Splunk SOAR and Cortex XSIAM are both prominent players in the security orchestration market. Based on user feedback, Splunk SOAR appears to have the upper hand due to its advanced customization and intuitive automation features.
Features: Splunk SOAR offers extensive integration capabilities, flexible playbook creation, and advanced automation to reduce incident response times. Its seamless integration with various systems and ease of use in investigations are noteworthy. Cortex XSIAM shines with powerful machine learning for threat identification, enriched detection, and sophisticated security orchestration features.
Room for Improvement: Splunk SOAR requires better IAM integration, enhanced playbook editor functionality, and more affordable pricing for small businesses. Documentation and feature expansion are also needed. Cortex XSIAM faces high pricing issues, needs faster support, and better integration flexibility.
Ease of Deployment and Customer Service: Splunk SOAR supports multiple deployment environments, including public cloud, hybrid, and on-premises, but has mixed customer service reviews. Cortex XSIAM is mainly adjusted for public cloud usage and lacks strong support endorsements despite having high-quality documentation.
Pricing and ROI: Splunk SOAR is initially costly, particularly for small businesses, but offers long-term ROI through efficient threat management and resource optimization. Cortex XSIAM is expensive with additional integration costs, yet users find its robust features justify the price. Both platforms offer significant ROI through operational efficiency.
Since deploying Splunk SOAR, there has been a notable reduction in time spent on monotonous security tasks, which I estimate to be around 95%, enabling my team to focus on more strategic initiatives.
We've seen a decrease in false positives and a significant increase in our containment.
Monthly, around 300 hours of effort, it is saving with Splunk SOAR.
With premium support, core Palo Alto technical experts handle issues directly.
It is ineffective in terms of responding to basic queries and addressing future requirements.
The Palo Alto support team is fully responsive and helpful.
Discovering different troubleshooting methods is harder to do with Splunk SOAR than with Enterprise Security or other Splunk services.
We always have a customer support representative who will come in the picture and help us to direct any ticket or any issue that we are facing to the right team.
I have worked with Splunk SOAR's technical support or customer service, which I find to be as perfect as Splunk SIEM
Without proper integration, scaling up with more servers is meaningless.
Cortex XSIAM is highly scalable.
This solution is very much scalable, so I would rate it a ten.
It can be extended and adapted as necessary.
Regarding scalability, I find it to be a nine, as we have had no issues with scaling Splunk SOAR.
The product was easy to install and set up and worked right.
Overall, Cortex XSIAM is stable.
It works really nice and performs really efficiently after configuration.
We have not experienced any downtime, crashes, or performance issues.
We have not seen any impact in the work that we do with Splunk SOAR or the SIEM platform.
I have not encountered any outages or glitches within my experience with Splunk SOAR.
Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long.
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.
Cortex XSIAM is on the expensive side and requires substantial improvement in pricing.
If we start ingesting those data to Splunk SOAR or SIEM with some sort of integration with threat intelligence feed, that will also improve our detection and prediction method or help us with the investigation.
Torq is better than Splunk SOAR because Torq has a no-code UI where we can accomplish anything through drag and drop.
Visibility into automated response actions and investigation workflows that help analysts to quickly identify threats and understand attack patterns.
The first impression is that XSIAM would be more expensive than others we tried.
The product is very expensive.
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable.
It is way below what it costs to hire some professionals to do only that type of work.
Splunk SOAR is moderately priced, neither cheap nor overly expensive.
I am familiar with the pricing aspect, setup cost, and licensing cost of Splunk SOAR, and it is pretty much similar to what industries are offering these days.
The advanced visualization capabilities of the product are important for understanding security trends in an organization.
One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities.
The flexibility for creating manual workflows stands out.
Creating playbooks using the Playbook Editor in Splunk SOAR is easy. The editor is designed to be user-friendly with visual drag and drop features, allowing for easy workflows without writing any code.
Splunk SOAR saves time in threat response, and the time to solve an incident is currently the best in the market.
Splunk SOAR has improved our MTTD and MTTR both with the consolidation with a unified platform with Splunk.
| Product | Mindshare (%) |
|---|---|
| Cortex XSIAM | 1.7% |
| Splunk Enterprise Security | 7.3% |
| IBM Security QRadar | 5.3% |
| Other | 85.7% |
| Product | Mindshare (%) |
|---|---|
| Splunk SOAR | 7.1% |
| Microsoft Sentinel | 9.8% |
| Palo Alto Networks Cortex XSOAR | 8.7% |
| Other | 74.4% |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 2 |
| Large Enterprise | 4 |
| Company Size | Count |
|---|---|
| Small Business | 18 |
| Midsize Enterprise | 8 |
| Large Enterprise | 39 |
Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.
Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.
What are Cortex XSIAM's key features?
What benefits are evident in Cortex XSIAM reviews?
Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.
Splunk SOAR focuses on automating security operations with seamless third-party integrations and customizable workflows, enhancing incident response and threat management.
Splunk SOAR offers robust playbook automation and powerful API connectivity, allowing organizations to streamline workflows and integrate extensively with tools like Salesforce and ServiceNow. With its capabilities in real-time data visualization and automated threat responses, it significantly enhances security and reduces manual efforts. Users appreciate the ease of creating playbooks, which reduces mean time to detect and resolve. However, attention to its integration challenges with Microsoft products, the need for more playbooks, and improved customization tools is necessary. Enhancements in the development process, visibility, scalability, and case management options are also beneficial. Improving documentation and training resources would add more depth and accessibility.
What are the top features of Splunk SOAR?Organizations implement Splunk SOAR in industries to automate tasks in Security Operation Centers, addressing incidents such as phishing, brute force, and ransomware. It integrates with third-party applications for threat intelligence enrichment, commonly deployed both on-premise and cloud, enhancing cybersecurity efforts.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
