We performed a comparison between Elastic Security and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Log aggregation and data connectors are the most valuable features."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"We have no complaints about the features or functionality."
"I like the indexing of the logs."
"The most valuable features of Elastic Security are it is open-source and provides a high level of security."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"The performance is good and it is faster than IBM QRadar."
"The solution is quite stable. The performance has been good."
"Elastic is straightforward, easy to integrate, and highly customizable."
"It's open-source and free to use."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
"They have a portal where you can find any kind of integration that you need."
"I have no complaints about Cortex's stability."
"The product is quite easy to use."
"The solution is easy to deploy."
"It has an extensive list of integrations that are available out of the box which makes it easy to start."
"Its agility and scalability are valuable."
"It is a scalable solution."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The product can be improved by reducing the cost to use AI machine learning."
"I would like to see more AI used in processes."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"Sometimes, the solution isn't the easiest to use."
"This solution is very hard to implement."
"One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow."
"One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
"In terms of improvement, there could be more automation in responding to and evaluating detections."
"Email notification should be done the same way as Logentries does it."
"This solution cannot do predictive maintenance, so we have to build our own modules for doing it."
"There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated."
"It's only one cloud right now. It might be helpful for some companies to have an on-premies option."
"In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening."
"The solution should be made a bit cheaper."
"Palo Alto Networks Cortex XSOAR lacks to offer SIEM functionalities currently."
"When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot."
"The solution requires DV but does not support open-source DV elastic searches."
"I think they should increase their collaboration base."
"It doesn't offer automatic internet reports out of the box."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Elastic Security is ranked 6th in Security Orchestration Automation and Response (SOAR) with 59 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. Elastic Security is rated 7.6, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
