Palo Alto Networks Cortex XSOAR Reviews

Name: Palo Alto Networks Cortex XSOAR
Brand: Palo Alto Networks
Rating: 4.2 (51 reviews)

Vendor: Palo Alto Networks

4.2 out of 5

51 reviews
90% willing to recommend

Leave a review

What is Palo Alto Networks Cortex XSOAR?

Palo Alto Networks Cortex XSOAR enhances security operations automation and integration. Users rely on its incident management capabilities and machine learning to improve response times and efficiency.

Get the Palo Alto Networks Cortex XSOAR Buyer's Guide and find out what your peers are saying about Palo Alto Networks Cortex XSOAR, IBM Security QRadar, Microsoft Sentinel and more!

Palo Alto Networks Cortex XSOAR is the #2 ranked solution in top SOC as a Service providers and #3 ranked solution in SOAR tools. PeerSpot users give Palo Alto Networks Cortex XSOAR an average rating of 8.4 out of 10. Palo Alto Networks Cortex XSOAR is most commonly compared to IBM Security QRadar: Palo Alto Networks Cortex XSOAR vs IBM Security QRadar. Palo Alto Networks Cortex XSOAR is popular among the large enterprise segment, accounting for 57% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 13% of all views.

Buyer's Guide

Palo Alto Networks Cortex XSOAR

April 2026

Get the report

Helped 892,611 peers since 2012

Featured Palo Alto Networks Cortex XSOAR reviews

ChrisCollins

Enterprise Security Architect V at FirstEnergy

What I appreciate most about Palo Alto Networks Cortex XSOAR is that it is very open, even more so than Anomali. I can create various custom automations and custom fields. There is significant customization ability in this platform. If I already have an established process, I do not have to change my process to fit into the tool. I can modify the tool to fit into my process, which makes things considerably easier. All of our alerts from different tools come into this central place as we have multiple SIEMs. We have items coming from Anomali and other platforms that are not SIEM tools. This serves as our central location where our SOC analysts can work and determine if incident response is needed. The platform provides data enrichment capabilities, offering information upfront so analysts do not have to search for it. They can access details such as username, phone number, email address, and workplace information. For malware files, they can retrieve details from VirusTotal, including file names and environment presence. We have built substantial automation around these features, which also helps us track case metrics, investigation time, and threat mitigation duration.

Read full review

Sricharan R

Lead Application Security Engineer Iv at a financial services firm with 5,001-10,000 employees

The most valuable features of Palo Alto Networks Cortex XSOAR, especially since we are leveraging it for automation, are the Playbooks feature, followed by the command and control screen feature that allows us to aggregate multiple dashboards and create custom dashboards based on different scenarios. Regarding Playbook automation, I find it has helped streamline our incident response workflows significantly. Previously, manual incident reviews and actions took up a lot of time. Without dashboards and single pane of glass access, the security analyst had to handle multiple data sources, incident sources, and SOP documents, leading to more manual effort and increased potential for errors. All actions required manual tracking of logs and reviews to management. With Palo Alto Networks Cortex XSOAR Playbooks, we utilize standard inbuilt automations from Palo and can create our custom automations. We integrate multiple inbuilt playbooks and write our custom playbooks for incident management, taking inputs from incident sources such as SIEM and threat intelligence, aggregating them into dashboards, and enabling relevant automations for necessary changes, logging, or actions. The machine learning models in Palo Alto Networks Cortex XSOAR help prioritize alerts in our organization, proving to be very important as they aid our incident processing. Given that many incidents require discretion from analysts due to their relevance to our business, the ML workflows eliminate a lot of false positives. Palo Alto Networks Cortex XSOAR analytics features significantly impact our ability to gain insights and visibility into security, which is crucial for communicating with management. Management has different preferences for seeing the most frequent threats or identifying which particular systems are targeted by threat actors, making these analytics very useful.

Read full review

DayaramGoyal

Vice President, Technology at Cache Digitech Pvt Ltd.

