No more typing reviews! Try our Samantha, our new voice AI agent.

Palo Alto Networks Cortex XSOAR vs Swimlane comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
5.6
Torq's automations improved efficiency and cost savings, achieving $200,000 savings towards a $600,000 ROI target in months.
Sentiment score
4.4
Cortex XSOAR delivers high ROI by automating tasks and integrating seamlessly, ideal for mature SOCs despite initial costs.
Sentiment score
6.7
Swimlane boosts efficiency, saving 30-35% time, doubling capacity, and reducing hiring needs through effective automation.
Since we started working with Torq, I am handling much fewer alerts. It is becoming really easy for me to handle an alert.
SOC Analyst at AppsFlyer
We have seen a return on investment, targeting a $600,000 ROI for the year.
Cyber Security Engineer at a real estate/law firm with 5,001-10,000 employees
By the time we officially bought Torq, we already had two workflows that were very helpful to us.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
We are positioning Palo Alto Networks Cortex XSOAR, which can be used in the SOC and do a lot of automation for the customer.
Vice President, Technology at Cache Digitech Pvt Ltd.
Swimlane saves us 80 to 90 percent of our time by quickly helping us design the journey and efficiently passing information to various components.
Senior Solutions Architect at Tata Consultancy
We have seen a return on investment; with the same number of engineers, we now handle double the number of customers, even with the new, larger customers requiring dedicated teams.
Security automation specialist at a comms service provider with 51-200 employees
 

Customer Service

Sentiment score
6.5
Torq's customer service is highly rated for responsiveness and knowledge, though platform access requests sometimes delay issue resolutions.
Sentiment score
6.6
Palo Alto Networks Cortex XSOAR support is responsive and knowledgeable but could improve friendliness and initial response times.
Sentiment score
6.2
Swimlane's customer support receives mixed reviews for responsiveness, ranging from efficient service to extended response times.
My impression of their technical support during the initial setup was that they were helpful, responded within a reasonable timeframe, and provided exactly what we needed.
Security Consultant at Integrity360
The speed and quality of their answers have been pretty good, as I usually get a response within 24 hours, and they follow up well.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
We can always get an answer, and the support team are experts in their own system.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
Eight out of ten times, they provide valuable help.
Lead Application Security Engineer Iv at a financial services firm with 5,001-10,000 employees
Their support has been better than Anomali's and they are more responsive.
Enterprise Security Architect V at FirstEnergy
The technical support provided by Palo Alto Networks Cortex XSOAR is good.
Vice President, Technology at Cache Digitech Pvt Ltd.
When I raise a ticket, they reply within half an hour with an initial response, signifying that an agent has been assigned and is working on the issue.
They are attentive, responsive, and work to resolve issues efficiently.
Associate at Deloitte
They provided assistance within the same hour.
Security automation specialist at a comms service provider with 51-200 employees
 

Scalability Issues

Sentiment score
6.3
Torq is scalable and reliable, but issues arise with large data workflows; modularization often mitigates these problems.
Sentiment score
7.1
Cortex XSOAR offers high scalability and flexibility, efficiently integrating third-party APIs despite potential complexities in large deployments.
Sentiment score
6.9
Swimlane is scalable and adaptable in the cloud but requires technical expertise for maintenance and optimization in some environments.
Our case management is super scalable.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
In terms of scalability, you can do as long as you can build it, and they can support it.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
Regarding the ability of the solution to grow in your work environment, if it is scalable, if it fits your business requirements, and if there is room to scale up, the answer is yes, for sure.
Global IT Director at OpenWeb
The scalability of Palo Alto Networks Cortex XSOAR supports our growth and security needs because we can integrate various tools and continuously add more capability.
Enterprise Security Architect V at FirstEnergy
Palo Alto Networks Cortex XSOAR has very good application capabilities and is highly scalable.
Assistant Security Architect at Cloudnomics
The issues with scalability arise from the speed of some integrations, as not all are perfectly tuned by Palo.
Lead Application Security Engineer Iv at a financial services firm with 5,001-10,000 employees
Swimlane should have the capability to be moved out of Appian and integrated with other platforms.
Software Engineer III at a financial services firm with 10,001+ employees
We did not encounter issues even when managing thousands of alerts, as scalability is only limited by our instance's server capacity.
Associate at Deloitte
Its scalability automatically adjusts based on usage.
 

