Splunk SOAR and Cortex XSIAM are both prominent players in the security orchestration market. Based on user feedback, Splunk SOAR appears to have the upper hand due to its advanced customization and intuitive automation features.
Features: Splunk SOAR offers extensive integration capabilities, flexible playbook creation, and advanced automation to reduce incident response times. Its seamless integration with various systems and ease of use in investigations are noteworthy. Cortex XSIAM shines with powerful machine learning for threat identification, enriched detection, and sophisticated security orchestration features.
Room for Improvement: Splunk SOAR requires better IAM integration, enhanced playbook editor functionality, and more affordable pricing for small businesses. Documentation and feature expansion are also needed. Cortex XSIAM faces high pricing issues, needs faster support, and better integration flexibility.
Ease of Deployment and Customer Service: Splunk SOAR supports multiple deployment environments, including public cloud, hybrid, and on-premises, but has mixed customer service reviews. Cortex XSIAM is mainly adjusted for public cloud usage and lacks strong support endorsements despite having high-quality documentation.
Pricing and ROI: Splunk SOAR is initially costly, particularly for small businesses, but offers long-term ROI through efficient threat management and resource optimization. Cortex XSIAM is expensive with additional integration costs, yet users find its robust features justify the price. Both platforms offer significant ROI through operational efficiency.
Since deploying Splunk SOAR, there has been a notable reduction in time spent on monotonous security tasks, which I estimate to be around 95%, enabling my team to focus on more strategic initiatives.
We've seen a decrease in false positives and a significant increase in our containment.
Monthly, around 300 hours of effort, it is saving with Splunk SOAR.
With premium support, core Palo Alto technical experts handle issues directly.
It is ineffective in terms of responding to basic queries and addressing future requirements.
The Palo Alto support team is fully responsive and helpful.
Discovering different troubleshooting methods is harder to do with Splunk SOAR than with Enterprise Security or other Splunk services.
We always have a customer support representative who will come in the picture and help us to direct any ticket or any issue that we are facing to the right team.
Splunk's technical support is very good and generally not needed often due to the stable environment.
Without proper integration, scaling up with more servers is meaningless.
Cortex XSIAM is highly scalable.
It can be extended and adapted as necessary.
Regarding scalability, I find it to be a nine, as we have had no issues with scaling Splunk SOAR.
Everyone is ingesting Copilots or some form of AI in their platforms, and Splunk SOAR doesn't have it yet.
The product was easy to install and set up and worked right.
Overall, Cortex XSIAM is stable.
It works really nice and performs really efficiently after configuration.
We have not experienced any downtime, crashes, or performance issues.
We have not seen any impact in the work that we do with Splunk SOAR or the SIEM platform.
I would rate Splunk SOAR's stability at around eight, indicating that it is quite stable with minimal downtime, bugs, or glitches.
Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long.
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.
Cortex XSIAM is on the expensive side and requires substantial improvement in pricing.
If we start ingesting those data to Splunk SOAR or SIEM with some sort of integration with threat intelligence feed, that will also improve our detection and prediction method or help us with the investigation.
Although it enhances alert handling, it still has a journey to compete with Palo Alto SOAR and FortiSOAR.
Splunk's Unified Platform does help consolidate networking security and IT observability tools.
The first impression is that XSIAM would be more expensive than others we tried.
The product is very expensive.
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable.
It is way below what it costs to hire some professionals to do only that type of work.
Splunk SOAR is moderately priced, neither cheap nor overly expensive.
I am familiar with the pricing aspect, setup cost, and licensing cost of Splunk SOAR, and it is pretty much similar to what industries are offering these days.
The advanced visualization capabilities of the product are important for understanding security trends in an organization.
One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities.
The flexibility for creating manual workflows stands out.
Creating playbooks using the Playbook Editor in Splunk SOAR is easy. The editor is designed to be user-friendly with visual drag and drop features, allowing for easy workflows without writing any code.
Splunk SOAR saves time in threat response, and the time to solve an incident is currently the best in the market.
Splunk SOAR has improved our MTTD and MTTR both with the consolidation with a unified platform with Splunk.
| Product | Mindshare (%) |
|---|---|
| Cortex XSIAM | 2.0% |
| Splunk Enterprise Security | 7.2% |
| Wazuh | 5.8% |
| Other | 85.0% |
| Product | Mindshare (%) |
|---|---|
| Splunk SOAR | 8.0% |
| Microsoft Sentinel | 12.2% |
| Palo Alto Networks Cortex XSOAR | 8.8% |
| Other | 71.0% |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 2 |
| Large Enterprise | 4 |
| Company Size | Count |
|---|---|
| Small Business | 16 |
| Midsize Enterprise | 8 |
| Large Enterprise | 36 |
Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.
Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.
What are Cortex XSIAM's key features?
What benefits are evident in Cortex XSIAM reviews?
Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.
Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.
Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.
Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.
Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.
Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
