Try our new research platform with insights from 80,000+ expert users

Cortex XSIAM vs Devo comparison

Palo Alto Networks and Devo are both solutions in the Security Information and Event Management (SIEM) category. Palo Alto Networks is ranked #13 with an average rating of 8.3, while Devo is ranked #36. Palo Alto Networks holds a 2.9% mindshare in SIEM, compared to Devo’s 1.1% mindshare. Additionally, 100% of Palo Alto Networks users are willing to recommend the solution, compared to 95% of Devo users who would recommend it.
Cortex XSIAM
Read 14 Cortex XSIAM reviews
  • 7,746 Views
  • 3,021 Comparison Views
100% willing to recommend
Devo
Read 22 Devo reviews
  • 2,625 Views
  • 1,811 Comparison Views
95% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Cortex XSIAM and Devo based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cortex XSIAM vs. Devo Report (Updated: September 2025).
Buyer's Guide
Cortex XSIAM vs. Devo
September 2025
Download the complete report
Helped 867,370 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XSIAM
Ranking in Security Information and Event Management (SIEM)
13th
Average Rating
8.6
Reviews Sentiment
6.9
Number of Reviews
14
Ranking in other categories
Identity Threat Detection and Response (ITDR) (5th), AI-Powered Cybersecurity Platforms (7th)
Devo
Ranking in Security Information and Event Management (SIEM)
36th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
22
Ranking in other categories
Log Management (44th), IT Operations Analytics (10th), AIOps (19th)
 

Mindshare comparison

As of September 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Cortex XSIAM is 2.9%, up from 1.5% compared to the previous year. The mindshare of Devo is 1.1%, up from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Market Share Distribution
ProductMarket Share (%)
Cortex XSIAM2.9%
Devo1.1%
Other96.0%
Security Information and Event Management (SIEM)
 

Featured Reviews

AKASH MAJUMDER - PeerSpot reviewer
Incident response times have significantly reduced with efficient device integration and log parsing capabilities
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports. Additionally, a future update request is to enable tagging of endpoints in groups, similar to a feature available in Cortex XDR. The AI analytics need fine-tuning because some use cases are not working from my side.
Read full review
Michael Wenn - PeerSpot reviewer
Has cloud-first architecture with SIEM technology to run security operations
When it comes to scale, they're architected quite well. They handle some of the biggest customers globally, with significant throughput on their platform, managing thousands of customers. One of the most impressive aspects of Devo is its customer community. A large majority, over 80 percent of their customers, actively participate on a Devo-specific community page. They're contributing to product development and support, events, and user group information, helping each other out. This high level of engagement is rare and demonstrates both the loyalty of their customer base and the quality of their product. They offer a range of small, medium, and large options to cater to everyone. I sold Devo products while working with them, focusing on enterprise solutions. However, as a small reseller, my customers were typically smaller businesses. I rate the solution's scalability a nine out of ten.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features of Cortex XSIAM are the machine learning used to identify threats, the complexity of the environment of products, and efficiency."
"The automation capabilities significantly improve response times by allowing us to respond to incidents from a single dashboard rather than navigating multiple dashboards."
"I would give Cortex XSIAM a rating of ten out of ten."
"The most valuable feature is the integration capability."
"One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities."
"Its ability to deliver a substantial amount of security intelligence greatly enhances and optimizes our security operations program."
"The flexibility for creating manual workflows stands out."
"One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities."
More Cortex XSIAM pros
"Scalability is one of Devo's strengths."
"Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit."
"The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before."
"The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."
"The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us."
"In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."
"Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five different tools to try to build a timeline out themselves. They can just ingest it all, build a timeline out across all the logging, and all the different information sources in one dashboard. So, it's a huge time saver. It also has the accuracy of being able to look at all those data sources in one view. The log analysis, which would take 40 hours, we can probably get through it in about five to eight hours using Devo."
"The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way."
More Devo pros
 

Cons

"Cortex XSIAM is on the expensive side and requires substantial improvement in pricing."
"The first impression is that XSIAM would be more expensive than others we tried."
"I would rate the overall stability a six or seven, as we have only used it for a few months and need a year of experience to provide a full assessment."
"Cortex XSIAM is on the expensive side and requires substantial improvement in pricing."
"The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long."
"It could provide more integration with a large variety of products."
"There is room for improvement in expanding integrations to include more cybersecurity solutions."
"Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable compared to CrowdStrike."
More Cortex XSIAM cons
"Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data."
"The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts."
"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate."
"There's always room to reduce the learning curve over how to deal with events and machine data. They could make the machine data simpler."
"There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space."
"Technical support could be better."
"The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc."
"Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented."
More Devo cons
 

