No more typing reviews! Try our Samantha, our new voice AI agent.

Cortex XSIAM vs RSA enVision comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XSIAM
Ranking in Security Information and Event Management (SIEM)
8th
Average Rating
8.6
Reviews Sentiment
6.7
Number of Reviews
16
Ranking in other categories
Identity Threat Detection and Response (ITDR) (6th), AI-Powered Cybersecurity Platforms (7th)
RSA enVision
Ranking in Security Information and Event Management (SIEM)
32nd
Average Rating
7.2
Reviews Sentiment
6.7
Number of Reviews
6
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Cortex XSIAM is 1.7%, down from 2.8% compared to the previous year. The mindshare of RSA enVision is 0.8%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Cortex XSIAM1.7%
RSA enVision0.8%
Other97.5%
Security Information and Event Management (SIEM)
 

Featured Reviews

reviewer2541030 - PeerSpot reviewer
Cybersecurity Architect at a computer software company with 10,001+ employees
Unified security monitoring has simplified incident response and improved automated threat handling
The firewall side can make some improvements. I know the firewall on Cortex XSIAM is based on Windows. From what I have experienced so far, I have seen that the policies you can create are actually very in-depth. I mean, you can do most of the things and a lot of integration that you actually want. So if I want to choose to send things to WildFire, for example, I can choose to send it, I can choose to not send it. This basically offers flexibility to implement Cortex XSIAM in more standardized places where you maybe have a certification. I would say that the thing that maybe needs a bit more improvement is the fact that the one with the firewall because I have seen some things there that are kind of hard to manage. You do not really have a very easy way to manage those, unless you actually know where you have put them. So it is very inflexible. In the rest, you have a lot of playbooks that you can do and you can do lots of automation, which is actually easy to manage from what I have seen from my colleagues.
SF
Président at ARS Solutions
Support both French and English, which is important for us and adapted to the evolving security landscape over time in my experience
You need a skilled engineer to deploy it because you can do anything with this tool. You can see everything on the network. A good engineer will be surprised and have fun using this tool because it's very powerful. Deployment process: You need to build a recipe/layout when you want to deploy something. Once the recipe is done, you just have to copy it. So you really need a good engineer at first, but then any other technician can copy the recipe. You don't need to be an expert once the recipe is finalized. So, once you have it set up, it's easy to deploy. But you need a good engineer to deploy it correctly. You will get alerts from the system, but if you want to fully explore and maximize the tool, the engineering needs are different.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Its ability to deliver a substantial amount of security intelligence greatly enhances and optimizes our security operations program."
"The way the solution responds to detections and warnings is really impressive."
"It does a better job of identifying anomalies that are more likely to be incidents of compromise without as many false positives or false negatives."
"For me, to have Cortex XSIAM available is to basically have integration of all log sources, all alerting, and so on and so forth from firewalls and different tools, to get everything in one place, and afterwards to be able to build on the information that is coming."
"The most valuable features of Cortex XSIAM are the machine learning used to identify threats, the complexity of the environment of products, and efficiency."
"Cortex XSIAM enhances our ability to apply endpoint protection policies, implement restrictions, conduct scans, and engage in sandboxing."
"The flexibility for creating manual workflows stands out."
"One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities."
"The most valuable feature of this solution is the reporting."
"We developed around this solution and received excellent support from the company."
"The custom dashboard and correlation alerts in this solution improved our incident response process."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"The ease of log collection and stability of the platform are the most valuable features."
"RSA enVision provides the full system visibility of your events within your IT ecosystem."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
 

Cons

"Further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous."
"Cortex could improve the detection and online resolution of security vulnerabilities."
"The main area for improvement is the user interface intuitiveness - specifically how quickly users can grasp the portal functionality."
"I am not sure if any improvements are needed right now."
"The support could be a bit faster."
"Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable compared to CrowdStrike."
"Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports."
"The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long."
"In general, the solution currently isn't user-friendly."
"Sometimes the investigation panel and reporting engine work very slowly."
"Whenever you perform the query, it takes too long."
"Licensing could be improved to be more oriented towards Managed Service Providers (MSPs)."
"RSA enVision log manager is out of date and is not in use anymore."
"The integration could be easier, it should support more products."
"There is no future for this solution. It does not exist anymore."
 

Pricing and Cost Advice

"In terms of pricing, we found Cortex XSIAM to offer a very reasonable and competitive rate."
"The product cost could be considered value for money compared to other solutions in the market, though it is quite high."
"The solution comes at a significant cost."
"Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."
"The solution is expensive compared to its competitors."
"We no longer pay a licensing fee because it is out of date and don't pay for support."
"On a scale of one to ten, where one is low, and ten is high price, I rate the pricing a six."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
12%
Manufacturing Company
10%
Financial Services Firm
9%
Government
6%
Comms Service Provider
14%
Construction Company
13%
Manufacturing Company
11%
Retailer
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise2
Large Enterprise5
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Cortex XSIAM?
I did not participate in pricing discussions for Cortex XSIAM solutions, so I cannot provide a review regarding prices for this solution.
What needs improvement with Cortex XSIAM?
The firewall side can make some improvements. I know the firewall on Cortex XSIAM is based on Windows. From what I have experienced so far, I have seen that the policies you can create are actually...
What needs improvement with RSA enVision?
Licensing could be improved to be more oriented towards Managed Service Providers (MSPs). Perhaps offering different types of licensing would be beneficial, as it can be expensive for industries wi...
What advice do you have for others considering RSA enVision?
Overall, I would rate it a nine out of ten. I recommend using it, but it also depends on the needs and the budget. If I still had my company, I think we would continue using RSA enVision. However, ...
What is your experience regarding pricing and costs for RSA enVision?
It's competitive, but they need to adapt to MSPs. Maybe that's not their target market, though.
 

Overview

 

Sample Customers

Information Not Available
BPS (SUISSE), Hypovereinsbank Germany, MAX Hamburgers, Infoplex, Neotel, Telus
Find out what your peers are saying about Cortex XSIAM vs. RSA enVision and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.