Try our new research platform with insights from 80,000+ expert users
Palo Alto Networks Cortex XSOAR Logo

Palo Alto Networks Cortex XSOAR pros and cons

Vendor: Palo Alto Networks
4.2 out of 5
Badge Leader
Leave a review

Pros & Cons summary

Palo Alto Networks Cortex XSOAR provides exceptional automation and playbook creation with outstanding integration and orchestration capabilities, enhanced by reliability and threat intelligence features. Despite its scalability and adaptability, challenges include high vendor involvement and increased pricing post-acquisition. Users experience limited on-premise options, integration issues, and technical support needs. However, the seamless integration with a vast library of plugins and the strong remote controller and data management capabilities remain noteworthy for security teams.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Cortex XSOAR excels in automation and playbook creation, significantly aiding security operation centers by handling about 50% of the work.
It offers extensive integration capabilities with a comprehensive list of plugins, allowing seamless incorporation with various tools and platforms.
Its orchestration features provide a high-level overview of critical log information, efficiently coordinating across different devices.
The platform enhances cybersecurity through effective threat intelligence integration and streamlined responses to security events.
Many users appreciate its scalability, reliability, and overall impact on improving organizational cybersecurity.

CONS

Implementing Palo Alto Networks Cortex XSOAR requires significant vendor involvement, and it should be easier for partners.
The documentation for building automation is not very good and requires improvement.
The pricing increased by 50% after Palo Alto acquired it, making it very expensive.
Managing its setup phase is complicated, and the technical support could be improved with faster response times.
The lack of SIEM functionalities and insufficient integration options are notable drawbacks of Palo Alto Networks Cortex XSOAR.
 

Palo Alto Networks Cortex XSOAR Pros review quotes

reviewer1714731 - PeerSpot reviewer
Nov 11, 2021
Palo Alto has gotten the investigators more presence to actually go in the report because being that the platform will email the investigator that it's been assigned to, now the investigators will jump in there and start going through the review process a lot quicker.
Read full review
NikhilSharma2 - PeerSpot reviewer
Aug 23, 2024
The orchestration in XSOAR is significantly easier compared to other SOAR tools I've used.
Read full review
Donald Keeber - PeerSpot reviewer
Feb 1, 2024
I chose Cortex XSOAR because the client also has Palo Alto firewalls. I can incorporate the data from the Palo Alto firewalls into Cortex and send it into the same data lake to manipulate that data. It lets me manage and monitor the data in one place.
Read full review
Buyer's Guide
Palo Alto Networks Cortex XSOAR
August 2025
Free Report: Palo Alto Networks Cortex XSOAR Reviews and More
Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
DOWNLOAD NOW
867,341 professionals have used our research since 2012.
Chetankumar Savalagimath - PeerSpot reviewer
Oct 19, 2023
For organizations that are stable with their security operations, like those with around 50 members in their security team running full-phased operations 24/7, Cortex is necessary.
Read full review
CC
May 12, 2025
What I appreciate most about Palo Alto Networks Cortex XSOAR is that it is very open, even more so than Anomali.
Read full review
DayaramGoyal - PeerSpot reviewer
Aug 18, 2025
Palo Alto Networks Cortex XSOAR is a good product with enhanced and efficient playbooks, as demonstrated during our use case simulations.
Read full review
reviewer1469436 - PeerSpot reviewer
Sep 8, 2021
It has an extensive list of integrations that are available out of the box which makes it easy to start.
Read full review
Chetankumar Savalagimath - PeerSpot reviewer
May 15, 2021
The automation is excellent.
Read full review
DL
Jul 21, 2022
They have a portal where you can find any kind of integration that you need.
Read full review
Mostafa-Ahmed - PeerSpot reviewer
Oct 1, 2023
What I like most about Palo Alto Networks Cortex XSOAR is how user-friendly it is for development. It is much simpler to work with compared to similar tools I've used.
Read full review
Show 10 more reviews (out of 48)
 

Palo Alto Networks Cortex XSOAR Cons review quotes

reviewer1714731 - PeerSpot reviewer
Nov 11, 2021
In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening.
Read full review
NikhilSharma2 - PeerSpot reviewer
Aug 23, 2024
The user interface (UI) is quite heavy and takes time to load, which is a major drawback.
Read full review
Donald Keeber - PeerSpot reviewer
Feb 1, 2024
I would like to see Cortex become less dependent on Active Directory and group policies to manage the deployment. Maybe I need to update my understanding of how to deploy it, but that's the way I know how to use it.
Read full review
Buyer's Guide
Palo Alto Networks Cortex XSOAR
August 2025
Free Report: Palo Alto Networks Cortex XSOAR Reviews and More
Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
DOWNLOAD NOW
867,341 professionals have used our research since 2012.
Chetankumar Savalagimath - PeerSpot reviewer
Oct 19, 2023
Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs.
Read full review
CC
May 12, 2025
One of the significant issues we encounter is system slowdown when we receive an influx of alerts, which inhibits how quickly we can access the information needed for investigation.
Read full review
DayaramGoyal - PeerSpot reviewer
Aug 18, 2025
It was expensive, making it essential for the customer to evaluate whether ROI is coming from the business model, as they are also acting as a SOC provider.
Read full review
reviewer1469436 - PeerSpot reviewer
Sep 8, 2021
I would love to see more flexibility on what we can display and design on the dashboards.
Read full review
Chetankumar Savalagimath - PeerSpot reviewer
May 15, 2021
When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot.
Read full review
DL
Jul 21, 2022
It's only one cloud right now. It might be helpful for some companies to have an on-premies option.
Read full review
Mostafa-Ahmed - PeerSpot reviewer
Oct 1, 2023
It doesn't offer automatic internet reports out of the box.
Read full review
Show 10 more reviews (out of 47)

