vs. Devo
December 2025
Free Report: Cortex XSIAM vs. Devo
Find out what your peers are saying about Cortex XSIAM vs. Devo and other solutions. Updated: December 2025.
DOWNLOAD NOW
879,259 professionals have used our research since 2012.
See our Cortex XSIAM vs. Devo report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.