Try our new research platform with insights from 80,000+ expert users

DFLabs IncMan SOAR vs Palo Alto Networks Cortex XSOAR comparison

DFLabs and Palo Alto Networks are both solutions in the Security Orchestration Automation and Response (SOAR) category. DFLabs is ranked #30, while Palo Alto Networks is ranked #3 with an average rating of 8.4. DFLabs holds a 0.5% mindshare in SOAR, compared to Palo Alto Networks’s 8.8% mindshare. Additionally, 90% of Palo Alto Networks users are willing to recommend the solution.
Sponsored
Torq
Read 7 Torq reviews
  • 2,280 Views
  • 2,120 Comparison Views
100% willing to recommend
DFLabs IncMan SOAR
Read 1 DFLabs IncMan SOAR review
  • 263 Views
  • 221 Comparison Views
0% willing to recommend
Palo Alto Networks Cortex X...
Read 51 Palo Alto Networks Cortex XSOAR reviews
  • 8,187 Views
  • 4,585 Comparison Views
90% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between DFLabs IncMan SOAR and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, Splunk, Palo Alto Networks and others in Security Orchestration Automation and Response (SOAR).

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Security Orchestration Automation and Response (SOAR) Report (Updated: March 2026).
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
March 2026
Download the complete report
Helped 885,286 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Torq
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
5th
Average Rating
8.6
Reviews Sentiment
6.6
Number of Reviews
7
Ranking in other categories
AI-SOC (3rd), AI-Powered Security Automation (2nd)
DFLabs IncMan SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
30th
Average Rating
0.0
Reviews Sentiment
7.3
Number of Reviews
1
Ranking in other categories
No ranking in other categories
Palo Alto Networks Cortex X...
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.4
Reviews Sentiment
6.5
Number of Reviews
51
Ranking in other categories
SOC as a Service (2nd)
 

Mindshare comparison

As of March 2026, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Torq is 4.2%, down from 5.1% compared to the previous year. The mindshare of DFLabs IncMan SOAR is 0.5%, up from 0.2% compared to the previous year. The mindshare of Palo Alto Networks Cortex XSOAR is 8.8%, down from 11.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Mindshare Distribution
ProductMindshare (%)
Palo Alto Networks Cortex XSOAR8.8%
Torq4.2%
DFLabs IncMan SOAR0.5%
Other86.5%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Nimrod Vardi - PeerSpot reviewer
Nimrod Vardi
Global IT Director at OpenWeb
Automation workflows have transformed our IT, enabling secure just-in-time access control
We work with them quite often, so we have a direct line regarding areas in Torq that have room for improvement. If we have a feature request, we can request it. I do not have anything in mind at the moment. We were a design partner for a short while, so we feel that they listen and that users of the system have an impact on the way the system is designed for the better. They have a new community, which is something that I personally suggested years ago. There are many people like me in different places and they might have already built the workflow that I need. Having the option to share workflows or to jump on a thread and say I have this need, did anyone ever build a workflow for it, is amazing. Someone would jump in and say yes, sure, here, take this workflow. I think this is an amazing thing and I really hope that the community will come alive because I think this is really powerful. This is something that I already suggested and it did happen eventually, and I am quite happy with it. I do not have any specific feature in mind that I have a need for at the moment.
Read full review
reviewer1137807 - PeerSpot reviewer
reviewer1137807
Technical Team Manager at a tech services company with 11-50 employees
Protects an organization from the threat of a data breach or cyberattack
The vendors themselves will actually help with any customizations a client may require. Many vendors don't offer this service or if they do, they charge very high rates. Their vendors are very helpful; they will walk you through the whole Playbook until you have a good grasp of the product. Also, in terms of integration, it is very seamless compared to other cybersecurity products. They also have good features such as multi-tenancy. Every user would like to see these kinds of fanciful features on a robust interface. It actually makes the user feel like they are in a sci-fi movie.
Read full review
CC
ChrisCollins
Enterprise Security Architect V at FirstEnergy
Customization supports seamless workflow while data influx challenges response time
What I appreciate most about Palo Alto Networks Cortex XSOAR is that it is very open, even more so than Anomali. I can create various custom automations and custom fields. There is significant customization ability in this platform. If I already have an established process, I do not have to change my process to fit into the tool. I can modify the tool to fit into my process, which makes things considerably easier. All of our alerts from different tools come into this central place as we have multiple SIEMs. We have items coming from Anomali and other platforms that are not SIEM tools. This serves as our central location where our SOC analysts can work and determine if incident response is needed. The platform provides data enrichment capabilities, offering information upfront so analysts do not have to search for it. They can access details such as username, phone number, email address, and workplace information. For malware files, they can retrieve details from VirusTotal, including file names and environment presence. We have built substantial automation around these features, which also helps us track case metrics, investigation time, and threat mitigation duration.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Using that one piece of AI, we auto-closed 511 cases in quarter four alone."
"Once I started to use the system and I saw the potential, it changed all of our work in IT."
"As an analyst, it has demonstrated potential to reduce workforce requirements and time needed for related activities."
"Any request that comes in, regardless of how complex it is, I can accomplish it with Torq."
"Torq's unified platform approach to AI, SOAR, automation, and case management is superior compared to my experience managing multiple point solutions."
"If I review about 100 vendors that I might work with, Torq is definitely in the top five that gave me personally investment back, just because every bit of effort I put into Torq eventually became a workflow that gave it back to me."
"What I appreciate most about Torq is that it is an essential part of our system."
"Since we started working with Torq, I am handling much fewer alerts, it is becoming really easy for me to handle an alert, I have all the information that I need, I do not need to connect to different vendors to receive this information, and the main thing I got from Torq is time, which now helps me to build another automated system and learn."
"The vendors themselves will actually help with any customizations a client may require, and their vendors are very helpful; they will walk you through the whole Playbook until you have a good grasp of the product."
"The vendors themselves will actually help with any customizations a client may require"
"I would rate the stability of Cortex XSOAR as nine out of ten."
"The Palo Alto ecosystem has a marketplace offering integration with Sentinel or other products."
"The orchestration in XSOAR is significantly easier compared to other SOAR tools I've used."
"The set of playbooks that XSOAR already has inside it is really huge, and it is also great for a lot of informational security managers and engineers that can just choose what they need and not have to create anything from scratch."
"The product can automate security tasks."
"The drag-and-drop interface enables analysts with no programming knowledge to create playbooks easily."
"I have no complaints about Cortex's stability."
"It was easy to integrate Cortex with existing infrastructure and other tech tools."
More Palo Alto Networks Cortex XSOAR pros
 

