IT Central Station is now PeerSpot: Here's why

Palo Alto Networks Cortex XSOAR OverviewUNIXBusinessApplication

Palo Alto Networks Cortex XSOAR is #1 ranked solution in SOAR tools. PeerSpot users give Palo Alto Networks Cortex XSOAR an average rating of 8 out of 10. Palo Alto Networks Cortex XSOAR is most commonly compared to Splunk Phantom: Palo Alto Networks Cortex XSOAR vs Splunk Phantom. Palo Alto Networks Cortex XSOAR is popular among the large enterprise segment, accounting for 68% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 26% of all views.
Palo Alto Networks Cortex XSOAR Buyer's Guide

Download the Palo Alto Networks Cortex XSOAR Buyer's Guide including reviews and more. Updated: June 2022

What is Palo Alto Networks Cortex XSOAR?

Palo Alto Networks delivers a complete solution that helps Tier-1 through Tier-3 analysts and SOC managers to optimize the entire incident life cycle while auto documenting and journaling all the evidence. More than 100+ integrations enable security orchestration workflows for incident management and other critical security operation tasks.

Palo Alto Networks Cortex XSOAR is a piece of Security Orchestration, Automation, and Response software that redefines what it means for a program to orchestrate security in an automated manner. It is a next-generation solution that offers all of the features of dozens of siloed security operations center tools in one place. Cortex XSOAR combines case management, automation, real-time collaboration, and threat intelligence management to create a platform that can handle all aspects of system security. Teams that make use of Cortex XSOAR can expect to cut the number of issues that they will have to deal with by 75%. At the same time, the speed at which they resolve those issues that slip through will rise by 90%.

Cortex XSOAR ensures that all of the IT and security tools that you employ function as a unified system. It does this by employing hundreds of integrations that allow you to run a wide variety of programs at once without ever worrying about them interfering with each other. These integrations are limited only by your imagination. They can be used immediately as they are, if that is what you need. However, they can also be customized according to the requirements of your system. This approach provides you with the maximum levels of both flexibility and utility.

The model that this platform uses is based on a machine learning algorithm. The level of automation allows you to provide more than an unchanging and inflexible blanket of coverage. Cortex XSOAR takes all of the data that it gathers and uses it to expand its protective capabilities. This creates recommendations that you can use to create a threat playbook that can be deployed uniformly throughout your organization.


Benefits of Palo Alto Networks Cortex XSOAR

Some of Palo Alto Networks Cortex XSOAR’s benefits include:

  • The ability to have all of your data collected in a single location. Valuable time can be saved now that everything that security analysts need to know in order to diagnose and react to threats has been centralized.
  • Security operations center tasks can be automated. This allows you to assign management and analyst staff to the most essential tasks. The effectiveness of your organization will be increased, which will result in a rise in your company’s overall security and productivity.
  • Many kinds of data can be stitched together by this platform. Network, endpoint, cloud, and identity data can be combined to offer a more complete picture of the threats that are discovered.
  • Integrated threat intelligence management can notify you about threats in real time. Now you can diagnose and address issues as they arise. You can also assign values to the threats so that your resources are being used in the most effective manner possible.


Reviews from Real Users

Palo Alto Networks Cortex XSOAR’s centralized monitoring interface and automation are two features that help it stand out. This might help explain why one quarter of the Fortune 500 companies choose Palo Alto Networks Cortex XSOAR over the competition.

Peerspot users note the effectiveness of these features. One user wrote, “We were looking for a single pane of glass type of solution that would allow us to physically be in one appliance - be able to work in concert with other servers that we have within our environment. We wanted orchestration and automation. The single pane of glass was the most important part.” Another noted, "The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."

Palo Alto Networks Cortex XSOAR was previously known as Demisto Enterprise, Cortex XSOAR, Demisto.

