No more typing reviews! Try our Samantha, our new voice AI agent.

Cortex XSIAM vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XSIAM
Ranking in Security Information and Event Management (SIEM)
8th
Average Rating
8.6
Reviews Sentiment
6.7
Number of Reviews
16
Ranking in other categories
Identity Threat Detection and Response (ITDR) (6th), AI-Powered Cybersecurity Platforms (7th)
NetWitness Platform
Ranking in Security Information and Event Management (SIEM)
36th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
Log Management (38th)
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Cortex XSIAM is 1.7%, down from 2.8% compared to the previous year. The mindshare of NetWitness Platform is 1.0%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Cortex XSIAM1.7%
NetWitness Platform1.0%
Other97.3%
Security Information and Event Management (SIEM)
 

Featured Reviews

reviewer2541030 - PeerSpot reviewer
Cybersecurity Architect at a computer software company with 10,001+ employees
Unified security monitoring has simplified incident response and improved automated threat handling
The firewall side can make some improvements. I know the firewall on Cortex XSIAM is based on Windows. From what I have experienced so far, I have seen that the policies you can create are actually very in-depth. I mean, you can do most of the things and a lot of integration that you actually want. So if I want to choose to send things to WildFire, for example, I can choose to send it, I can choose to not send it. This basically offers flexibility to implement Cortex XSIAM in more standardized places where you maybe have a certification. I would say that the thing that maybe needs a bit more improvement is the fact that the one with the firewall because I have seen some things there that are kind of hard to manage. You do not really have a very easy way to manage those, unless you actually know where you have put them. So it is very inflexible. In the rest, you have a lot of playbooks that you can do and you can do lots of automation, which is actually easy to manage from what I have seen from my colleagues.
reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I would give Cortex XSIAM a rating of ten out of ten."
"It does a better job of identifying anomalies that are more likely to be incidents of compromise without as many false positives or false negatives."
"The most valuable feature is the integration capability."
"The product integrates seamlessly with third-party solutions."
"It is an effective solution in terms of performance and functionalities."
"The way the solution responds to detections and warnings is really impressive."
"The most valuable features of Cortex XSIAM are the machine learning used to identify threats, the complexity of the environment of products, and efficiency."
"Cortex XSIAM enhances our ability to apply endpoint protection policies, implement restrictions, conduct scans, and engage in sandboxing."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"Technical support is very good; they try to resolve issues with the proper SLAs which are defined by them and they understand the client's requirements as well as the client's infrastructure in a better manner."
"Thanks to this tool, we have a small SOC running in our company."
"Their technical support responds quickly and are knowledgable."
"It's quite economical compared to other solutions in the market."
"The solution is reliable."
"Prior to implementing the solution, the customers had no visibility of their assets, however, after adopting the solution, they have gained complete visibility over all their assets, including a comprehensive understanding of the network and attack symptoms."
"Overall, it is easy to implement."
 

Cons

"It could provide more integration with a large variety of products."
"At the beginning, we experienced some difficulties setting up the product with connectivity and infrastructure, but ultimately it functioned really effectively."
"I am not sure if any improvements are needed right now."
"I would rate the overall stability a six or seven, as we have only used it for a few months and need a year of experience to provide a full assessment."
"There is room for improvement in expanding integrations to include more cybersecurity solutions."
"Further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous."
"The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long."
"The support could be a bit faster."
"An area for improvement would be better automation and more inbuilt use cases."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"It is overly complicated. It has taken years to implement and the return on investment just isn't there."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"The product's licensing models are complex to understand. This particular area needs improvement."
 

Pricing and Cost Advice

"The solution comes at a significant cost."
"Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."
"The solution is expensive compared to its competitors."
"In terms of pricing, we found Cortex XSIAM to offer a very reasonable and competitive rate."
"The product cost could be considered value for money compared to other solutions in the market, though it is quite high."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"Our license is for one year."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"The product price was reasonable for my region and the market."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"We are on an annual license for the use of the solution."
"It’s cheaper to run virtual machines in a VMware environment."
"Compared to the competition, the is price is not that high."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
12%
Manufacturing Company
10%
Financial Services Firm
9%
Government
6%
Financial Services Firm
12%
Construction Company
11%
Comms Service Provider
9%
Outsourcing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise2
Large Enterprise5
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
 

Questions from the Community

What is your experience regarding pricing and costs for Cortex XSIAM?
I did not participate in pricing discussions for Cortex XSIAM solutions, so I cannot provide a review regarding prices for this solution.
What needs improvement with Cortex XSIAM?
The firewall side can make some improvements. I know the firewall on Cortex XSIAM is based on Windows. From what I have experienced so far, I have seen that the policies you can create are actually...
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
 

Also Known As

No data available
RSA Security Analytics
 

Overview

 

Sample Customers

Information Not Available
Los Angeles World Airports, Reply
Find out what your peers are saying about Cortex XSIAM vs. NetWitness Platform and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.