Try our new research platform with insights from 80,000+ expert users

Palo Alto Networks Cortex XSOAR vs ThreatConnect Threat Intelligence Platform (TIP) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Palo Alto Networks Cortex X...
Ranking in Security Orchestration Automation and Response (SOAR)
2nd
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
47
Ranking in other categories
SOC as a Service (2nd)
ThreatConnect Threat Intell...
Ranking in Security Orchestration Automation and Response (SOAR)
16th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
8
Ranking in other categories
Threat Intelligence Platforms (6th)
 

Mindshare comparison

As of June 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Palo Alto Networks Cortex XSOAR is 10.8%, down from 12.8% compared to the previous year. The mindshare of ThreatConnect Threat Intelligence Platform (TIP) is 1.9%, down from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

NikhilSharma2 - PeerSpot reviewer
Ability to multiple playbooks to fetch data from multiple firewalls and utomated several tasks, including vulnerability scans and SOCL (Security Orchestration, Automation
Recently, they started implementing microservices in XSOAR, which has improved quality and addressed previous issues. However, they should focus more on licensing costs. The user licensing fees are quite high. For example, I received a quote for XSOAR, and it was $12,000 per user per year. If you have a SOC team of 30 members/analysts, you're looking at a substantial expense. They should consider reducing these costs since this high pricing seems to be more about profit. So, there is room for improvement in the pricing. Moreover, the reporting and dashboard features are decent but could be improved. The user interface (UI) is quite heavy and takes time to load, which is a major drawback.
Harshal Pachpande - PeerSpot reviewer
Automating intelligence workflows significantly reduces false positives and enhances response efficiency
ThreatConnect Threat Intelligence Platform (TIP) offers valuable workflows that integrate with our SOAR platform. It performs dedicated threat scoring capabilities which enrich internal indicators and automate response actions. This has been a key feature in our environment, which we have utilized for picking IOCs. The platform can be domain-specific and customer-specific, allowing data isolation for each customer. The scoring capabilities of ThreatConnect Threat Intelligence Platform (TIP) deserve a rating of nine out of ten. Its scalability and threat scoring capabilities have reduced false positives in our detection, as we dynamically change the IOCs which are updated daily through scheduled polling time over QRadar and SOAR.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The orchestration in XSOAR is significantly easier compared to other SOAR tools I've used."
"It is a scalable solution."
"The strengths of Palo Alto Networks Cortex XSOAR stem from the fact that it provides functionalities related to patching and URL blocking...It is a scalable solution."
"The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
"The solution provides threat intelligence with EDR."
"The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case."
"The most valuable features of Cortex XSOAR include its vast library of plugins, which allow us to integrate various tools and solutions seamlessly."
"The pricing is very good."
"The tool's installation, integration, and playbooks are very straightforward."
"The product automatically generated a threat score based on the maliciousness of an IP."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
"ThreatConnect Threat Intelligence Platform (TIP) has positively impacted my organization by reducing our MTTD through enriching alerts and providing contextual threat intelligence in real-time, cutting down our triage time for high-priority incidents."
"The most valuable features are ease of use and the ability to customize it."
"I like their customer support."
"ThreatConnect has a highly user-friendly interface."
"ThreatConnect Threat Intelligence Platform (TIP) has positively impacted my organization by reducing our MTTD through enriching alerts and providing contextual threat intelligence in real-time, cutting down our triage time for high-priority incidents."
 

Cons

"I would love to see more flexibility on what we can display and design on the dashboards."
"I would like to see Cortex become less dependent on Active Directory and group policies to manage the deployment. Maybe I need to update my understanding of how to deploy it, but that's the way I know how to use it."
"The price of the solution could be improved."
"The solution is complicated to learn."
"Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly."
"It is been decommissioned by Palo Alto."
"Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs."
"The solution is very expensive."
"Support is an area with which nobody is ever fully satisfied, so it can be improved."
"Sometimes, when using the solution, it slows down, affecting our ability to mitigate threats."
"ThreatConnect Threat Intelligence Platform (TIP) could be improved by addressing challenges such as the customization over the tagging mechanism, where filtering based on individual tags is not available, limiting data export."
"ThreatConnect Threat Intelligence Platform (TIP) could be improved by addressing challenges such as the customization over the tagging mechanism, where filtering based on individual tags is not available, limiting data export."
"Integration is an area that could use some improvement."
"I couldn’t get any training videos online when I was working with the tool."
"They should make it a little bit easier to generate events and share them with the community"
"ThreatConnect Threat Intelligence Platform (TIP) could be improved by addressing challenges such as the customization over the tagging mechanism, where filtering based on individual tags is not available, limiting data export."
 

Pricing and Cost Advice

"The solution's cost is high."
"From the cost perspective, I have heard that its price is a bit high as compared to other similar products."
"The pricing is fair. The pricing reflects the value and feature set it offers."
"It is approx $10,000 or $20,000 per year for two user licenses."
"The solution is based on an annual licensing model that is expensive."
"It is expensive."
"There is a perception that it is priced very high compared to other solutions."
"The price of Palo Alto Networks Cortex XSOAR is expensive."
"The tool is expensive."
"The price could be better."
"The price of this product is in the mid-range, not too expensive, nor inexpensive."
"I rate the product price as six on a scale of one to ten, where one is extremely expensive, and ten means it is cheap."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
859,579 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
13%
Manufacturing Company
10%
Government
7%
Financial Services Firm
16%
Computer Software Company
11%
Manufacturing Company
9%
Government
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your experience regarding pricing and costs for Palo Alto Networks Cortex XSOAR?
Even though customers often comment on the price, the potential savings come from managing a large number of security events with a limited number of analysts. This leads to economic advantages des...
What needs improvement with Palo Alto Networks Cortex XSOAR?
For Palo Alto Networks Cortex XSOAR, there is always room for improvement. One of the significant issues we encounter is system slowdown when we receive an influx of alerts, which inhibits how quic...
What do you like most about ThreatConnect Threat Intelligence Platform (TIP)?
The product automatically generated a threat score based on the maliciousness of an IP.
What is your experience regarding pricing and costs for ThreatConnect Threat Intelligence Platform (TIP)?
The pricing seems a bit high for smaller companies. It would be beneficial if they had pricing tailored to different client sizes.
What needs improvement with ThreatConnect Threat Intelligence Platform (TIP)?
I would like to see improvements in the time zone support of their customer service, considering users are from different time zones. Additionally, the pricing is high for smaller organizations, so...
 

Also Known As

Demisto Enterprise, Cortex XSOAR, Demisto
No data available
 

Interactive Demo

 

Overview

 

Sample Customers

Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity
Oracle, IBM, General Dynamics, Scotiabank, Sony, Athena Health, Berkshire Hathaway Energy, Workday, TikTok
Find out what your peers are saying about Palo Alto Networks Cortex XSOAR vs. ThreatConnect Threat Intelligence Platform (TIP) and other solutions. Updated: June 2025.
859,579 professionals have used our research since 2012.