Palo Alto Networks Cortex XSOAR Reviews

It is a security orchestration and automation tool.

It basically lets us automate and orchestrate tasks across all your security tools. Imagine integrating our vulnerability management tool with XSOAR. For example, we get a ServiceNow ticket requesting a scan for a specific server before it goes live. XSOAR can trigger that scan automatically, streamlining the entire process. That's the power of XSOAR—automating repetitive tasks and freeing up your security team for more strategic work.

The most valuable feature is its capability to automate responses and collect information for any security event before you even delve into the details.

It's a vast product with an active roadmap, so I'm satisfied with it for now. It's very efficient at data collection and correlation. 

There is room for improvement in support. The response time could be faster.

We have been using it for two years now. It's cloud-based and hosted by Palo Alto.

It's stable. The features and functionalities work as intended mostly. It's a good, reliable product.

We have six users actively using XSOAR. XSOAR is specifically for security teams, it is not for everyone to use.

The customer service and support are okay, not the best, not the worst. Their initial response time is quite long, and even after you get back to them, it takes them a while to provide troubleshooting steps and follow through.

We actually did run a couple of POCs for other products. My company switched to XSOAR because it's a very stable product, and its integration capabilities with most security tools are fantastic. 

If it wasn't available, we'd have to manually develop integrations for each tool, which would be incredibly time-consuming. So, that's the main reason we went with XSOAR.

For cloud deployments, it's a breeze. No installation is needed; just access the provided link and start working. 

But for on-prem, it's a different story. You need to install multiple components and provision servers and integrate them with Palo Alto's platform according to documentation. It's a lengthy process, not overly complex, but due to the tool's architecture, it's unavoidable for on-prem installations. Cloud-based is definitely the easier option.

On-premise installation is complex and time-consuming, with multiple servers and integrations to manage. So, on-premise installation is a hassle.

It's expensive, but the value it offers makes it worthwhile.

It's a very stable product, definitely worth the investment. You won't regret your spending.

Overall, I would rate the solution a nine out of ten. The only reason it loses a point is the support team. Their performance hasn't reached the same level as other Palo Alto offerings.

The client never had any XSOAR automation before, and they never had a CRM implemented with them, either. So we provided both CRM and complemented with XSOAR.

So it's a totally new experience, and we have already developed three playbooks. To move further, we have to wait for the next few months before we agree on any automation response.

The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features. It is followed by a lot of people simply needing to reference it. So, it is very easy to use for people facing chat problems.

I would like to have a better visualization of the command center. In command and samples, the sample has a product called the command center.

I want the scalability of the product to be improved.

I have been using Palo Alto Networks Cortex XSOAR for three months. My company is a service provider for Palo Alto Networks.

It is a stable solution. I rate the stability an eight out of ten.

It is not a very scalable solution. Because of the implementation that we have within the device as it is metered by the number of even EPS that we are able to accept. At present, twelve users are using the solution as we are a government enterprise.

I rate the scalability a six out of ten.

The initial setup is a bit complex because we have to log in to the virtual machine, which is a bit of a negative process. It takes around three weeks to be deployed. On a scale of one to ten, where one is difficult, and ten is easy, I rate the initial setup a six. The solution got deployed on the cloud and on-premises.

The pricing is on the high side. It's pricey and expensive. On a scale of one to ten, where one is a low price, and ten is a high price, I rate the pricing a nine.

I recommend the solution but ensure it fits your requirements.

I rate the overall solution a nine out of ten.

The solution is user-friendly and easy to configure.

Palo Alto needs to develop more AI-centric products. Also, the price could be cheaper. It doesn’t have infinite connectors.

I have been using Palo Alto Networks Cortex XSOAR for a couple of years.

The product is very stable.

5,000-7,000 users are using this solution.

Technical support is knowledgeable.

We used to work on the IBM XSOAR product, which was well-developed and competitive. The IBM component was strong, but Palo Alto Networks Cortex XSOAR performed well. The main difference lies in the level of suggestions provided by the playbooks when analyzing logs. IBM's suggestions to be better.

The initial setup is simple. Your level of understanding significantly impacts the effectiveness of implementation. People may learn the hard way, especially post-implementation, highlighting the importance of a comprehensive experience.

I recommended Palo Alto Networks Cortex XSOAR to a friend, and they have been using it to access and respond to issues in their data center. So far, there have been no complaints, not even worth mentioning. They also requested repairs through the platform.

The playbook is very good and user-friendly compared to IBM.

There are always things missing in some of the boxes. In some instances, there appears to be a leak. There are inconsistencies. Solutions like Palo Alto Networks Cortex XSOAR or similar products are necessary.

Overall, I rate the solution an eight out of ten.

The SOC team needs the tool to understand the network and determine why an incident happens. The tool helps understand user behavior and helps with threat hunting.

The solution has a lot of information, like playbooks and incidents. It goes really deep. The vendor provides training, knowledge bases, workshops, and webinars. The product can automate security tasks. Playbooks are the most beneficial feature. We can create a playbook. We can get visibility on incidents.

