We performed a comparison between LogicHub SOAR+ and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Free ingestion for Azure logs (with E5 licence)"
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"It has a lot of great features."
"The features that stand out are the detection engine and its integration with multiple data sources."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"It has improved my detection coverage in areas lacking by the SIEM."
"This solution allows us to easily investigate malicious events, system alerts etc."
"I chose Cortex XSOAR because the client also has Palo Alto firewalls. I can incorporate the data from the Palo Alto firewalls into Cortex and send it into the same data lake to manipulate that data. It lets me manage and monitor the data in one place."
"What I like most about Palo Alto Networks Cortex XSOAR is how user-friendly it is for development. It is much simpler to work with compared to similar tools I've used."
"It is a scalable solution. I would rate scalability a ten out of ten."
"The most valuable features are simplicity and ease of integration."
"We use the solution to automate our SIEM tools and incidents."
"The solution is very reliable."
"The most valuable features of Palo Alto Networks Cortex XSOAR are the remote controller from the workstation that can execute commands and isolate the systems outside of the network. Only the system with an internet connection can execute the task because the main console is in the cloud."
"The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
"The solution should allow for a streamlined CI/CD procedure."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Sentinel's reporting is complex and can be more user-friendly."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"UI coloring can be improved."
"We would like this solution to have a higher level of support for SaaS applications."
"They should provide integration with machine learning platforms."
"When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot."
"It is not a very scalable solution."
"The dashboard performance could be improved."
"There should be an on-premise version available for customers to have different choices."
"The solution's correlation rules and playbooks should be improved."
"Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs."
"The price of the solution could be improved."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
LogicHub SOAR+ is ranked 18th in Security Orchestration Automation and Response (SOAR) with 2 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. LogicHub SOAR+ is rated 9.6, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of LogicHub SOAR+ writes "Integrated with hundreds of tools, analyzes data automatically, and has few false positives". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". LogicHub SOAR+ is most compared with , whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient. See our LogicHub SOAR+ vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.