Palo Alto Networks Cortex XSOAR is a good product with enhanced and efficient playbooks, as demonstrated during our use case simulations. We have implemented automation features, such as automated responses to email threats and automatic configuration of target devices for blocking specific IPs. The analytics feature in Palo Alto Networks Cortex XSOAR is impressive. The solution is quite exhaustive regarding integrations, with many pre-integrations available, especially for market-leading products. There might be challenges with make-in-India products, as they tend not to build the necessary connectors. This depends on whether you are selling to enterprises or other customers. For government customers, you might encounter many Indian products, such as firewalls, which could pose integration challenges unless you have open APIs. However, for market-leading products, there are ready-made integrations available.

Read full review

Palo Alto Networks Cortex XSOAR mindshare

Product category:

As of May 2026, the mindshare of Palo Alto Networks Cortex XSOAR in the Security Orchestration Automation and Response (SOAR) category stands at 8.8%, down from 10.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Orchestration Automation and Response (SOAR) Mindshare Distribution
Product	Mindshare (%)
Palo Alto Networks Cortex XSOAR	8.8%
Microsoft Sentinel	10.1%
Splunk SOAR	7.4%
Other	73.7%

Security Orchestration Automation and Response (SOAR)

PeerResearch reports based on Palo Alto Networks Cortex XSOAR reviews

Type	Title	Date
Category	Security Orchestration Automation and Response (SOAR)	May 2, 2026	Download
Product	Reviews, tips, and advice from real users	May 2, 2026	Download
Comparison	Palo Alto Networks Cortex XSOAR vs Microsoft Sentinel	May 2, 2026	Download
Comparison	Palo Alto Networks Cortex XSOAR vs Splunk SOAR	May 2, 2026	Download
Comparison	Palo Alto Networks Cortex XSOAR vs Torq	May 2, 2026	Download

Valuable Features

Palo Alto Networks Cortex XSOAR's key features include advanced automation, diverse playbooks, seamless integration capabilities, user-friendly design, and robust orchestration. Users highlight efficient machine learning models, customizable automation, and comprehensive analytics. The platform offers significant flexibility with multiple scripting languages and extensive plugin libraries. Many appreciate its ability to streamline incident management and reduce response times. The intuitive interface and ease of deployment further enhance its value for organizations.

"I'm using Cortex XSOAR to manage our network security."
"I have found the solution very useful, it integrates well with other platforms."
"Palo Alto has reduced the time that it takes to go through the process of investigating a reported abuse."

Room for Improvement

Palo Alto Networks Cortex XSOAR needs improvement in documentation quality and user interface design. Customers report high costs, limited deployment options, and integration challenges. Performance issues exist, particularly with dashboards and automation speed. Users desire enhancements in modularity, integrations, and the overall setup process. The feature complexity and extensive coding requirements for playbook creation pose difficulties, particularly for junior analysts. There is a demand for more flexible licensing models and enhanced reporting functionalities.

"The configuration of the solution could improve it is difficult."
"In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts."
"I would love to see more flexibility on what we can display and design on the dashboards."

ROI

Organizations report ROI through time savings in investigations and the automated handling of numerous tasks across diverse areas by Palo Alto Networks Cortex XSOAR. With over 80 seamless integrations, its powerful automation capabilities enhance SOC efficiency. Despite the initial expense, it provides ROI once SOC processes mature and true positive alerts increase. Many companies emphasize improving operational processes to maximize the benefits offered, suggesting automation plays a pivotal role once foundational processes are optimized.

Pricing

Palo Alto Networks Cortex XSOAR is often seen as expensive, with annual licensing costs perceived as high. Opinions vary, with some users finding pricing fair due to its features and integration capabilities, while others suggest it's high compared to competitors. Pricing models can be complex, with discounts for repeat customers. The solution is generally more suitable for medium to large enterprises. Some organizations experience a need for better pricing strategies to maximize value.

"It is expensive."
"It's cheaper compared to its competitors."
"The pricing is fair. The pricing reflects the value and feature set it offers."

Popular Use Cases

Palo Alto Networks Cortex XSOAR is primarily used for automating and orchestrating security processes. Many entities utilize it to manage threat responses, improve SOC operations, and create playbooks for incidents like phishing and network intrusions. They value its integration capability with various security tools, enabling centralized incident handling and automation. It supports endpoint protection and threat intelligence while reducing manual tasks and enhancing efficiency in cybersecurity measures.