Stability Issues

Sentiment score
7.2
Torq is praised for its high reliability and responsiveness despite minor issues, maintaining a 99.9% uptime by users.
Sentiment score
7.5
Cortex XSOAR is considered stable, reliable, and performs well, but requires careful sizing and regular updates for optimal use.
Sentiment score
6.4
Swimlane receives mixed feedback, with some reporting stability issues, bugs, and optimization needs, while others find it stable.
We have been using Torq for one and a half years, but we have experienced no downtime.
Angular Developer at Flourish Software
Most of the time, the system is stable as long as the components that they integrate with are stable.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
I have never faced any downtime or issues.
Senior Information Technology Security Consultant at Mideast Data Systems
The system works smoothly even when I navigate deep into the playbook section.
Assistant Security Architect at Cloudnomics
I would rate the stability and reliability of Palo Alto Networks Cortex XSOAR as a nine.
Lead Application Security Engineer Iv at a financial services firm with 5,001-10,000 employees
I haven't seen any production issue or anything coming up because of Swimlane.
Software Engineer III at a financial services firm with 10,001+ employees
We encountered issues requiring restarts and losing alerts.
Associate at Deloitte
The version we had was kind of buggy, but support indicated we just needed to do updates to resolve the issues.
Security automation specialist at a comms service provider with 51-200 employees
 

Room For Improvement

Users propose enhancements in dashboards, error messages, workflow efficiency, AI, integrations, training, templates, UI, data handling, onboarding.
Cortex XSOAR requires improved documentation, intuitive UI, modularity, integration, costs, setup, licensing, performance, and usability for efficiency.
Swimlane users seek stability, integration, intuitive interface, better documentation, faster performance, and enhanced customization with improved support and pricing.
Torq should offer default templates that can directly scan firewall data and automate actions.
Senior Information Technology Security Consultant at Mideast Data Systems
The AI value depends on maturity. Real value depends heavily on telemetry, integration depth, and workflow design, all of which rely on how mature customers are in their SOC department.
Security Consultant at Integrity360
It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet.
Senior Consultant at a university with 10,001+ employees
The deployment requires integration and the development of integration modules.
Presale Engineer at Westcon-Comstor
One of the significant issues we encounter is system slowdown when we receive an influx of alerts, which inhibits how quickly we can access the information needed for investigation.
Enterprise Security Architect V at FirstEnergy
To improve the solution, it needs to have complete features that are low-code, no-code, and should be plug-and-play.
Vice President, Technology at Cache Digitech Pvt Ltd.
Despite being advertised as a no-code tool, it remains code-reliant, demanding users to build solutions through coding.
Associate at Deloitte
In the orchestration tab, it would be helpful to have a list of playbooks where a particular asset or connector is used.
Colors can be used for the prioritization of risks and the significance of information.
Senior Solutions Architect at Tata Consultancy
 

Setup Cost

Enterprise buyers find Torq competitively priced, valuing its cost-effectiveness and modern features, especially the cloud version versus alternatives.
Cortex XSOAR is costly but offers valuable features; small businesses may find discounts helpful in mitigating expenses.
Swimlane pricing is seen as costly, but discounts and mixed awareness among users lead to varied value perceptions.
When they bring more and more value into the platform, it makes more sense to pay that price, but still, it is expensive.
Senior Cyber Architect at a manufacturing company with 10,001+ employees
Before deciding to implement Torq, I considered that compared to our old case management platform, Torq was a much better price and had a lot better value for what you get out of the platform, which was a key consideration for the company.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
It is an expensive solution, not an inexpensive solution, but we get through the flexibility.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
For customers, it is zero versus $20 million, which is why they have to make a decision.
Vice President, Technology at Cache Digitech Pvt Ltd.
Swimlane is cheaper than other SOAR platforms.
Associate at Deloitte
In terms of pricing, Swimlane is on the slightly expensive side.
Senior Manager, Cyber Security at a tech vendor with 1,001-5,000 employees
the pricing was very nice with a great discount.
Security automation specialist at a comms service provider with 51-200 employees
 