Palo Alto Networks Cortex XSOAR Customers

Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity

Palo Alto Networks Cortex XSOAR Video

Palo Alto Networks Cortex XSOAR Pricing Advice

What users are saying about Palo Alto Networks Cortex XSOAR pricing:
  • "When I first looked at Demisto, it had a price tag of $250,000 but when we finally purchased it, it was $345,000."
  • "It is approx $10,000 or $20,000 per year for two user licenses."
  • "There is a yearly license required for this solution and it is expensive."
  • "From the cost perspective, I have heard that its price is a bit high as compared to other similar products."
  • "The price of Palo Alto Networks Cortex XSOAR could be reduced. We are always looking for a discount. There is an annual license needed to use this solution."
  • Palo Alto Networks Cortex XSOAR Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Cyber Security Engineer / Cyber Investigation / Incident Handler at a government with 5,001-10,000 employees
    Real User
    Top 20
    Enables the investigators to go through the review process a lot quicker
    Pros and Cons
    • "Palo Alto has gotten the investigators more presence to actually go in the report because being that the platform will email the investigator that it's been assigned to, now the investigators will jump in there and start going through the review process a lot quicker."
    • "In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening."

    What is our primary use case?

    We were looking for a single pane of glass type of solution that would allow us to physically be in one appliance be able to work in concert with other servers that we have within our environment. We wanted orchestration and automation. The single pane of glass was the most important part.  Every investigator has a different way of tackling an investigation. Essentially what we wanted to do is to take the mundane tasks that the investigators have to do as part of their investigation process and then automate those mundane tasks as a pre-processor. That way, when the investigation is provided to the investigator in order to review what was found, all they have to do is look at the data that was presented to them and they wouldn't have to go through the process of doing the data enrichment with regards to threats and functions of that nature because all of that was done ahead of time as part of the processing. Right now we've started with one investigation, which is phishing. The user will report any phishing attempts against any of our users within JPL to an email address. Our XSOAR appliance will peek into that mailbox, pull the emails out, and then process those emails that have been reported. As part of the processing, it'll do the data enrichment and once that's done, that's presented to the investigator in order to review the findings. The investigator makes the final verdict. Once the final verdict is rendered, then the other automated task would be the enforcement tasks, which would include any blocking of the sender, blocking of the IP, blocking of the domain, blocking of the URL, and those types of actions.

    How has it helped my organization?

    Palo Alto has gotten the investigators more presence to actually go in the report because being that the platform will email the investigator that it's been assigned to, now the investigators will jump in there and start going through the review process a lot quicker.When my juniors receive an email, I have trained them to jump on it quickly in order to remediate it quickly. The sooner we get it remediated, the less likely a user that hasn't reported it will click on the link and become a victim.Palo Alto has reduced the time that it takes to go through the process of investigating a reported abuse. Rather than one individual, which was the process before, that would handle the abuse mailbox, now we have a team of 15 individuals that all share in the remediation of those reported abuse messages.The process is a lot quicker, nothing seems to slip between the cracks. We've been able to quickly contain phishing campaigns that were launched by external actors against our environment and been able to quickly identify users that have clicked on links and then had them change their passwords in order to reduce the risk of having those accounts used in order to perpetuate additional attacks.

    What needs improvement?

    In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening. From an analyst perspective, it's not that hard to use. From a developer, it takes a little while in order to get to understand exactly how one would go about creating a playbook. The automation part is not that hard. It's relatively easy. It's just creating the flowchart.

    For how long have I used the solution?

    I have been using this solution for one and a half to two years. 
    Buyer's Guide
    Palo Alto Networks Cortex XSOAR
    June 2022
    Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
    608,713 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    I have not had an issue with stability yet. 

    What do I think about the scalability of the solution?

    It is scalable. If I noticed that there wasn't any impact in performance, then I'd simply launch another instance and then cluster them together in order to provide shared resources between the two in a cluster. If a particular integration is misbehaving because there aren't sufficient resources on the one instance that we currently have, then I can detach that instance or that integration from the instance into its own VM. That way it has enough resources on another VM in order to actually run that integration. There are 15 investigators using this solution.  In terms of increasing usage, we're looking at bringing in our audit vulnerability and assessment team and having them do their vulnerability assessments from within the platform. I'm going to have to reach out to them to get them to start looking at the vulnerability layout, the incident type, the playbook, and the Nessus connectors in order to be able to have them perform that through XSOAR and then follow up through XSOAR with regards to remediation.

    How are customer service and support?