Product Categories

Product Categories
Security Orchestration Automation and Response (SOAR)
SOC as a Service

Popular Comparisons

Popular Comparisons
Microsoft Sentinel vs Palo Alto Networks Cortex XSOAR Logo
Microsoft Sentinel vs Palo Alto Networks Cortex XSOAR
IBM Security QRadar vs Palo Alto Networks Cortex XSOAR Logo
IBM Security QRadar vs Palo Alto Networks Cortex XSOAR
AWS Security Hub vs Palo Alto Networks Cortex XSOAR Logo
AWS Security Hub vs Palo Alto Networks Cortex XSOAR
Arctic Wolf Managed Detection and Response vs Palo Alto Networks Cortex XSOAR Logo
Arctic Wolf Managed Detection and Response vs Palo Alto Networks Cortex XSOAR
Splunk SOAR vs Palo Alto Networks Cortex XSOAR Logo
Splunk SOAR vs Palo Alto Networks Cortex XSOAR
Exabeam vs Palo Alto Networks Cortex XSOAR Logo
Exabeam vs Palo Alto Networks Cortex XSOAR
Tines vs Palo Alto Networks Cortex XSOAR Logo
Tines vs Palo Alto Networks Cortex XSOAR
ThreatConnect Threat Intelligence Platform (TIP) vs Palo Alto Networks Cortex XSOAR Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Palo Alto Networks Cortex XSOAR
ServiceNow Security Operations vs Palo Alto Networks Cortex XSOAR Logo
ServiceNow Security Operations vs Palo Alto Networks Cortex XSOAR
Sumo Logic Security vs Palo Alto Networks Cortex XSOAR Logo
Sumo Logic Security vs Palo Alto Networks Cortex XSOAR
NetWitness NDR vs Palo Alto Networks Cortex XSOAR Logo
NetWitness NDR vs Palo Alto Networks Cortex XSOAR
Torq vs Palo Alto Networks Cortex XSOAR Logo
Torq vs Palo Alto Networks Cortex XSOAR
Fortinet FortiSOAR vs Palo Alto Networks Cortex XSOAR Logo
Fortinet FortiSOAR vs Palo Alto Networks Cortex XSOAR
Google Security Operations vs Palo Alto Networks Cortex XSOAR Logo
Google Security Operations vs Palo Alto Networks Cortex XSOAR
Swimlane vs Palo Alto Networks Cortex XSOAR Logo
Swimlane vs Palo Alto Networks Cortex XSOAR
See all alternatives

Product Categories

Product Categories
Security Orchestration Automation and Response (SOAR)
SOC as a Service

Popular Comparisons

Popular Comparisons
Microsoft Sentinel vs Palo Alto Networks Cortex XSOAR Logo
Microsoft Sentinel vs Palo Alto Networks Cortex XSOAR
IBM Security QRadar vs Palo Alto Networks Cortex XSOAR Logo
IBM Security QRadar vs Palo Alto Networks Cortex XSOAR
AWS Security Hub vs Palo Alto Networks Cortex XSOAR Logo
AWS Security Hub vs Palo Alto Networks Cortex XSOAR
Arctic Wolf Managed Detection and Response vs Palo Alto Networks Cortex XSOAR Logo
Arctic Wolf Managed Detection and Response vs Palo Alto Networks Cortex XSOAR
Splunk SOAR vs Palo Alto Networks Cortex XSOAR Logo
Splunk SOAR vs Palo Alto Networks Cortex XSOAR
Exabeam vs Palo Alto Networks Cortex XSOAR Logo
Exabeam vs Palo Alto Networks Cortex XSOAR
Tines vs Palo Alto Networks Cortex XSOAR Logo
Tines vs Palo Alto Networks Cortex XSOAR
ThreatConnect Threat Intelligence Platform (TIP) vs Palo Alto Networks Cortex XSOAR Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Palo Alto Networks Cortex XSOAR
ServiceNow Security Operations vs Palo Alto Networks Cortex XSOAR Logo
ServiceNow Security Operations vs Palo Alto Networks Cortex XSOAR
Sumo Logic Security vs Palo Alto Networks Cortex XSOAR Logo
Sumo Logic Security vs Palo Alto Networks Cortex XSOAR
NetWitness NDR vs Palo Alto Networks Cortex XSOAR Logo
NetWitness NDR vs Palo Alto Networks Cortex XSOAR
Torq vs Palo Alto Networks Cortex XSOAR Logo
Torq vs Palo Alto Networks Cortex XSOAR
Fortinet FortiSOAR vs Palo Alto Networks Cortex XSOAR Logo
Fortinet FortiSOAR vs Palo Alto Networks Cortex XSOAR
Google Security Operations vs Palo Alto Networks Cortex XSOAR Logo
Google Security Operations vs Palo Alto Networks Cortex XSOAR
Swimlane vs Palo Alto Networks Cortex XSOAR Logo
Swimlane vs Palo Alto Networks Cortex XSOAR
See all alternatives
Related questions
  • 37
Which Do You Recommend, Phantom or Demisto?
  • 194
Which solution do you prefer: Microsoft Sentinel or Palo Alto Networks Cortex XSOAR?
  • 22
Which SOAR product has the better value: Palo Alto Networks Cortex XSOAR or Swimlane? Why?
  • 79
What are the Top 5 cybersecurity trends in 2022?
  • 729
What is the difference between SIEM and SOAR platforms?
  • 196
What is an incident response playbook and how is it used in SOAR?
  • 48
What are the latest trends in Security Operations Center (SOC)?
  • 47
What tools and solutions do you use for automated incident response in an enterprise in 2022?
  • 64
How to evaluate SIEM detection rules?
  • 36
Why a Security Operations Center (SOC) is important?