Cons

"Regarding the pricing of Torq, I would say it is expensive."
"Regarding stability, I have noticed some lagging, crashing, and downtime, which is one of my largest gripes."
"Even now, we have workflows that are in production that use AI steps and I get different results, making it unusable to some degree."
"We have MCP that we are working with our cloud security platform, and we wanted to connect this MCP to the case management."
"The initial deployment of Torq was not easy."
"The initial deployment of Torq was not easy."
"It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet."
"Because we are located in Singapore, there is a time-zone difference with customer support. The support is not 24/7 so we have to work with them on their schedule for deployment and customization, which is usually in the afternoon, Singapore time."
"The support is not 24/7."
"For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective."
"Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations."
"The existing model is good, but if we go for big deployments, I think there are a few challenges in scalability. They use their internal BoltDB, which is good for a medium organization, but for large organizations, they support Elasticsearch, which is too costly."
"There should be an on-premise version available for customers to have different choices."
"It was expensive, making it essential for the customer to evaluate whether ROI is coming from the business model, as they are also acting as a SOC provider."
"The price of the solution could be improved."
"The solution’s price and technical support could be improved."
"The complexity of Cortex XSOAR has a trade-off with its versatility. The deployment requires integration and the development of integration modules."
More Palo Alto Networks Cortex XSOAR cons
 

Pricing and Cost Advice

Information not available
Information not available
"The solution is based on an annual licensing model that is expensive."
"The solution is a bit on the expensive side."
"On a scale of one to ten, where one is a low price, and ten is a high price, I rate the pricing a nine."
"It is approx $10,000 or $20,000 per year for two user licenses."
"There is a perception that it is priced very high compared to other solutions."
"There is a yearly license required for this solution and it is expensive."
"The solution's cost is reasonable."
"When I first looked at Demisto, it had a price tag of $250,000 but when we finally purchased it, it was $345,000."
More Palo Alto Networks Cortex XSOAR pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
See recommendations
885,286 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Manufacturing Company
8%
Comms Service Provider
8%
Construction Company
6%
No data available
Financial Services Firm
12%
Computer Software Company
10%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Midsize Enterprise3
Large Enterprise4
No data available
By reviewers
Company SizeCount
Small Business20
Midsize Enterprise9
Large Enterprise26
 

Questions from the Community

What needs improvement with Torq?
We do not utilize the AI features that much. When it comes to general AI features of Torq, we are just slowly startin...
See all answers
What is your primary use case for Torq?
Torq markets itself as a security tool, and we do use them for security, but not in the traditional sense they market...
See all answers
What advice do you have for others considering Torq?
I would rate Torq an eight overall. I feel that Torq is as good as the effort you put into it. The limitations are ve...
See all answers
Ask a question
Earn 20 points
What do you like most about Palo Alto Networks Cortex XSOAR?
The product can automate security tasks.
See all answers
What is your experience regarding pricing and costs for Palo Alto Networks Cortex XSOAR?
Comparing pricing to Micro Focus, they were offering bundles, making it free with their SIEM. For customers, it is ze...
See all answers
What needs improvement with Palo Alto Networks Cortex XSOAR?
Regarding areas for improvement in Palo Alto Networks Cortex XSOAR, I want to highlight one concern about playbook cr...
See all answers
 