    Anytime I have any issues, I'll open up a TAC ticket and then they'll contact a customer support engineer and they'll hand it over to him. From the aspect of the actual people that work in the technical support area, I would rate them an eight out of ten. I would rate it higher just for the technical aspect. 

    Which solution did I use previously and why did I switch?

    We're taking what we have inside of our incident management system and building it into XSOAR. The way case management works now is completely different from the default case management system that is currently in XSOAR.They wanted to free up the guy that was actually doing all of the work. For some reason, we decided we didn't want it in-house. As far as our in-house solution, it was built on CodeFusion and CodeFusion had a number of vulnerabilities that were identified in the last 15 years. They wanted to move away from that. In order to be able to move away from that, we had to find a solution that would allow us the customizability in order to be able to mimic what we already have.

    How was the initial setup?

    The initial setup was straightforward. I had assistance with the pre-sales support engineer and the pre-sale support architect. Both helped me to get it set up. As far as our proof of concept, I had to prove that it was customizable enough in order to have it mimic what we already use because we already had a homegrown internal incident management system that we've been using for 15 years. The initial setup took 90 days. As far as the proof of concept and to set up the first playbook, we ran into some issues where Palo Alto said that the EWS integration worked with on-prem and that we could actually do expungements in an automated fashion. It turned out not to be the case. That took approximately four and a half months to determine that it was not going to function the way it was stated that it would function within the EWS integration. I was hoping to have it done within six months, but it actually took a little over a year to get everything done and into production because of the couple of hiccups that we had with EWS. I had to reach out to Microsoft and talk to their developers with regards to EWS on-prem and then contact the developers inside of Palo Alto which at first didn't want to talk to me, but I finally got them to talk to me, and then I got them to talk to each other and then came to find out that it doesn't really work.That took four and a half months of trying to negotiate the communications between Microsoft and Palo Alto. Finally, I had to bypass the expungement enforcement action because there's no way we could do it with our on-prem devices. As far as that's concerned, that's a manual process. We have to send an email out to our Exchange team in order to get the expungement done.

    What was our ROI?

    We have seen ROI in the time spent on the investigations.

    What's my experience with pricing, setup cost, and licensing?

    The pricing model could be better. When I first looked at Demisto, it had a price tag of $250,000 but when we finally purchased it, it was $345,000. My boss thinks that it was a competitive price though compared to other solutions. My thoughts are we could have done a lot better with the price.

    Which other solutions did I evaluate?

    We evaluated Phantom, Siemplify, SOC 3D,  Swimlane, and a plethora of other solutions.  Demisto led the field. At the time I was looking at it, it was Demisto. Palo Alto had not purchased it. When I started this endeavor, it was six years ago when Demisto was its own company, when Phantom was its own company, SOC 3D was still a company out of Israel, Siemplify was still a company out of Israel, but it was actually starting to set up its US operations. There were a number of other ones. Resilient was another one that I was looking at before they were picked up by IBM. A lot of these didn't have what I needed, which was the ability to customize and the ability to integrate with a lot of vendors that we already have in-house. The two that came to the very top were Phantom and Demisto, and my final decision was to actually go with Demisto because Phantom was acquired by Splunk and I hate Splunk. I was ready to buy, but my management was dragging its feet and they didn't want to loosen up the purse strings in order to make the purchase. But as soon as Palo Alto picked them up, then they were okay with it.

    What other advice do I have?

    I would rate Palo Alto a nine out of ten.  My advice would be to do the same type of research I did to ensure that it's the appropriate fit for your use case. If it's an organization that has an already existing incident management system, make sure that you can customize it so you can reduce the learning curve for your investigators in order to be able to transition from your old IMS over to the new IMS, which would be XSOAR.That's the reason why I took so much time in order to ensure that the customization was there in order to allow me to mimic what we already had in IMS and transition that over to XSOAR. That way, the investigators had a lot less of a learning curve. The only learning curve they had was, "Here's the investigation tab. There's all the data that you need in order to make your verdict. Make your verdict." But as far as writing all the reports, call-down lists, and all that other stuff, that's all part of our original process that I transitioned over to XSOAR.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Splunker, Networking and E-Mail Security Architect, Engineer and Guru at a healthcare company with 10,001+ employees
    Real User
    Top 10
    Easy to use, stable, scalable, and has responsive support
    Pros and Cons
    • "It has an extensive list of integrations that are available out of the box which makes it easy to start."
    • "I would love to see more flexibility on what we can display and design on the dashboards."

