Splunk SOAR and Cortex XSIAM both compete in the cybersecurity space, focusing on automation and threat detection. Splunk SOAR has the edge in integration capabilities and customizable playbooks, while Cortex XSIAM is superior in advanced analytics and unified threat detection.
Features: Splunk SOAR offers robust integration capabilities, customizable playbooks, and effective time-saving automation. On the other hand, Cortex XSIAM excels with unified threat detection using machine learning and forensic investigation features, providing a comprehensive security solution.
Room for Improvement: Splunk SOAR could enhance integration, reporting, playbook creation, and interface usability. Its case management and certain features require optimization. Cortex XSIAM could expand its integration coverage and address performance issues under heavy loads, along with enhancing contextual reporting.
Ease of Deployment and Customer Service: Splunk SOAR supports flexible deployments on cloud and on-premises, backed by detailed documentation and community support. However, support service efficiency varies. Cortex XSIAM primarily focuses on cloud and hybrid solutions, offering adequate support with room for improving response times and developer flexibility.
Pricing and ROI: Splunk SOAR is perceived as expensive, particularly for smaller organizations, but offers substantial ROI via automation. It uses user-based licensing with possible volume discounts. Cortex XSIAM provides a competitive pricing model aligning with customer budgets, despite facing criticism for high costs associated with additional services. Both solutions are costly, with Splunk SOAR often seen as offering upfront value for its comprehensive features.
It is ineffective in terms of responding to basic queries and addressing future requirements.
The Palo Alto support team is fully responsive and helpful.
Splunk's technical support is very good and generally not needed often due to the stable environment.
Without proper integration, scaling up with more servers is meaningless.
Cortex XSIAM is highly scalable.
It can be extended and adapted as necessary.
The product was easy to install and set up and worked right.
Overall, Cortex XSIAM is stable.
Splunk SOAR provides a stable environment and technology.
In terms of incident response automation, it is quite poor due to the lack of integration with all security tools, making manual intervention necessary.
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable compared to CrowdStrike.
Although it enhances alert handling, it still has a journey to compete with Palo Alto SOAR and FortiSOAR.
To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced lifecycle management.
The product is very expensive.
The first impression is that XSIAM would be more expensive than others we tried.
The licensing cost of Cortex XSIAM is more or less the same as Splunk, making it quite expensive compared to other tools.
Splunk SOAR is moderately priced, neither cheap nor overly expensive.
Splunk SOAR is affordable cost-wise only.
Its signature-less subscriptions and robust detection power stand out in improving threat detection.
Cortex XSIAM is able to detect abnormal behavior of malicious code and subsequently block it.
One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities.
Creating playbooks using the Playbook Editor in Splunk SOAR is easy. The editor is designed to be user-friendly with visual drag and drop features, allowing for easy workflows without writing any code.
The customization of the playbook in Splunk SOAR is very beneficial.
Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.
Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.
What are Cortex XSIAM's key features?
What benefits are evident in Cortex XSIAM reviews?
Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.
Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.
Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.
Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.
Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.
Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