We can also analyze user behavior and understand whether it is a true positive or a false positive. We have so many false positives these days in security, so it's nice when we can put things in the block list. We can perform investigations. The product can be integrated with third-party tools.

The solution is complicated to learn. Customers find it difficult to learn how the solution works. We need professionals to learn and understand how the tool works to expand it further. Our customers want to see more use cases. They want to have more facilitations and more visibility on how it works. We need more skilled people inside and outside the team to understand how it works. It’s difficult to find skilled people to understand how the tool works.

The solution is suitable for enterprise businesses.

We can send an email to the online support portal. We can contact Palo Alto engineers immediately and open a ticket. The engineers will take care of the issue depending on the severity level of the ticket.

Positive

The initial setup is really easy. We just have to order it. When we have the tool, someone from Palo Alto will provide us with the account information. After that, we must set up the users, customers, and resellers. We can do onboarding immediately. The deployment takes one or two days.

Whether the product is cheap or expensive depends on the company and how much they are willing to spend on security. Nowadays, security is important. The solution is not suitable for small businesses. It is better suited for medium and enterprise businesses because it starts with 200 endpoints.

SentinelOne is an endpoint protection tool. However, Palo Alto gives us more security features.

I work with a distributor. I recommend the product to my customers. I'm really satisfied with the tool. It's a very nice tool. It can work and give us what we need. We just need to be patient and learn how it works. The incidents can be handled very easily. Overall, I rate the product a nine out of ten.

Cortex XSOAR is our desktop endpoint security standard. We deploy it on the desktops, monitor the events, and ensure the endpoints stay clean and inoculated. The client is a retail company with salespeople on the floor and roving notebooks that employees bring with them to various locations. We needed a solution that allows us to protect those endpoints no matter where they are. We deployed them through Active Directory using a group policy system. 

Customers don't always have endpoints that are part of their Active Directory, but we chose to use ADGPO to ensure any user logging into our domain(s) had the product installed. There are about 600 users spread out across three locations and six dealerships.

Well since we have deployed Cortex, we have not had any serious malware concerns. I believe Cortex or Traps as it were has helped immensely in keeping our end-user community safe.

That said, cortex has not been without its headaches. For one thing, recently it stopped updating clients and wouldn't allow new installations due to a MS patch that needed to be deployed. It wasn't obvious to me what was occurring as there were zero logs indicating the reason for the failures. We started having desktops falling out of compliance faster and I had to do a bit of digging to find out what was causing it. 

Another dig I have is in the Cortex Dashboard, there are a large numbers of machines that don't show associated usernames. This keeps growing over time. I still been able to determine the cause of this. I have some ideas its due to the way Palo Alto Networks determines who a user is. They look at AD authentication logs and associate the IP address of the user as he joins the network. Then this IP stays associated with that user for about 45 minutes after the user leaves his desktop. So the desktop becomes orphaned when the IP is no longer applicable. 

So in summary, the product has stood up to its core-capabilities, but is lacking in useable actionable logs.

I chose Cortex XSOAR because we use Palo Alto firewalls. My plan was to consolidate our log data from the Palo Alto firewalls and Cortex into a single pane of glass. However, this has not been the experience. The log data from the firewalls never correlates with the log data from Cortex. We still have seperate streams of information to examine. I have not found an easy way to get this to work. But I'm sure there is one.

I want to make note that it seems like Palo Alto Networks is moving to a full A La-cart licensing model where just about every feature in the product has a separate key and license to purchase/maintain and monitor. I have had firewalls bricked because it became cost prohibitive to license them. Once licenses expire, the firewall virtually stops operating as anything more than a router.

With Cortex specifically, it's the poor platform based logging. I can generate logs for individual users, but there is little platform data available from either the client or the Dashboard.

Also, having to maintain GP and Cortex on the same machines makes life more complicated as there are two seperate controls that need to be managed, licensed and monitored. I would like to see a day when GP and Cortex are one and the same with feature switches to enable/disable functionality

We've been using Cortex XSOAR for over 4 years now

Cortex XSOAR is stable as long as it and your end-users computers stay updated. If your population falls behind on certain critical MS updates, your Cortex may stop working!

I believe Cortex is scalable but only to a point. I couldn't see attempting to manage 1000+ users on it. Too many headaches to have to deal with that large a deployment. 

Palo Alto support is horrible and getting worse! What happened to the day I could speak to a real human at Palo Alto Networks that actually understood what I was asking? What happened to the concept of SLA's where priority 1 tickets were addressed within hours? I have gotten to the point where I dread even picking up the phone or opening a support ticket with Palo Alto Networks. 

Maybe they got too big, or maybe they want to be more like Checkpoint in their licensing. Not sure, but please be capable of solving most of your own problems if you incorporate these guys into your solution. 

Spoken from a once true fan of Palo Alto Networks... :( 

Negative

Previously, the clients depended on Malware defense programs like Trend Micro and Norton AV. But these products lack the Endpoint protections needed to adequately protect a user from himself.