    What is our primary use case?

    We use Palo Alto Networks Cortex XSOAR for several areas of security automation, such as phishing, investigating, mitigating, the detection of impossible travel, and consolidating threat information for our internal systems.

    How has it helped my organization?

    It reduces manual interactions of security analysts. Before they had to check on three, or four different websites to see if something was good or bad. Now, Cortex does all of that for us.

    What is most valuable?

    It is very easy to use.

    It has an extensive list of integrations that are available out of the box which makes it easy to start.

    What needs improvement?

    I would love to see more flexibility on what we can display and design on the dashboards.

    For how long have I used the solution?

    Palo Alto Networks Cortex XSOAR has been active for six months. 

    We are always on the latest version.

    What do I think about the stability of the solution?

    Palo Alto Networks Cortex XSOAR is pretty stable.

    What do I think about the scalability of the solution?

    It offers some architecture recommendations to make it really scalable if you choose.

    For example, hot standby, bond standby, clustering, and breaking out components in dedicated servers. You can go wild if you want to go wild, but we wanted to keep it easy and stable.

    Pretty much network security and SOC are the main users. I believe that we are licensed for 20 users.

    We are definitely extensively using this solution. We are currently training many additional teams to be self-sufficient in usage. The usage will increase more and more.

    How are customer service and technical support?

    With Palo Alto technical support, if you get to the right people, you get an answer very quickly. 

    What I like about the Cortex team is that they have a dedicated select center where you can get service in minutes and that's extremely helpful.

    Overall, I am satisfied with the technical support.

    Which solution did I use previously and why did I switch?

    We evaluated two or three other vendors. 

    We are a very big Palo Alto shop and we needed to have some Palo Alto features, which are implemented now in Cortex. We are pretty much guided in that direction for some of the security features we need for our firewalls.

    How was the initial setup?

    I would say the initial setup was really straightforward. 

    You need to be a little bit aware of Linux unless you buy the hosted version, then you don't need to know anything about it. If you decide you want to run it yourself, you should have some Linux skills because it's a Docker framework on Linux. Knowing a bit about that is handy.

    It was up and running in half a day.

    What about the implementation team?

    It only requires one person to maintain this solution. I do it myself along with many other tasks. In a larger environment, you split into two teams, OS maintenance and application maintenance.

    We had help from Palo Alto SE resource for the PoC, but the setup was completed on our own.

    What's my experience with pricing, setup cost, and licensing?

    We have a concurrent user license. 

    The licensing is a pretty high price for a user license per year.

    The base product is very cheap, you can even get it for free, but the fee per user is expensive. It is approx $10,000 or $20,000 per year for two user licenses.

    It's a great product, although it might become very pricey if you need several user licenses.

    They need to automate everything to reduce the number of user licenses needed. If it is an automated workflow, you don't need to be licensed.

    If Cortex sends an email asking a user to say yes or no, you don't need a license for that user. You just need a user license if you want to improve what Cortex does in terms of workbooks, cases, and more.

    Which other solutions did I evaluate?

    We evaluated Splunk for six months and decided against it three to six months ago.

    What other advice do I have?

    Have a very good understanding of what you want to automate. Define the process and make sure the integrations you need are available out of the box.

    I would also suggest starting simple. Try easy use cases first and until you feel confident before you get into more complex use cases.

    I would rate Palo Alto Networks Cortex XSOAR a nine out of ten.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Palo Alto Networks Cortex XSOAR
    June 2022
    Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
    608,713 professionals have used our research since 2012.
    reviewer1285209 - PeerSpot reviewer
    Tech Lead at a tech services company with 1,001-5,000 employees
    Real User
    Top 5Leaderboard
    User-friendly and robust with good technical support
    Pros and Cons
    • "The automation is excellent."
    • "When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot."

    What is our primary use case?

    I primarily pitch and sell this solution to our customers. We do product assessments and consult with customers for the most part.

    Clients can use it for automation. 

    What is most valuable?