Pricing and Cost Advice

"The product cost could be considered value for money compared to other solutions in the market, though it is quite high."
"The solution is expensive compared to its competitors."
"Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."
"The solution comes at a significant cost."
"In terms of pricing, we found Cortex XSIAM to offer a very reasonable and competitive rate."
"Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
"[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
"Devo is a hosted or subscription-based solution, whereas before, we purchased QRadar, so we owned it and just had to pay a maintenance fee. We've encountered this with some other products, too, where we went over to subscription-based. Our thought process is that with subscription based, the provider hosts and maintains the tool, and it's offsite. That comes with some additional fees, but we were able to convince our upper management it was worth the price. We used to pay under 10k a year for maintenance, and now we're paying ten times that. It was a relatively tough sell to our management, but I wonder if we have a choice anymore; this is where the market is."
"Our licensing fees are billed annually and per terabyte."
"Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
"Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
"I rate the pricing a four on a scale of one to ten, where one is cheap, and ten is expensive."
"Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."
More Devo pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
867,370 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
12%
Manufacturing Company
10%
Financial Services Firm
10%
Government
7%
Financial Services Firm
16%
Computer Software Company
12%
University
9%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise2
Large Enterprise3
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise4
Large Enterprise11
 

Questions from the Community

What do you like most about Cortex XSIAM?
It is an effective solution in terms of performance and functionalities.
See all answers
What is your experience regarding pricing and costs for Cortex XSIAM?
The cost of Cortex XSIAM in the India market differs from other regions. When considering competition, from a sales perspective, the pricing is acceptable.
See all answers
What needs improvement with Cortex XSIAM?
The main area for improvement is the user interface intuitiveness - specifically how quickly users can grasp the portal functionality. For SOC analysts, the focus should be on improving the speed o...
See all answers
What do you like most about Devo?
Devo has a really good website for creating custom configurations.
See all answers
What is your experience regarding pricing and costs for Devo?
Compared to Splunk or SentinelOne, it is really expensive. I rate the product’s pricing a nine out of ten, where one is cheap and ten is expensive.
See all answers
What needs improvement with Devo?
They can improve their AI capabilities. If you look at some integrations like XDR or AI, which add to the platform to correlate situations in events, there are areas for enhancement. For instance, ...
See all answers
 

Comparisons

Palo Alto Networks Cortex XSOAR vs Cortex XSIAM Logo
Palo Alto Networks Cortex XSOAR vs Cortex XSIAM
Compared 31% of the time
Microsoft Sentinel vs Cortex XSIAM Logo
Microsoft Sentinel vs Cortex XSIAM
Compared 12% of the time
Cortex XDR by Palo Alto Networks vs Cortex XSIAM Logo
Cortex XDR by Palo Alto Networks vs Cortex XSIAM
Compared 7% of the time
CrowdStrike Falcon vs Cortex XSIAM Logo
CrowdStrike Falcon vs Cortex XSIAM
Compared 6% of the time
IBM Security QRadar vs Cortex XSIAM Logo
IBM Security QRadar vs Cortex XSIAM
Compared 6% of the time
More Cortex XSIAM Competitors
LogRhythm SIEM vs Devo Logo
LogRhythm SIEM vs Devo
Compared 15% of the time
Microsoft Sentinel vs Devo Logo
Microsoft Sentinel vs Devo
Compared 13% of the time
IBM Security QRadar vs Devo Logo
IBM Security QRadar vs Devo
Compared 11% of the time
Splunk Enterprise Security vs Devo Logo
Splunk Enterprise Security vs Devo
Compared 10% of the time
Datadog vs Devo Logo
Datadog vs Devo
Compared 6% of the time
More Devo Competitors
 

Product Reports

Buyer's Guide
Cortex XSIAM
September 2025
Cortex XSIAM reportDownload Cortex XSIAM product report
Buyer's Guide
Devo
September 2025
Devo reportDownload Devo product report
 

Overview

Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.

Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.

What are Cortex XSIAM's key features?

  • Security Orchestration: Streamlines processes across security operations.
  • Automation and Response: Efficient incident response management.
  • Detection Enrichment: Enhances identification of threats.
  • Centralized Endpoint Security: Comprehensive protection and monitoring of endpoints.
  • Forensic Investigation: Automated investigation to expedite threat analysis.

What benefits are evident in Cortex XSIAM reviews?

  • Cost-Effectiveness: Provides economical options compared to other market players.
  • Comprehensive Integration: Seamlessly integrates with multiple data sources and vendors.
  • Reduced Management Effort: Simplifies the administration of security operations.
  • Enhanced Threat Detection: Strengthens identification and remediation processes.

Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.

Palo Alto Networks

Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

Devo
 

Sample Customers

Information Not Available
United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
Buyer's Guide
Cortex XSIAM vs. Devo
September 2025
Free Report: Cortex XSIAM vs. Devo
Find out what your peers are saying about Cortex XSIAM vs. Devo and other solutions. Updated: September 2025.
DOWNLOAD NOW
867,370 professionals have used our research since 2012.
See our Cortex XSIAM vs. Devo report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.