Service and Support

Palo Alto Networks Cortex XSOAR support receives mixed feedback. Many find it knowledgeable, responsive, and valuable, rating it around eight or nine out of ten. Some encounter long response times, unfriendly interactions, or excessive delays, emphasizing the need for improvement. Experiences with support can vary, especially without premium options. Kickstart services ensure good initial setup, while ongoing support follows Palo Alto standards. Issues sometimes arise with time zone differences and response effectiveness.

Deployment

Initial setup of Palo Alto Networks Cortex XSOAR is generally straightforward with minimal complexity. Deployments vary in duration depending on factors like specific configurations and integrations. Many find it manageable within a short time frame, though some experience challenges involving integrations or use case complexities. Cloud deployments are simpler, while on-premise setups can present additional hurdles. Assistance from technicians or company resources aids in smooth setup, easing any complexities with tailored support.

Scalability

Palo Alto Networks Cortex XSOAR demonstrates strong scalability, effectively managing large numbers of users and integrations. While scalability is generally rated highly, challenges exist with high-volume deployments due to cost and some integration speed issues. Organizations appreciate its ability to expand, integrate numerous tools, and adapt to secure environments. Careful planning enhances transition ease, though performance slowdowns occur during intense operations. Users leverage its capabilities, gradually increasing its use across diverse security teams.

Stability

Palo Alto Networks Cortex XSOAR is generally very stable. Users report reliable performance, no crashes or freezes, and quick loading times. Maintaining updates is crucial for stability, as some issues occur with outdated systems. Proper sizing is recommended to avoid performance problems during heavy workloads. Ratings largely range from eight to ten out of ten, although a few users have reported occasional bugs or slowness. Stability improves with correct configurations and a stable internet connection.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Palo Alto Networks Cortex XSOAR Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	19
Midsize Enterprise	6
Large Enterprise	23

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	310
Midsize Enterprise	167
Large Enterprise	636

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

13%

Computer Software Company

10%

Manufacturing Company

Government

Comms Service Provider

Retailer

Educational Organization

University

Healthcare Company

Insurance Company

Energy/Utilities Company

Outsourcing Company

Performing Arts

Media Company

Construction Company

Real Estate/Law Firm

Marketing Services Firm

Transportation Company

Consumer Goods Company

Wholesaler/Distributor

Legal Firm

Non Profit

Hospitality Company

Recreational Facilities/Services Company

Aerospace/Defense Firm

Logistics Company

Pharma/Biotech Company

Wellness & Fitness Company

Compare Palo Alto Networks Cortex XSOAR with alternative products

Learn more about Palo Alto Networks Cortex XSOAR

Cortex XSOAR stands out for its capability to automate and orchestrate security tasks through customizable playbooks and robust third-party integrations. Its analytics offer insights into incidents, while machine learning prioritizes alerts and reduces false positives. Despite its powerful features, users note room for improvement in documentation, interface design, and integration capabilities. Cost and complexity in setup and deployment are also concerns. Users in security operations centers benefit significantly from automated data enrichment, streamlined incident response, and efficient handling of threats like phishing and endpoint management.

What are the key features of Cortex XSOAR?

Automation & Integration: Automates security tasks and integrates with many third-party tools.
Customizable Playbooks: Flexible playbook creation tailored to specific security needs.
User-Friendly Interface: Simplifies incident management, improving workflow efficiency.
Machine Learning: Prioritizes alerts and reduces false positives for better decision-making.
Analytics & Dashboards: Provides insights through customizable analytics and dashboards.

Why should users consider Cortex XSOAR's benefits?

Reduced Response Times: Accelerates incident response through automation and orchestration.
Improved Workflows: Streamlines security operations for greater efficiency.
Insightful Analytics: Offers valuable insights into security incidents and operations.
Scalability: Supports growing security needs with straightforward scalability.
Enhanced Threat Management: Increases capabilities in handling phishing and endpoint threats.

Cortex XSOAR is implemented across industries for automating and streamlining security operations. Organizations use it to create playbooks, integrate with security tools, and automate repetitive tasks, thereby improving the efficiency of their security operations centers and incident management processes.

Palo Alto Networks Cortex XSOAR was previously known as Demisto Enterprise, Cortex XSOAR, Demisto.