Valuable Features

Torq streamlines automation with a no-code platform, enhancing workflow, integration, and efficiency through AI-driven insights and tools.
Palo Alto Networks Cortex XSOAR excels in automation, integration, and ease-of-use, enhancing incident response and threat intelligence capabilities.
Swimlane streamlines workflow with customizable dashboards, platform integration, user-friendly design, and enhanced efficiency, reducing manual effort.
Torq's unified platform approach to AI SOC automation and case management has significantly benefited us by integrating the case management platform with the automation, which saves time compared to managing multiple point solutions across our security stack.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
The fact that I can build whatever I want within my own imagination and skills without relying on code is the best thing about Torq.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
You can copy and paste a cURL command. If you have documentation or APIs, you usually have an example on the side. You basically have all the information on how the API call should be. You can just copy that and paste it into a step, and it will just build the step for you.
Global IT Director at OpenWeb
Execution of automatic tasks for collecting, enriching, and correlating security events from hundreds of different technologies.
Presale Engineer at Westcon-Comstor
If I already have an established process, I do not have to change my process to fit into the tool. I can modify the tool to fit into my process, which makes things considerably easier.
Enterprise Security Architect V at FirstEnergy
We have implemented automation features, such as automated responses to email threats and automatic configuration of target devices for blocking specific IPs.
Vice President, Technology at Cache Digitech Pvt Ltd.
Its integration capabilities allow connections to various platforms, enhancing its usability.
Associate at Deloitte
It helps in clearly identifying the roles, timeline, and actions involved in the workflow, offering a comprehensive depiction of the entire process.
Operation Analyst at Aurea
As a solution architect, I use various software, and the most important thing is that Swimlane is an easily designed and learnable software.
Senior Solutions Architect at Tata Consultancy
 

Categories and Ranking

Torq
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
4th
Average Rating
8.8
Reviews Sentiment
6.5
Number of Reviews
14
Ranking in other categories
AI-SOC (1st), AI-Powered Security Automation (1st)
Palo Alto Networks Cortex X...
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.4
Reviews Sentiment
6.5
Number of Reviews
51
Ranking in other categories
SOC as a Service (2nd)
Swimlane
Ranking in Security Orchestration Automation and Response (SOAR)
8th
Average Rating
7.8
Reviews Sentiment
6.4
Number of Reviews
13
Ranking in other categories
AI-Powered Security Automation (3rd)
 

Mindshare comparison

As of July 2026, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Torq is 3.8%, down from 5.7% compared to the previous year. The mindshare of Palo Alto Networks Cortex XSOAR is 8.6%, down from 10.4% compared to the previous year. The mindshare of Swimlane is 2.7%, down from 3.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Mindshare Distribution
ProductMindshare (%)
Palo Alto Networks Cortex XSOAR8.6%
Torq3.8%
Swimlane2.7%
Other84.9%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

