We performed a comparison between Palo Alto Networks Cortez XSOAR and Splunk Phantom based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both solutions come across as reliable and powerful products. Cortex does slightly better in the Pricing category, however.
"The product can integrate with any device."
"It has basic out-of-the-box integrations with multiple log sources."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Sentinel pricing is good"
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The most valuable features of Palo Alto Networks Cortex XSOAR are the remote controller from the workstation that can execute commands and isolate the systems outside of the network. Only the system with an internet connection can execute the task because the main console is in the cloud."
"The pricing is very good."
"The product’s stability is good."
"It is a scalable solution."
"It is a scalable solution."
"It was useful as a ticketing tool."
"The product is quite easy to use."
"I have found the solution very useful, it integrates well with other platforms."
"The most valuable feature is the risk-based access control."
"It's pretty easy when it comes to setting up assets. If you want to fetch emails or call a REST API, you can set up an asset and grab that information."
"I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work."
"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."
"The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time."
"The customization continues to be excellent."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."
"We are invoiced according to the amount of data generated within each log."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The only thing is sometimes you can have a false positive."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Its dashboard features need improvement."
"They should provide integration with machine learning platforms."
"The configuration of the solution could improve it is difficult."
"Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly."
"The solution's technical support could be better."
"The integration could be better. Cortex, for example, does not work with iPhone."
"The price of the solution could be improved."
"The solution's correlation rules and playbooks should be improved."
"Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
"It would be ideal if we could automate processes even more."
"The technical support for the Splunk SIEM solution was average."
"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks."
"There is a lot of room for improvement with the UI."
"Splunk's support for integration is subpar and has room for improvement."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while Splunk SOAR is rated 8.0. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Fortinet FortiSOAR, Swimlane, IBM Resilient and ServiceNow Security Operations, whereas Splunk SOAR is most compared with Cortex XSIAM, ServiceNow Security Operations, Torq, Swimlane and Cisco SecureX. See our Palo Alto Networks Cortex XSOAR vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I would recommend CyberSponse. There is a reason why CyberSponse have been awarded Government and Military contracts over all the competition! Commerical customers need the same power and capability, why settle for anything less!