No more typing reviews! Try our Samantha, our new voice AI agent.

Cortex XSIAM vs SentinelOne Singularity AI SIEM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 29, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
4.3
Cortex XSIAM achieved savings over $500,000 by automating over half of detection and response, optimizing incident management.
Sentiment score
4.8
SentinelOne SIEM enhances SOC efficiency, reduces investigation times over 50%, and offers value despite higher pricing.
SentinelOne Singularity AI SIEM has reduced our response time to true positive alerts by approximately forty percent through automation.
IT Security Analyst at a tech consulting company with 11-50 employees
At the moment, I feel the pricing is a little bit on the higher side, but the tool is positioned in a place where risk is very high, and we do not want to take chances, so we are prepared to pay the premium.
Group Chief Information Officer at NeST Information Technologies Pvt Ltd
The effect of SentinelOne Singularity AI SIEM on our customers' SOC efficiency in investigating alerts and responding to incidents is significant.
Vice President Cyber Security Practice Head at orbit techsol w pvt.ltd
 

Customer Service

Sentiment score
6.1
Cortex XSIAM technical support experiences vary, with premium support praised for expertise, while distributor-based support quality fluctuates.
Sentiment score
7.4
SentinelOne Singularity AI SIEM's support is highly rated for responsiveness, AI-based help, and effective problem resolution.
With premium support, core Palo Alto technical experts handle issues directly.
Team Lead, Security at seamlessinfotech.com
It is ineffective in terms of responding to basic queries and addressing future requirements.
Associate Director at a financial services firm with 5,001-10,000 employees
I had a dedicated person allocated for supporting, and even with them, it was very good.
Cybersecurity Architect at a computer software company with 10,001+ employees
SentinelOne Singularity AI SIEM has AI-based technical support available.
IT Security Analyst at a tech consulting company with 11-50 employees
Based on my experience with the technical support of SentinelOne Singularity AI SIEM, I would rate them a ten.
Vice President Cyber Security Practice Head at orbit techsol w pvt.ltd
In rating the technical support for SentinelOne, it depends on whether we are discussing EDR or SentinelOne Singularity AI SIEM.
Managing Director at iMark Consult
 

Scalability Issues

Sentiment score
6.6
Cortex XSIAM excels in scalability and cloud deployment, though integration affects performance and some prefer more on-premises functionality.
Sentiment score
5.2
SentinelOne Singularity AI SIEM scales efficiently with proper configuration and management, though implementation can be challenging.
Without proper integration, scaling up with more servers is meaningless.
Associate Director at a financial services firm with 5,001-10,000 employees
The SOC team is responsible for fully managing Cortex XSIAM.
Cybersecurity Architect at a computer software company with 10,001+ employees
Cortex XSIAM is highly scalable.
SOC Analyst at OVELOSEC
With any AI adoption, the end goal should be more governance and data security and safety.
Associate Vice President at Novac Technology Solutions
The performance depends on the configuration.
IT Security Analyst at a tech consulting company with 11-50 employees
It is scalable, and we can increase the compute size. It can scale. There are no challenges.
Vice President Cyber Security Practice Head at orbit techsol w pvt.ltd
 

Stability Issues

Sentiment score
7.5
Cortex XSIAM is cloud-based, reliable, with minimal maintenance, and occasional update issues are quickly resolved, enhancing performance.
Sentiment score
7.7
SentinelOne Singularity AI SIEM is generally praised for stability and fast log searches, though some report past issues.
The product was easy to install and set up and worked right.
Owner at Xelere
With continuous integration that the colleagues probably are doing, it is becoming better and better.
Cybersecurity Architect at a computer software company with 10,001+ employees
Overall, Cortex XSIAM is stable.
SOC Analyst at OVELOSEC
When it comes to stability, I would give SentinelOne Singularity AI SIEM a nine.
IT Security Consultant at Systemhaus for you GmbH
In terms of performance stability, I have never had any crashes, downtimes, or performance issues.
Cyber Security Engineer at a retailer with 201-500 employees
Even the data lake feature they have, in terms of keeping all the logs intact, those log searches are extremely fast on SentinelOne Singularity AI SIEM, even though the data is very high.
Technical Lead at CloudBolt Software
 

Room For Improvement

Cortex XSIAM needs better integration, usability, pricing, data management, and support for enhanced performance and flexibility.
SentinelOne Singularity AI SIEM struggles with stability, integrations, UI issues, high pricing, and requires improved support and automation.
Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long.
Associate Director at a financial services firm with 5,001-10,000 employees
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.
SOC Analyst at OVELOSEC
Cortex XSIAM is on the expensive side and requires substantial improvement in pricing.
Solutions Architect at ostec
The adoption rate will be less compared to other products, as this can be a time-taken process because all my data needs to be offloaded and the system needs to understand my existing alerts, logs, and other things.
Associate Vice President at Novac Technology Solutions
The interface flickers frequently, and sometimes it does not load properly.
IT Security Analyst at a tech consulting company with 11-50 employees
Whenever OT security comes into the picture, the customers do not allow us to integrate their OT devices on a cloud. It should be available on-premises because the OT SIEM market, in the India market for instance, is something around a four to eight billion dollar market.
Vice President Cyber Security Practice Head at orbit techsol w pvt.ltd
 

Setup Cost

Cortex XSIAM is expensive with variable pricing, complexity in licensing, and additional costs for functionalities and resources.
The first impression is that XSIAM would be more expensive than others we tried.
Owner at Xelere
The product is very expensive.
Associate Director at a financial services firm with 5,001-10,000 employees
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable.
Director at MICROLOGIC NETWORKS PRIVATE LIMITED
I find SentinelOne's pricing to be reasonable and competitive.
Information Security Principal at a venture capital & private equity firm with 1,001-5,000 employees
 