AD
Solutions Architect at ProArch
Automation has streamlined multi-tenant SOC workflows and improves alert handling efficiency
Although the reporting within Torq is not that great, we did ask for many features regarding reporting in Torq, but due to some platform constraints, they could not make the whole dataset available for us to be used in reporting. Except for that, we used some basic reporting. When I used Torq, it was indeed in the early stages of AI capabilities. Only a few customers were allowed to use it, and we were among them. It functioned well as long as we summarized the data properly. If you input garbage, you would get garbage out. Thus, we had to do significant fine-tuning regarding what data context we provided to the AI orchestrator to get meaningful results. In terms of Torq's unified platform approach to AI SOC automation and case management compared to managing multiple point solutions across my security stack, I find it case-centric. The unified view in case management is good since it provides clarity, although there are limitations regarding how many items in case management can be modified at once. Bulk operations are very limited, potentially due to their back-end database or data retrieval processes that can be improved. Regarding improvements for Torq, when we were onboarded, there were aspects we were uncertain about, such as the number of cases that could be generated, what data we could bring in, how many clients we could onboard, and similar concerns. Initially, we also lacked clarity about the number of playbooks or workflows we could build. Different triggers like system triggers, case-based triggers, and others can be employed without restrictions, but when it comes to on-demand and scheduled jobs, there is a limitation based on the subscription and pricing tier that notably caps the number of workflows we can create. No bulk editing across cases was one issue, along with limited filtering related to single grouping constraints. Additionally, the out-of-the-box case templates provided require substantial modifications before they become usable. There is also a feature in the cases for notes that cannot be searched. They are only visible through the UI, which is another area for improvement. The workflow and execution-based charges seem misleading as this was not discussed initially. I am not sure if new customers are made aware of this. It seems that workflows revolving around cases hinder functionality outside of case management, as we have many use cases needing on-demand triggers and schedules for functions like reporting or polling devices. Creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers. While they facilitate optimization and scaling, the support received tends to be very basic. Improvements can be made in that area as well.
Sricharan R - PeerSpot reviewer
Lead Application Security Engineer Iv at a financial services firm with 5,001-10,000 employees
Security automation has transformed incident workflows and now reduces response time dramatically
I think the areas of Palo Alto Networks Cortex XSOAR that could be improved are mainly in UX. We have communicated with the vendor team about this, but they are prioritizing product functionality over usability because most target customers are technical and understand a primitive UI. They face difficulties in implementing UI changes as their team is stretched. Thus, the UI/UX of the tool needs significant improvement. There are plans on their roadmap, but a lot remains to be done. Parts of the tool run on an older framework, causing slowness. Usability is a broader issue than features alone. This usability problem is common in many cybersecurity tools, unlike customer-facing applications. Some integrations have speed issues and might not function seamlessly with different upstream configurations, requiring manual updates. These are the main pain points we encountered, particularly with UI/UX, integration speed, and the usability of certain inbuilt playbooks.
reviewer1248516 - PeerSpot reviewer
Senior Manager, Cyber Security at a tech vendor with 1,001-5,000 employees
Has reduced alert triage time but requires skilled developers for maintenance
One of the disadvantages of Swimlane is that to manage the platform, we need hardcore developers. We have recently seen new products such as Tines and Blink Ops coming into the market, where a person with a good knowledge of APIs and JSON format can manage the platform and create playbooks. Even a security analyst can create some playbooks on those platforms. However, on Swimlane, it's difficult for security analysts since they must mandatorily know Python to create the playbooks. In terms of pricing, Swimlane is on the slightly expensive side. Swimlane is scalable in general, but there are some limitations. It involves maintenance overhead because you need a complete engineer who knows the product in and out to scale it for the on-prem environment, while in a SaaS model, it works without many problems. Installation can be quite complex, especially when we have to use Kubernetes, and if we need to create load balancing. In those situations, it requires a good engineer to deploy the platform. In relation to bugs, sometimes the enrichment playbook we have does not enrich the alert, resulting in missing details, so in those scenarios, the automation team has to manually run the playbook again. Improvements could be made in terms of quality, particularly.
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
903,147 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Construction Company
10%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
13%
Computer Software Company
8%
Manufacturing Company
8%
Comms Service Provider
5%
Financial Services Firm
15%
Manufacturing Company
10%
Outsourcing Company
9%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise5
Large Enterprise6
By reviewers
Company SizeCount
Small Business21
Midsize Enterprise9
Large Enterprise26
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise1
Large Enterprise8
 

Questions from the Community

What needs improvement with Torq?
I do not dislike anything about Torq because it has satisfied all of our use cases and requirements. We contacted sup...
What is your primary use case for Torq?
Initially, we were using Slack for small automations, such as creating pipelines or shutting down servers. For exampl...
What advice do you have for others considering Torq?
I have been working for five years with experience in the IT field. Torq is very good. It manages everything. I would...
What is your experience regarding pricing and costs for Palo Alto Networks Cortex XSOAR?
Comparing pricing to Micro Focus, they were offering bundles, making it free with their SIEM. For customers, it is ze...
What needs improvement with Palo Alto Networks Cortex XSOAR?
Regarding areas for improvement in Palo Alto Networks Cortex XSOAR, I want to highlight one concern about playbook cr...
What is your primary use case for Palo Alto Networks Cortex XSOAR?
My primary use cases for Palo Alto Networks Cortex XSOAR are malware incidents, specifically phishing-related inciden...
What needs improvement with Swimlane?
Customizing workflows or scripts in Swimlane was a bit challenging, perhaps too challenging because of how the code b...
What is your primary use case for Swimlane?
My main use case for Swimlane is security automation workflows, automating most of the daily SOC workflows, especiall...
What advice do you have for others considering Swimlane?
My advice for others considering using Swimlane is to ensure it is the right fit for you and to have someone capable ...
 

Also Known As

No data available
Demisto Enterprise, Cortex XSOAR, Demisto
No data available
 

Overview

 

Sample Customers

Information Not Available
Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity
LinkedIn, TransUnion, Citrix, Aetna, Perspecta
Find out what your peers are saying about Palo Alto Networks Cortex XSOAR vs. Swimlane and other solutions. Updated: June 2026.
903,147 professionals have used our research since 2012.