Comparisons

Tines vs Torq Logo
Tines vs Torq
Compared 36% of the time
Splunk SOAR vs Torq Logo
Splunk SOAR vs Torq
Compared 14% of the time
Blink Ops vs Torq Logo
Blink Ops vs Torq
Compared 13% of the time
Swimlane vs Torq Logo
Swimlane vs Torq
Compared 7% of the time
Simbian AI Agents vs Torq Logo
Simbian AI Agents vs Torq
Compared 5% of the time
More Torq Competitors
IBM Resilient vs DFLabs IncMan SOAR Logo
IBM Resilient vs DFLabs IncMan SOAR
Compared 39% of the time
More DFLabs IncMan SOAR Competitors
Cortex XSIAM vs Palo Alto Networks Cortex XSOAR Logo
Cortex XSIAM vs Palo Alto Networks Cortex XSOAR
Compared 22% of the time
Splunk SOAR vs Palo Alto Networks Cortex XSOAR Logo
Splunk SOAR vs Palo Alto Networks Cortex XSOAR
Compared 9% of the time
Fortinet FortiSOAR vs Palo Alto Networks Cortex XSOAR Logo
Fortinet FortiSOAR vs Palo Alto Networks Cortex XSOAR
Compared 7% of the time
ServiceNow Security Operations vs Palo Alto Networks Cortex XSOAR Logo
ServiceNow Security Operations vs Palo Alto Networks Cortex XSOAR
Compared 4% of the time
D3 Security vs Palo Alto Networks Cortex XSOAR Logo
D3 Security vs Palo Alto Networks Cortex XSOAR
Compared 3% of the time
More Palo Alto Networks Cortex XSOAR Competitors
 

Product Reports

Buyer's Guide
Torq
March 2026
Torq reportDownload Torq product report
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
March 2026
DFLabs IncMan SOAR reportDownload DFLabs IncMan SOAR product report
Buyer's Guide
Palo Alto Networks Cortex XSOAR
March 2026
Palo Alto Networks Cortex XSOAR reportDownload Palo Alto Networks Cortex XSOAR product report
 

Also Known As

No data available
DFLabs IncMan Incident Response
Demisto Enterprise, Cortex XSOAR, Demisto
 

Overview

Torq is the enterprise AI SOC solution that effectively combines adaptive insights and automation to handle critical threats efficiently. It manages threat lifecycles, swiftly moving from triage to response, ensuring effective risk management.

Torq is designed to streamline security operations by aggregating telemetry across your security stack. It investigates significant risks and manages threats from triage to containment and remediation. This AI-driven tool enhances the capabilities of your SecOps team, allowing them to achieve more impactful results without introducing complicated processes.

What are the key features of Torq?
  • Adaptive Agentic Insights: Provides real-time threat intelligence tailored to specific security challenges.
  • Automation: Automates responses to security incidents, minimizing manual intervention requirements.
  • Threat Lifecycle Management: Comprehensive handling of threats from detection to remediation.
  • Telemetry Aggregation: Integrates data across platforms for a unified security overview.
Why consider Torq based on reviews?
  • Efficiency: Users notice significant reductions in time spent managing threats.
  • Risk Reduction: Enhanced ability to identify and address critical threats promptly.
  • Resource Optimization: Allows teams to allocate effort to other critical tasks by reducing manual security operations.
  • Scalability: Adaptable to meet the demands of growing or changing infrastructures.

In industries like finance and healthcare, Torq shows effectiveness by adapting to specific risk scenarios often encountered in these fields. Its integration with existing infrastructures makes it a valuable asset for maintaining stringent security standards, essential for protecting critical data and operations in diverse high-stakes environments.

Torq

DFLabs' Security Orchestration, Automation and Response (SOAR) platform, IncMan SOAR, is designed for SOCs, CSIRTs and MSSPs to automate, orchestrate and measure security operations and incident response processes and tasks, all from within one single, intuitive platform. By integrating security tools, fusing intelligence, sharing knowledge and implementing seamless workflows, IncMan SOAR enables every security incident to be detected, responded to, and remediated in the fastest possible time frame.