Valuable Features

Cortex XSIAM enhances incident response with automation, integration, and machine learning, providing comprehensive network security and threat identification.
SentinelOne Singularity AI SIEM enhances threat detection and response efficiency with AI-driven insights and flexible integrations.
The advanced visualization capabilities of the product are important for understanding security trends in an organization.
Solutions Architect at ostec
To have Cortex XSIAM available is to basically have integration of all log sources, all alerting, and so on and so forth from firewalls and different tools, to get everything in one place, and afterwards to be able to build on the information that is coming.
Cybersecurity Architect at a computer software company with 10,001+ employees
One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities.
Owner at Xelere
We finally have visibility into things that were never visible before.
IT Security Consultant at Systemhaus for you GmbH
It employs a combination of AI and ML to check for viruses or any other malicious processes, including fileless attacks.
Cyber Security Engineer at a retailer with 201-500 employees
The AI-driven threat detection capabilities improve our overall security posture.
Associate Vice President at Novac Technology Solutions
 

Categories and Ranking

Cortex XSIAM
Ranking in Security Information and Event Management (SIEM)
8th
Average Rating
8.6
Reviews Sentiment
6.7
Number of Reviews
16
Ranking in other categories
Identity Threat Detection and Response (ITDR) (6th), AI-Powered Cybersecurity Platforms (7th)
SentinelOne Singularity AI ...
Ranking in Security Information and Event Management (SIEM)
15th
Average Rating
8.8
Reviews Sentiment
6.1
Number of Reviews
9
Ranking in other categories
AI Observability (11th)
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Cortex XSIAM is 1.7%, down from 2.8% compared to the previous year. The mindshare of SentinelOne Singularity AI SIEM is 1.4%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Cortex XSIAM1.7%
SentinelOne Singularity AI SIEM1.4%
Other96.9%
Security Information and Event Management (SIEM)
 

Featured Reviews

reviewer2541030 - PeerSpot reviewer
Cybersecurity Architect at a computer software company with 10,001+ employees
Unified security monitoring has simplified incident response and improved automated threat handling
The firewall side can make some improvements. I know the firewall on Cortex XSIAM is based on Windows. From what I have experienced so far, I have seen that the policies you can create are actually very in-depth. I mean, you can do most of the things and a lot of integration that you actually want. So if I want to choose to send things to WildFire, for example, I can choose to send it, I can choose to not send it. This basically offers flexibility to implement Cortex XSIAM in more standardized places where you maybe have a certification. I would say that the thing that maybe needs a bit more improvement is the fact that the one with the firewall because I have seen some things there that are kind of hard to manage. You do not really have a very easy way to manage those, unless you actually know where you have put them. So it is very inflexible. In the rest, you have a lot of playbooks that you can do and you can do lots of automation, which is actually easy to manage from what I have seen from my colleagues.
MM
Information Security Principal at a venture capital & private equity firm with 1,001-5,000 employees
Consolidated security operations have improved detection speed and reduced SOC costs
There is room for improvement when it comes to the technical support quality and expertise of SentinelOne. Sometimes, the technical support team does not know how to resolve certain issues and takes time to respond, often requiring follow-up interactions within 24 hours. SentinelOne Singularity AI SIEM can be improved in terms of support capabilities. Some logs from the server side need to be ingested. Secureworks was integrating with domain controllers and other systems, but SentinelOne still has some gaps. Some vendors cannot be integrated directly. For example, we are using Cisco Umbrella for DNS security, and we have to integrate it through an Amazon S3 bucket where we dump the logs and SentinelOne reads them from that location. For some Microsoft integrations, we must enable certain storage components and pay Microsoft directly to retrieve logs. There is no direct integration, so we must access the logs through that workaround. Previously with Secureworks, we had direct integration with Microsoft. Direct integration with Microsoft is not available now. SentinelOne needs to work on many product integrations to enable direct connectivity.
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
12%
Manufacturing Company
10%
Financial Services Firm
9%
Government
6%
Outsourcing Company
11%
Manufacturing Company
8%
Construction Company
8%
Healthcare Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise2
Large Enterprise5
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise3
Large Enterprise3
 

Questions from the Community

What is your experience regarding pricing and costs for Cortex XSIAM?
I did not participate in pricing discussions for Cortex XSIAM solutions, so I cannot provide a review regarding prices for this solution.
What needs improvement with Cortex XSIAM?
The firewall side can make some improvements. I know the firewall on Cortex XSIAM is based on Windows. From what I have experienced so far, I have seen that the policies you can create are actually...
What needs improvement with SentinelOne Singularity AI SIEM?
I would want the false positive ratio to be lower and would want to improve that aspect so the true will be more, and the false will be lesser. Other than false positives, the true will be increase...
What is your primary use case for SentinelOne Singularity AI SIEM?
We discuss with customers whether they want to go on a cloud or on-premises for the usual use cases of SentinelOne Singularity AI SIEM that I work with mostly. If a customer has a SentinelOne EDR, ...
What advice do you have for others considering SentinelOne Singularity AI SIEM?
Correlation, alerting, reporting, and helping with the AI-based alerts generated by the AI are the usual use cases. The parsing is already built into SentinelOne Singularity AI SIEM. There is no ch...
 

Overview

Find out what your peers are saying about Cortex XSIAM vs. SentinelOne Singularity AI SIEM and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.