    The solution has very good integration capabilities. It's really the best at integration. Inside every integration, there are certain commands which we can call upon, which makes it very useful as a product.

    The automation is excellent. 

    The product is very robust.

    With this solution, we can do dynamic remediation.

    It's a product that is constantly upgrading and improving.

    It's a user-friendly solution.

    Technical support is very helpful and responsive.

    What needs improvement?

    We'd like to be able to add as many integrations as possible. We would like more options for our clients. 

    A few times, I have noticed some bugs. That may be due to the fact that they are consistently upgrading the product. With new releases, a few bugs might get through.

    The solution is expensive. They should work to make it less costly for the customer.

    For how long have I used the solution?

    I've been working with the solution for the past five years or so at this point. It's been a while. 

    What do I think about the stability of the solution?

    There are a few bugs here and there when new releases happen. We've used it from version four all the way to version six and have dealt with a few bugs, however, that is expected. That's always some in any products. It's fine for us.

    Mostly, the stability is okay. The integration keeps on triggering every time. It has jobs that are learning all the time. It's based on completely API integrations. As long as there is compatibility, the solution is pretty available. It is always ready to go.

    What do I think about the scalability of the solution?

    We haven't tried to scale, however, as per the technical documents which I have read, it should be understood by the customer before it is deployed. It all depends on how many integrations or how many triggering points a company has. You need to have an idea of the scope. Remediation can take a minute or two, however, it will still be possible. There isn't too much of a concern for scaling right now.

    We have one or two customers using the solution for their own purposes. We are consulting with two more customers. We do plan to increase usage in the future. 

    How are customer service and technical support?

    We've dealt with technical support in the past. They're 100% responsive and they have a lot of channels in which to talk to them. You can always get a hold of them and they are very knowledgeable. We are quite satisfied with their level of support.

    How was the initial setup?

    Initially, we found the implementation to be a bit difficult. However, now we have done it quite a few times for clients, and we find it to be very straightforward and simple. You get used to the process. You learn how to do it. It's simple.

    What about the implementation team?

    We implement the solution for our clients as consultants. 

    What's my experience with pricing, setup cost, and licensing?

    The licensing is paid on a yearly basis. It is quite expensive. 

    When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot. 

    What other advice do I have?

    We are a partner for Palo Alto. I have been certified with them. I did certifications around their certificates when they were Demisto, however, right now, we are Palo Alto partners.

    It's not a SIEM product, however, it's a next-gen automation platform for SIEM SOC services.

    I'd advise companies considering the solution to assess the existing environment before they go ahead and choose something. This solution is basically built for a vast organization or a medium and big organization. Smaller organizations have other options which are available to them that might be more appropriate. 

    Companies should assess the product before it's brought on, as the cost is high. Businesses need to check their budget around that, and whether it will be flexible or not. 

    It's also important to have a proper engineering and design team to implement that product.

    I'd rate the solution at a nine out of ten overall.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Vice President Global Technology Infrastructure Automation at a financial services firm with 10,001+ employees
    Real User
    Top 5Leaderboard
    Detects and whitelists certain IP addresses based on where they're coming from
    Pros and Cons
    • "The solution is very reliable."
    • "The solution is very expensive."

    What is our primary use case?

    We use Palo Alto as a firewall, a system for detecting and whitelisting certain IP addresses or to block certain IP addresses based on where they're coming from. We then send the logs to another log management tool for more forensics and analysis before we make a decision.

    We're basically using Palo Alto for firewalling and sending those logs to another security monitoring tool to make decisions based on analytics that it provides us.

    What is most valuable?

    The solution is very reliable. The performance is great.

    The scalability of the solution is excellent. 

    We find the solution to be very robust. Palo Alto has been in the industry a long time and the solution reflects that.

    The initial setup is very straightforward. It's not hard to deploy.

    What needs improvement?

    The solution is very expensive. They would get more clients if it wasn't so pricey.

    For how long have I used the solution?

    I've been using the solution for about four years at this time. It's been a while. 

    What do I think about the stability of the solution?

    The solution is very reliable in terms of performance. It doesn't crash or freeze. There are no bugs or glitches.

    What do I think about the scalability of the solution?

