

OpenText Behavioral Signals and Cortex XSIAM are competitive products in data analysis and security. OpenText Behavioral Signals is advantageous in pricing and customer support, while Cortex XSIAM offers superior features and comprehensive solutions, justifying its higher cost.
Features: OpenText Behavioral Signals integrates third-party solutions effectively and offers insights into user behavior, forensic investigation automation, and playbooks for incident handling. Cortex XSIAM excels in threat detection using AI, providing advanced visualization capabilities, and integrating with other Palo Alto solutions.
Room for Improvement: OpenText Behavioral Signals could enhance its security analytics functionalities, expand integration capabilities, and increase real-time feedback features. Cortex XSIAM could improve initial deployment simplicity, optimize its configuration for varied user environments, and further streamline its automation processes.
Ease of Deployment and Customer Service: OpenText Behavioral Signals provides straightforward integration and focuses on automation with an intuitive management system. Cortex XSIAM offers a robust deployment strategy with customization options and has a more extensive support network, providing comprehensive customer service.
Pricing and ROI: OpenText Behavioral Signals is more cost-effective initially with competitive setup costs, delivering rapid return on investment through targeted features. Cortex XSIAM requires higher upfront investment but offers significant long-term value with its expansive feature set, providing greater overall ROI.
Premium support provides direct access, while distributor support quality can vary.
The support for them was better than maybe Trellix, for example.
It is ineffective in terms of responding to basic queries and addressing future requirements.
The SOC team is responsible for fully managing Cortex XSIAM.
Without proper integration, scaling up with more servers is meaningless.
Cortex XSIAM is highly scalable.
The product was easy to install and set up and worked right.
With continuous integration that the colleagues probably are doing, it is becoming better and better.
It works really nice and performs really efficiently after configuration.
Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long.
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.
This basically offers flexibility to implement Cortex XSIAM in more standardized places where you maybe have a certification.
The licensing cost of Cortex XSIAM is more or less the same as Splunk, making it quite expensive compared to other tools.
The first impression is that XSIAM would be more expensive than others we tried.
The product is very expensive.
The advanced visualization capabilities of the product are important for understanding security trends in an organization.
To have Cortex XSIAM available is to basically have integration of all log sources, all alerting, and so on and so forth from firewalls and different tools, to get everything in one place, and afterwards to be able to build on the information that is coming.
Cortex XSIAM allows us to onboard almost every device, whether they are on-prem or on SaaS.
| Product | Mindshare (%) |
|---|---|
| Cortex XSIAM | 1.7% |
| OpenText Behavioral Signals | 0.9% |
| Other | 97.4% |

| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 2 |
| Large Enterprise | 5 |
Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.
Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.
What are Cortex XSIAM's key features?
What benefits are evident in Cortex XSIAM reviews?
Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.
OpenText Behavioral Signals enhances organizational security monitoring with its robust correlation engine and streamlined dashboard, offering customization to suit different environments like airports or banks.
OpenText Behavioral Signals effectively integrates device logs through its strong correlation engine. The platform's customization options enable tailored alerts to match specific use cases, such as airports or banks. Although it needs more frequent updates to stay aligned with global incidents, it provides a centralized dashboard that ensures comprehensive visibility across networks. Users find the interface intuitive, making rule writing and report access easy, aiding in a comprehensive understanding of the network environment.
What are the key features of OpenText Behavioral Signals?In industries like banking and airports, OpenText Behavioral Signals is implemented for gathering global intelligence from the cloud. It notifies organizations about global attacks and updates its correlation engines. These industries utilize the platform for monitoring and analyzing logs from network devices, security log management, and addressing network challenges like link failures and unauthorized login attempts, ensuring better security posture with behavioral analytics and log integration using Unix and Microsoft-based connectors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.