Try our new research platform with insights from 80,000+ expert users

Palo Alto Networks Cortex XSOAR vs ThreatConnect Threat Intelligence Platform (TIP) comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Palo Alto Networks Cortex X...
Ranking in Security Orchestration Automation and Response (SOAR)
2nd
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
47
Ranking in other categories
SOC as a Service (2nd)
ThreatConnect Threat Intell...
Ranking in Security Orchestration Automation and Response (SOAR)
16th
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
6
Ranking in other categories
Threat Intelligence Platforms (6th)
 

Mindshare comparison

As of June 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Palo Alto Networks Cortex XSOAR is 10.8%, down from 12.8% compared to the previous year. The mindshare of ThreatConnect Threat Intelligence Platform (TIP) is 1.9%, down from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

NikhilSharma2 - PeerSpot reviewer
Ability to multiple playbooks to fetch data from multiple firewalls and utomated several tasks, including vulnerability scans and SOCL (Security Orchestration, Automation
Recently, they started implementing microservices in XSOAR, which has improved quality and addressed previous issues. However, they should focus more on licensing costs. The user licensing fees are quite high. For example, I received a quote for XSOAR, and it was $12,000 per user per year. If you have a SOC team of 30 members/analysts, you're looking at a substantial expense. They should consider reducing these costs since this high pricing seems to be more about profit. So, there is room for improvement in the pricing. Moreover, the reporting and dashboard features are decent but could be improved. The user interface (UI) is quite heavy and takes time to load, which is a major drawback.
Aadarsh Dawn - PeerSpot reviewer
Offers features like response capabilities and automation response and automation orchestration
ThreatConnect aggregates and operationalizes Threat intelligence data and sources across internal client environments. It leverages Automation and built in Case Management to streamline and automate threat intelligence-driven processes and investigations within client environments ThreatConnect…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cortex XSOAR's playbook for incident management and automation is highly valuable."
"The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
"The most valuable features of Cortex XSOAR include its vast library of plugins, which allow us to integrate various tools and solutions seamlessly."
"Each incident collected is orchestrated with automation that selects the security analyst to be involved, or provides complex execution plans for managing security incidents."
"It was useful as a ticketing tool."
"The product’s stability is good."
"The solution is user-friendly and easy to configure."
"They have a portal where you can find any kind of integration that you need."
"We have been able to see a return on investment as our clients believe in us more."
"ThreatConnect has a highly user-friendly interface."
"I like their customer support."
"The tool's installation, integration, and playbooks are very straightforward."
"The most valuable features are ease of use and the ability to customize it."
"The product automatically generated a threat score based on the maliciousness of an IP."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
 

Cons

"The complexity of Cortex XSOAR has a trade-off with its versatility. The deployment requires integration and the development of integration modules."
"In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening."
"The solution’s price and technical support could be improved."
"Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated."
"Its dashboard features need improvement."
"Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly."
"We need a little hands-on experience to install the solution."
"XSOAR could have more integration options."
"Sometimes, when using the solution, it slows down, affecting our ability to mitigate threats."
"I would like to see improvements in the time zone support of their customer service, considering users are from different time zones."
"I couldn’t get any training videos online when I was working with the tool."
"They should make it a little bit easier to generate events and share them with the community"
"Integration is an area that could use some improvement."
"Support is an area with which nobody is ever fully satisfied, so it can be improved."
"It would be good to have more feeds and more integrated sources for enrichment."
 

Pricing and Cost Advice

"The pricing is fair. The pricing reflects the value and feature set it offers."
"There is a yearly license required for this solution and it is expensive."
"The solution's pricing needs improvement."
"The solution is expensive."
"When I first looked at Demisto, it had a price tag of $250,000 but when we finally purchased it, it was $345,000."
"It is approx $10,000 or $20,000 per year for two user licenses."
"There is a perception that it is priced very high compared to other solutions."
"My company did not make any payments towards the licensing costs attached to the product since we were only using its pilot version."
"The price could be better."
"The tool is expensive."
"I rate the product price as six on a scale of one to ten, where one is extremely expensive, and ten means it is cheap."
"The price of this product is in the mid-range, not too expensive, nor inexpensive."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
856,873 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
13%
Manufacturing Company
9%
Government
7%
Financial Services Firm
17%
Computer Software Company
11%
Manufacturing Company
9%
Government
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your experience regarding pricing and costs for Palo Alto Networks Cortex XSOAR?
Even though customers often comment on the price, the potential savings come from managing a large number of security events with a limited number of analysts. This leads to economic advantages des...
What needs improvement with Palo Alto Networks Cortex XSOAR?
For Palo Alto Networks Cortex XSOAR, there is always room for improvement. One of the significant issues we encounter is system slowdown when we receive an influx of alerts, which inhibits how quic...
What do you like most about ThreatConnect Threat Intelligence Platform (TIP)?
The product automatically generated a threat score based on the maliciousness of an IP.
What is your experience regarding pricing and costs for ThreatConnect Threat Intelligence Platform (TIP)?
The pricing seems a bit high for smaller companies. It would be beneficial if they had pricing tailored to different client sizes.
What needs improvement with ThreatConnect Threat Intelligence Platform (TIP)?
I would like to see improvements in the time zone support of their customer service, considering users are from different time zones. Additionally, the pricing is high for smaller organizations, so...
 

Also Known As

Demisto Enterprise, Cortex XSOAR, Demisto
No data available
 

Interactive Demo

 

Overview

 

Sample Customers

Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity
Oracle, IBM, General Dynamics, Scotiabank, Sony, Athena Health, Berkshire Hathaway Energy, Workday, TikTok
Find out what your peers are saying about Palo Alto Networks Cortex XSOAR vs. ThreatConnect Threat Intelligence Platform (TIP) and other solutions. Updated: June 2025.
856,873 professionals have used our research since 2012.