    The solution is extremely scalable. If a company needs to expand it, it can do so easily.

    How are customer service and technical support?

    The technical support has been very good. Palo Alto is top of the line. They've been in the industry a long time and their support team reflects that knowledge. We are very satisfied with their level of support.

    Which solution did I use previously and why did I switch?

    I also work with Fortinet. We've used them for around the same amount of time.

    How was the initial setup?

    We found the initial setup to be quite straightforward. It's not hard to do. A company shouldn't have too much of a problem getting it up and running.

    What's my experience with pricing, setup cost, and licensing?

    I cannot speak to the exact cost of the solution or how much our organization pays.

    However, it is my understanding that the product is extremely expensive.

    What other advice do I have?

    I'm not sure which version of the solution we're using at this time.

    I'd rate the solution at an eight out of ten. We've been quite pleased with its capabilities. The only thing is it is pretty expensive.

    I'd recommend other users work both with Palo Alto and Fortinet. They are great together. They compliment each other nicely.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees
    MSP
    Top 5Leaderboard
    Easy to set up with good technical support and good stability
    Pros and Cons
    • "The pricing is very good."
    • "The user interface could be a bit better."

    What is our primary use case?

    We primarily use the solution for automation and the orchestration of security.

    What is most valuable?

    We've only just installed the solution and need time to explore its functionality and capabilities. So far, we haven't experienced any issues.

    The stability has been good overall.

    The initial implementation wasn't overly complex. It was easy.

    The pricing is very good.

    Technical support is helpful and responsive.

    What needs improvement?

    Although we haven't used the solution for too long, we haven't come across any issues and haven't noticed any features that are lacking. We're largely satisfied with the offering. 

    The user interface could be a bit better. It's the only aspect I've noticed that could possibly be improved. 

    Other than that, we've been pretty happy with it.

    For how long have I used the solution?

    We've just implemented the solution. We've only been using it for a few weeks. It hasn't been too long just yet.

    What do I think about the stability of the solution?

    So far, we have found the stability to be very reliable. There are no bugs or glitches. It doesn't crash or freeze. The performance, in the few weeks we've used it, has been good.

    How are customer service and technical support?

    Technical support has been helpful so far. They are knowledgeable and responsive and we've been very satisfied with their level of support.

    How was the initial setup?

    The installation was very straightforward. It only took about a day. Not even that long. The deployment was fast. A company shouldn't have run into any issues with the initial setup.

    What about the implementation team?

    I was able to handle the implementation myself. I did not need the assistance of an integrator or consultant.

    What's my experience with pricing, setup cost, and licensing?

    We've found the pricing to be very reasonable. It's not particularly expensive.

    The customers do not have to pay for licensing; we deliver it for free.

    What other advice do I have?

    We have the solution integrated into our QRadar.

    In the time we've used it, from what I've experienced, I'd rate the product at an eight out of ten. We've had a very positive experience.

    I would recommend the solution to other companies.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
    Darshil Sanghvi - PeerSpot reviewer
    Consultant at a tech services company with 501-1,000 employees
    Reseller
    Top 5Leaderboard
    High level log overviews, integrates well, and effective orchestration
    Pros and Cons
    • "The most valuable features are the orchestration because of the way in which it coordinates the loss from all the devices and it provides us with a high-level overview of the critical log information."
    • "There should be an on-premise version available for customers to have different choices."

    What is our primary use case?

    We are using this solution to have a completely organized SOC from a list of devices in our environment. We are able to manage all of our devices, such as firewalls and endpoint protection solutions.

    What is most valuable?

    The most valuable features are the orchestration because of the way in which it coordinates the loss from all the devices and it provides us with a high-level overview of the critical log information. Additionally, this solution integrates very well, we have integrated a Palo Alto firewall and everything is working perfectly.

    What needs improvement?

    There should be an on-premise version available for customers to have different choices.

    For how long have I used the solution?

    I have been using this solution for approximately one year.

    What do I think about the stability of the solution?

    The solution is very reliable because it is on the cloud.

    What do I think about the scalability of the solution?

    The solution is scalable. We have already approximately 200 devices deployed into the cloud and we are planning to increase usage in the future. We have approximately 600 employees using this solution in my organization and the solution has been completely coordinating the logs of all these users well.

