Try our new research platform with insights from 80,000+ expert users

Palo Alto Networks Cortex XSOAR vs ThreatQ comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Palo Alto Networks Cortex X...
Ranking in Security Orchestration Automation and Response (SOAR)
2nd
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
48
Ranking in other categories
SOC as a Service (2nd)
ThreatQ
Ranking in Security Orchestration Automation and Response (SOAR)
22nd
Average Rating
7.0
Reviews Sentiment
6.6
Number of Reviews
2
Ranking in other categories
Threat Intelligence Platforms (14th)
 

Mindshare comparison

As of September 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Palo Alto Networks Cortex XSOAR is 9.7%, down from 12.2% compared to the previous year. The mindshare of ThreatQ is 1.2%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Market Share Distribution
ProductMarket Share (%)
Palo Alto Networks Cortex XSOAR9.7%
ThreatQ1.2%
Other89.1%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

DayaramGoyal - PeerSpot reviewer
Offers automation but requires enhancements for intuitive configuration
Palo Alto Networks Cortex XSOAR is a good product with enhanced and efficient playbooks, as demonstrated during our use case simulations. We have implemented automation features, such as automated responses to email threats and automatic configuration of target devices for blocking specific IPs. The analytics feature in Palo Alto Networks Cortex XSOAR is impressive. The solution is quite exhaustive regarding integrations, with many pre-integrations available, especially for market-leading products. There might be challenges with make-in-India products, as they tend not to build the necessary connectors. This depends on whether you are selling to enterprises or other customers. For government customers, you might encounter many Indian products, such as firewalls, which could pose integration challenges unless you have open APIs. However, for market-leading products, there are ready-made integrations available.
Yasir Akram - PeerSpot reviewer
Good reporting and pretty stable but needs to be simpler to use
The support team of ThreatQ set up a VM on our VPN, which was SlashNext's private VPN. Then we just initiated some system calls and ThreatQ provided us the configuration file with our settings (like our email, our API key, our URL, our category, etc.). They set up a VM on our private VPN cloud. And then they provided us the configuration file in which we just entered our details like our company URL, our API category, and API keys et cetera. We could just add it on the configuration file. We just uploaded it to the ThreatQ server. After running the system calls, we just initiated the ThreatQ and then performed tasks on the UI, such as categorizing the reports. If we only wanted the report for phishing, then we just manipulated the data on the UI and just extracted the reports. That's all. The deployment was complex. We used high hardware specifications. I don't remember the exact specifications, however, I recall them being high. There were some services that had some compatibility errors. That's why we had our VMs - to make sure that the customer would not face any errors. Everything's deployed with high specifications and custom specifications. That was the biggest challenge for us - to deploy on the customer VMs. On average, deployment takes 15-20 minutes if it's deployed without any errors. I was with one of the NetOps network admin during deployment. We were only two people and we just deployed and installed all services and we executed the deployment.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It has an extensive list of integrations that are available out of the box which makes it easy to start."
"The most valuable feature is automation."
"The automation is excellent."
"The most valuable features are simplicity and ease of integration."
"They have a portal where you can find any kind of integration that you need."
"The orchestration in XSOAR is significantly easier compared to other SOAR tools I've used."
"Cortex XSOAR's playbook for incident management and automation is highly valuable."
"The strengths of Palo Alto Networks Cortex XSOAR stem from the fact that it provides functionalities related to patching and URL blocking...It is a scalable solution."
"The reporting services are great. With reporting services, if you have customers that just visit a URL you can see the result - including why it's blocked and how and how the URL was first recognized as malicious."
"Integrating the solution with our existing security tools and workflows was easy."
 

Cons

"Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs."
"Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners."
"For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added."
"It is been decommissioned by Palo Alto."
"Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations."
"In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening."
"Palo Alto needs to develop more AI-centric products."
"The solution is complicated to learn."
"The solution should be simpler for the end-user in terms of reporting and navigating the product."
"The tool is not user-friendly."
 

Pricing and Cost Advice

"The solution is based on an annual licensing model that is expensive."
"The price of Palo Alto Networks Cortex XSOAR is comparable to other solutions in the market."
"It is approx $10,000 or $20,000 per year for two user licenses."
"Cortex XSOAR's price could be lower."
"There is a perception that it is priced very high compared to other solutions."
"The solution is expensive."
"From the cost perspective, I have heard that its price is a bit high as compared to other similar products."
"The price of Palo Alto Networks Cortex XSOAR is expensive."
Information not available
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
866,778 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
12%
Manufacturing Company
9%
Government
7%
Financial Services Firm
24%
Manufacturing Company
10%
Computer Software Company
9%
Educational Organization
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business19
Midsize Enterprise8
Large Enterprise24
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Palo Alto Networks Cortex XSOAR?
Comparing pricing to Micro Focus, they were offering bundles, making it free with their SIEM. For customers, it is zero versus $20 million, which is why they have to make a decision.
What needs improvement with Palo Alto Networks Cortex XSOAR?
To improve the solution, it needs to have complete features that are low-code, no-code, and should be plug-and-play. We need to see improvements in that area to facilitate cyber analysts.
What do you like most about ThreatQ?
Integrating the solution with our existing security tools and workflows was easy.
What needs improvement with ThreatQ?
The tool is not user-friendly. It is not beginner-friendly. It would be very difficult for a beginner to learn the tool. It will take at least two months to get familiar with it. Building the playb...
What is your primary use case for ThreatQ?
We used the solution for threat mapping and managing IoCs.
 

Also Known As

Demisto Enterprise, Cortex XSOAR, Demisto
No data available
 

Overview

 

Sample Customers

Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity
Radar, Bitdefender, Crowdstrike, FireEye, IBM Security
Find out what your peers are saying about Palo Alto Networks Cortex XSOAR vs. ThreatQ and other solutions. Updated: July 2025.
866,778 professionals have used our research since 2012.