Palo Alto Networks Cortex XSOAR customers

Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity

Product Categories

Security Orchestration Automation and Response (SOAR)

SOC as a Service

Popular Comparisons

IBM Security QRadar vs Palo Alto Networks Cortex XSOAR

Microsoft Sentinel vs Palo Alto Networks Cortex XSOAR

Elastic Security vs Palo Alto Networks Cortex XSOAR

AWS Security Hub vs Palo Alto Networks Cortex XSOAR

Torq vs Palo Alto Networks Cortex XSOAR

Exabeam vs Palo Alto Networks Cortex XSOAR

Arctic Wolf Managed Detection and Response vs Palo Alto Networks Cortex XSOAR

Stellar Cyber Open XDR vs Palo Alto Networks Cortex XSOAR

Splunk SOAR vs Palo Alto Networks Cortex XSOAR

NetWitness NDR vs Palo Alto Networks Cortex XSOAR

Sumo Logic Security vs Palo Alto Networks Cortex XSOAR

Tines vs Palo Alto Networks Cortex XSOAR

Google Security Operations vs Palo Alto Networks Cortex XSOAR

ThreatConnect Threat Intelligence Platform (TIP) vs Palo Alto Networks Cortex XSOAR

ServiceNow Security Operations vs Palo Alto Networks Cortex XSOAR

See all alternatives

Palo Alto Networks Cortex XSOAR Reviews Summary
Author info	Rating	Review Summary
Enterprise Security Architect V at FirstEnergy	4.5	I find Palo Alto Networks Cortex XSOAR a highly customizable and automatable central hub for incident response, despite occasional system slowdowns with high alert volumes. Setup was easy, and it aids metric tracking, though support has time zone challenges.
Lead Application Security Engineer Iv at a financial services firm with 5,001-10,000 employees	4.5	I value Cortex XSOAR for its security automation, playbooks, and integrations, dramatically improving SOC efficiency. My main concern is the poor UI/UX, and initial setup challenges, though stability and scalability are generally strong.
Vice President, Technology at Cache Digitech Pvt Ltd.	3.0	As a reseller, I find Palo Alto Networks Cortex XSOAR offers good automation, analytics, and integrations, with great support. However, its high cost limits it to larger companies, and it needs more low-code features. I rate it 6/10.
Assistant Security Architect at Cloudnomics	4.0	I use Cortex XSOAR for malware incidents, valuing its automation and marketplace for reducing MTTR. Yet, I find playbook creation difficult for junior analysts, despite the product's stability, scalability, and easy integration.
Manager at Deloitte	4.5	I find XSOAR excellent for automation, compliance, and multi-language scripting, making orchestration easy. Its heavy UI and high licensing costs are major drawbacks, but it delivers significant ROI for mature SOCs.
Presale Engineer at Westcon-Comstor	4.0	I use Cortex XSOAR as a stable and scalable orchestration automation platform for security events, rating it 8/10. While its versatility and automation are valuable, its complexity and integration requirements mean deployment isn't easy.
Cyber Security Analyst at Altisec Technologies Pvt Ltd	5.0	I find Cortex XSOAR excellent for streamlining security and automating complex playbooks. Its vast integration library and scalability are valuable, though Python playbook creation can be tedious. I've experienced great stability and support, rating it 10/10.
Delivery Manager at a tech services company with 1,001-5,000 employees	4.5	I find Cortex XSOAR essential for large, stable security operations due to its automation and comprehensive features. However, its high cost and large scale make me wish Palo Alto offered a lighter, more accessible version for smaller organizations.

Title	Rating	Mindshare	Recommending
IBM Security QRadar	4.0	5.9%	90%	217 interviews Add to research
Microsoft Sentinel	4.1	10.1%	93%	110 interviews Add to research

Palo Alto Networks Cortex XSOAR Reviews

What is Palo Alto Networks Cortex XSOAR?

Featured Palo Alto Networks Cortex XSOAR reviews

Palo Alto Networks Cortex XSOAR mindshare

PeerResearch reports based on Palo Alto Networks Cortex XSOAR reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Palo Alto Networks Cortex XSOAR with alternative products

Learn more about Palo Alto Networks Cortex XSOAR

Palo Alto Networks Cortex XSOAR customers

Related questions

Product Categories

Popular Comparisons