DFLabs IncMan SOAR is the only Security Orchestration, Automation and Response (SOAR) platform capable of full incident lifecycle automation, that includes built-in, automated threat intelligence gathering, risk assessment, triage and notification, context enrichment, hunting and investigating, threat containment and more. This feature rich, unique and scalable SOAR platform provides context to security incidents, automates actions, orchestrates response to activities, while enabling full reporting and measurement functionality across all stakeholders.

DFLabs covers the entire spectrum of security orchestration, automation and response components as outlined by Gartner, with a unique combination of features and capabilities, driven through continuous improvement and innovation. IncMan SOAR is the only platform to offer full incident response lifecycle management with machine learning and threat hunting. Acting as a force multiplier, it enables security teams to do more with less, empowering security analysts, while ensuring organizations stay one step ahead of any potential threat.

Automate. Orchestrate. Measure.

IncMan SOAR provides three critical functions as an enabler to your security program. Automation and orchestration which in turn enables response, as well as measurement.

Automate

Augment analysts by automating common, repetitive and menial tasks driven by machine learning for faster response to all alerts.

Orchestrate

Establish repeatable, enforceable, measurable and effective incident response workflows, orchestrating your security tool set into one seamless response process.

Measure

Measure, benchmark and optimize security operations and incident response activities and performance from one intuitive and collaborative platform.

Seamlessly Integrate and Orchestrate Your Tools Together as One.

Improve efficiencies by enabling your security analysts to access and manage all tools, technologies and processes from one intuitive platform. IncMan SOAR supports hundreds of 3rd party security technologies via QIC, API, CEF, Syslog and Email, with a constantly growing list of certified bidirectional integrations and Open Integration Framework for custom integrations.

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

DFLabs

Palo Alto Networks delivers a complete solution that helps Tier-1 through Tier-3 analysts and SOC managers to optimize the entire incident life cycle while auto documenting and journaling all the evidence. More than 100+ integrations enable security orchestration workflows for incident management and other critical security operation tasks.

Palo Alto Networks Cortex XSOAR is a piece of Security Orchestration, Automation, and Response software that redefines what it means for a program to orchestrate security in an automated manner. It is a next-generation solution that offers all of the features of dozens of siloed security operations center tools in one place. Cortex XSOAR combines case management, automation, real-time collaboration, and threat intelligence management to create a platform that can handle all aspects of system security. Teams that make use of Cortex XSOAR can expect to cut the number of issues that they will have to deal with by 75%. At the same time, the speed at which they resolve those issues that slip through will rise by 90%.

Cortex XSOAR ensures that all of the IT and security tools that you employ function as a unified system. It does this by employing hundreds of integrations that allow you to run a wide variety of programs at once without ever worrying about them interfering with each other. These integrations are limited only by your imagination. They can be used immediately as they are, if that is what you need. However, they can also be customized according to the requirements of your system. This approach provides you with the maximum levels of both flexibility and utility.

The model that this platform uses is based on a machine learning algorithm. The level of automation allows you to provide more than an unchanging and inflexible blanket of coverage. Cortex XSOAR takes all of the data that it gathers and uses it to expand its protective capabilities. This creates recommendations that you can use to create a threat playbook that can be deployed uniformly throughout your organization.


Benefits of Palo Alto Networks Cortex XSOAR

Some of Palo Alto Networks Cortex XSOAR’s benefits include:

  • The ability to have all of your data collected in a single location. Valuable time can be saved now that everything that security analysts need to know in order to diagnose and react to threats has been centralized.
  • Security operations center tasks can be automated. This allows you to assign management and analyst staff to the most essential tasks. The effectiveness of your organization will be increased, which will result in a rise in your company’s overall security and productivity.
  • Many kinds of data can be stitched together by this platform. Network, endpoint, cloud, and identity data can be combined to offer a more complete picture of the threats that are discovered.
  • Integrated threat intelligence management can notify you about threats in real time. Now you can diagnose and address issues as they arise. You can also assign values to the threats so that your resources are being used in the most effective manner possible.


Reviews from Real Users

Palo Alto Networks Cortex XSOAR’s centralized monitoring interface and automation are two features that help it stand out. This might help explain why one quarter of the Fortune 500 companies choose Palo Alto Networks Cortex XSOAR over the competition.

Peerspot users note the effectiveness of these features. One user wrote, “We were looking for a single pane of glass type of solution that would allow us to physically be in one appliance - be able to work in concert with other servers that we have within our environment. We wanted orchestration and automation. The single pane of glass was the most important part.” Another noted, "The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."

Palo Alto Networks
 

Sample Customers

Information Not Available
University of Advancing Technology, Cybersecurity Ventures
Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
March 2026
Download Free Report
Find out what your peers are saying about Microsoft, Splunk, Palo Alto Networks and others in Security Orchestration Automation and Response (SOAR). Updated: March 2026.
DOWNLOAD NOW
885,286 professionals have used our research since 2012.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.