Palo Alto Networks Cortex XSOAR Primary Use Case

JP
Cyber Security Engineer / Cyber Investigation / Incident Handler at a government with 5,001-10,000 employees

We were looking for a single pane of glass type of solution that would allow us to physically be in one appliance be able to work in concert with other servers that we have within our environment. We wanted orchestration and automation. The single pane of glass was the most important part. 

Every investigator has a different way of tackling an investigation. Essentially what we wanted to do is to take the mundane tasks that the investigators have to do as part of their investigation process and then automate those mundane tasks as a pre-processor. That way, when the investigation is provided to the investigator in order to review what was found, all they have to do is look at the data that was presented to them and they wouldn't have to go through the process of doing the data enrichment with regards to threats and functions of that nature because all of that was done ahead of time as part of the processing.

Right now we've started with one investigation, which is phishing. The user will report any phishing attempts against any of our users within JPL to an email address. Our XSOAR appliance will peek into that mailbox, pull the emails out, and then process those emails that have been reported. As part of the processing, it'll do the data enrichment and once that's done, that's presented to the investigator in order to review the findings. The investigator makes the final verdict. Once the final verdict is rendered, then the other automated task would be the enforcement tasks, which would include any blocking of the sender, blocking of the IP, blocking of the domain, blocking of the URL, and those types of actions.

View full review »
ML
Splunker, Networking and E-Mail Security Architect, Engineer and Guru at a healthcare company with 10,001+ employees

We use Palo Alto Networks Cortex XSOAR for several areas of security automation, such as phishing, investigating, mitigating, the detection of impossible travel, and consolidating threat information for our internal systems.

View full review »
reviewer1285209 - PeerSpot reviewer
Tech Lead at a tech services company with 1,001-5,000 employees

I primarily pitch and sell this solution to our customers. We do product assessments and consult with customers for the most part.

Clients can use it for automation. 

View full review »
Buyer's Guide
Palo Alto Networks Cortex XSOAR
November 2022
Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,113 professionals have used our research since 2012.
DL
Sales engineer at MUK

XSOAR is the cherry on top of Cortex XDR. It provides you with the ability to make a lot of response actions to your incidents. Cortex XDR is collecting an incident, and Cortex XSOAR is providing you the ability to remediate it.

When the customers need the ability to remediate incidents, for example, antivirus or network security issues, some SIEM solution, et cetera, yet need to integrate everything, they can use the power of the platform without needing different solutions. Cortex XSOAR will give you the ability to integrate

For example, if some endpoint was infected in your infrastructure, you need to do something about that. XSOAR provides you the ability to understand how that endpoint was infected and to do something with that. 

Cortex XSOAR will go to the firewall and block the IP address of this endpoint. Cortex XSOAR will go to the domain and disable the user as well. Then it will go to some other solution and will do something there. It is a variety of actions based on the incidents. 

View full review »
Donald Keeber - PeerSpot reviewer
President at Margate Net

Cortex XSOAR is standard. We deploy it on the desktops, monitor the events, and ensure the endpoints stay clean and inoculated. The client is a retail company with salespeople on the floor and roving notebooks that employees bring with them to various locations. We needed a solution that allows us to protect those endpoints no matter where they are. We deployed them through Active Directory using a group policy system. 

Customers don't always have endpoints that are part of their Active Directory, but we had to have them enrolled for it to work right. We push them out through a group policy and manage them through the console. There are about 600 users spread out across three locations and six dealerships.

View full review »
SB
Vice President Global Technology Infrastructure Automation at a financial services firm with 10,001+ employees

We use Palo Alto as a firewall, a system for detecting and whitelisting certain IP addresses or to block certain IP addresses based on where they're coming from. We then send the logs to another log management tool for more forensics and analysis before we make a decision.

We're basically using Palo Alto for firewalling and sending those logs to another security monitoring tool to make decisions based on analytics that it provides us.

View full review »
RP
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees

We primarily use the solution for automation and the orchestration of security.

View full review »
Darshil Sanghvi - PeerSpot reviewer
Consultant at a tech services company with 501-1,000 employees

We are using this solution to have a completely organized SOC from a list of devices in our environment. We are able to manage all of our devices, such as firewalls and endpoint protection solutions.

View full review »
Nethra Sk - PeerSpot reviewer
Head of Security Monitoring and Control at Alstom Ferroviaria S.p.A.

Our primary use case for the solution is customization and integration with Microsoft infrastructure.

View full review »
DL
Senior Information Technology Support Engineer at TSCNET Services GmbH

We primarily use the solution for network inspection.

View full review »
VW
Security Professional at a tech services company with 51-200 employees

Our primary case issues are phishing, TI, and sensors.

View full review »
GJ
Deputy Vice President at a financial services firm with 10,001+ employees

It is a help desk ticketing tool. It's a sought platform, however, it is just a help desk ticketing tool.

View full review »
EG
Manager at Commercial Bank of Ethiopia

Our company uses the solution for security management and threat response. 

View full review »
Rodrigo AlexiPizarro - PeerSpot reviewer
IT Operations Deputy Manager at Ultramar Agencia Marítima

My primary use for Palo Alto Networks Cortex XSOAR is to protect the workstation for the end-users.

View full review »
SM
Security Project Manager at a retailer with 10,001+ employees

We are using Palo Alto Networks Cortex XSOAR for automation.

View full review »
ShubhamAgarwal - PeerSpot reviewer
Specialist - Information Security at LPI

I mainly use Cortex XSOAR to automate cybersecurity and the SOC environment.

View full review »
Nicolo Corrado - PeerSpot reviewer
Consulente immobiliare at Libero

I'm using Cortex XSOAR to manage our network security.

View full review »
Buyer's Guide
Palo Alto Networks Cortex XSOAR
November 2022
Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,113 professionals have used our research since 2012.