    How are customer service and technical support?

    The technical support is satisfactory. If we need any clarification or faced any issues we have been in contact with the support. However, there is room for improvement.

    How was the initial setup?

    The solution is easy to deploy and manage.

    What's my experience with pricing, setup cost, and licensing?

    There is a yearly license required for this solution and it is expensive.

    Which other solutions did I evaluate?

    We have evaluated other solutions but they do not compare with the number of features this solution provides. There is a wide range of features in this solution.

    What other advice do I have?

    I would recommend this solution to those that already have a SOC or a NOC. It will enhance their logs and XSOAR will handle their internet activities. 

    If they are not involved with SOCs or NOCs then I do not think they require this solution.

    I rate Palo Alto Networks Cortex XSOAR an eight out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Shubham Agarwal - PeerSpot reviewer
    Network Security Engineer at a tech services company with 201-500 employees
    Real User
    Top 20
    Very scalable, awesome automation, and awesome technical support
    Pros and Cons
    • "The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
    • "For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added."

    What is our primary use case?

    The use cases basically came from the customers. Most of the time, the major concern is from a security perspective because various kinds of attacks are happening. To restrict or stop those attacks, we are building playbooks. We are also automating repetitive tasks.

    We are using on-premise as well as cloud deployments.

    What is most valuable?

    The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work.

    What needs improvement?

    For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else.

    In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added.

    For how long have I used the solution?

    I have been working on this solution for the last four months.

    What do I think about the stability of the solution?

    Its stability is okay.

    What do I think about the scalability of the solution?

    It is very scalable. It can be easily integrated with other third-party APIs.

    How are customer service and technical support?

    Their technical support is awesome. It is far better than the technical support of any other company.

    How was the initial setup?

    The setup is very easy. It is very straightforward. The deployment took around 15 minutes.

    What's my experience with pricing, setup cost, and licensing?

    From the cost perspective, I have heard that its price is a bit high as compared to other similar products.

    What other advice do I have?

    For each SOC and MSS environment, I would recommend using Cortex XSOAR for better productivity, scalability, performance, and efficiency. A lot of manual work is happening right now, and that could be avoided. People can be utilized for more productive work.

    I would rate Palo Alto Network Cortex XSOAR an eight out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Rodrigo AlexiPizarro - PeerSpot reviewer
    IT Operations Deputy Manager at Ultramar Agencia Marítima
    Real User
    Top 20
    Helpful remote control capabilities, scalable, and simple deployment
    Pros and Cons
    • "The most valuable features of Palo Alto Networks Cortex XSOAR are the remote controller from the workstation that can execute commands and isolate the systems outside of the network. Only the system with an internet connection can execute the task because the main console is in the cloud."
    • "Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated."

    What is our primary use case?

    My primary use for Palo Alto Networks Cortex XSOAR is to protect the workstation for the end-users.

    What is most valuable?

    The most valuable features of Palo Alto Networks Cortex XSOAR are the remote controller from the workstation that can execute commands and isolate the systems outside of the network. Only the system with an internet connection can execute the task because the main console is in the cloud.

    What needs improvement?

    Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated.

    For how long have I used the solution?

    I have been using Palo Alto Networks Cortex XSOAR for two years.

    What do I think about the scalability of the solution?

    We have approximately 1,000 users using Palo Alto Networks Cortex XSOAR in our organization. The solution is scalable.

    How was the initial setup?

    We only require one or two staff to deploy the agent of Palo Alto Networks Cortex XSOAR because it is very simple. One for the server and the other for the workstation.

    What's my experience with pricing, setup cost, and licensing?

    The price of Palo Alto Networks Cortex XSOAR could be reduced. We are always looking for a discount. There is an annual license needed to use this solution.

    What other advice do I have?

    I rate Palo Alto Networks Cortex XSOAR a ten out of ten.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Buyer's Guide
    Download our free Palo Alto Networks Cortex XSOAR Report and get advice and tips from experienced pros sharing their opinions.
    Updated: June 2022
    Buyer's Guide
    Download our free Palo Alto Networks Cortex XSOAR Report and get advice and tips from experienced pros sharing their opinions.