Deploying Cortex XSOAR is straightforward if you have experience with this kind of solution. The deployment is about the same as any of its competitors. Cortex isn't any easier or harder to deploy than the other products.

In house. 

Well its hard to put a price on protecting a networks data. The ROI is, we still have our data lol. Still, all employee based organizations need to be implementing an EndPoint Protection control. But budget conscious organizations very definitely should do their homework before commiting. Its not easy to change your mind.

Be aware that licensing can become challenging. Also, there are other products out there such as CrowdStrike, Fortinet and Cisco, that have stronger reputations in EndPoint protection. But they are also point solutions that lack the integration and feature set to become a full operational security endpoint suite of tools. 

I was a former Palo Alto Networks employee (4+) years. So my natural inclination was to choose a product I knew about from my background working for Palo Alto Networks.

I still rate Palo Alto Networks Cortex XSOAR seven out of 10. Since we installed it, we've never had a significant infection. However, beware of new pricing models and ways that Palo Alto will stack licensing up until a solution can become quite expensive to maintain. 

Do your homework!

In my company, it is not me but my team that is involved with Palo Alto Networks Cortex XSOAR. The tool is majorly useful for incident response and automation purposes.

Owing to the features of Palo Alto Networks Cortex XSOAR, my team that operates within our company likes it.

Palo Alto Networks Cortex XSOAR lacks to offer SIEM functionalities currently. From an improvement perspective, I would like to see Palo Alto Networks Cortex XSOAR offer SIEM functionalities.

In the future, I would like to see more automation functionalities.

I have been using Palo Alto Networks Cortex XSOAR for nearly two months.

Stability-wise, I rate the solution a nine out of ten. My team knows about the stability of Palo Alto Networks Cortex XSOAR, and to date, I haven't heard anything bad about the product.

It is a scalable solution.

Palo Alto Networks Cortex XSOAR is a tool that is used only by me and my team in our company. The tool is mainly used by only two people in my company.

Palo Alto Networks Cortex XSOAR's partner, with whom my company deals, helps us whenever needed.

My company did not make any payments towards the licensing costs attached to the product since we were only using its pilot version.

I recommend the solution to those who plan to use it.

I rate the overall product a nine out of ten.

The platform’s setup procedures could be streamlined compared to Sentinel, which has a much easier setup regarding Single Sign-On and policy management.

I haven’t seen any lag in terms of platform scalability. It scales to cover all the endpoints. Although, sometimes there are latencies for Panorama. It could be because there are a lot of legacy systems.

The platform’s technical support team has been helping us from the beginning. At present, we are building a new setup team. They help us with that as well. They are always prompt and pretty fast. Sometimes, we get answers to our queries when we are not officially enrolled in technical support.

Positive

The platform’s setup process is conducted on a virtual machine. The complexity depends on the expertise.

Palo Alto offers significant discounts to customers who purchase the products repeatedly. For example, if they charged 160,000 last year, they might charge 60,000 less this year.

The platform is integrated with Panorama in the Palo Alto ecosystem. It provides the advantage of pulling data and logs from legacy systems better than Sentinel. In comparison, Sentinel primarily pulls data from Defender and Azure Active Directory and doesn’t provide visibility.

The platform uses Python for automation scripts, which is helpful due to Python's extensive data science libraries. At the same time, Sentinel utilizes different languages and Microsoft Visual Basic scripts. It is library friendly.

The Palo Alto ecosystem has a marketplace offering integration with Sentinel or other products. It is useful.

They are bringing a new XDR product. It would have a lot of machine learning and artificial intelligence, data deduplication, and transformation features, which is great for threat detection procedures. It is a sandbox model with features for building playbooks and scripts.

I advise others to visit the website called Palo Alto Beacon. You can access a lot of free training, including example scenarios. You can experiment with different types of use cases. I even advise using Panorama with Palo Alto appliances, especially in the case of a lot of legacy systems like Windows 7 and unique servers like Solaris.

I rate it an eight out of ten.

Cortex is an automation tool, which I have used to make manual processes flow in an automated way. We need to create flows to automate the manual processes.

Cortex orchestration, which I have used to make process automations. That is the Cortex Automation.

I liked the flow creation and the way it handled orchestration from a development point of view. However, my opinion has changed a bit since using ServiceNow, which is more flexible compared to Cortex. In order to create the pro-designer and process automation. 

It was mainly used for automation. For example, a telecom company needed to handle multiple network devices like Cisco devices. They had to check compliance, functionalities, and expiry dates manually. We automated those technical operations.

First of all, it's not very user-friendly. It's quite lagging and not very fast. I believe it's developed in C#, which makes it a bit slow. 

There are many hidden structures, so sometimes the flow gets stuck. We have communicated with Cortex community, and they are still working on these issues. System slowness and performance are the main concerns.

I used it for one year. 

I would rate it a six out of ten, with one being low and ten being high because I have only about one and a half years of experience with Cortex. So, I would rate it a six due to its slowness and complexity.

There were around 20 end users. 

They sometimes delay in providing answers and often don't give proper answers.

Neutral

Recently, I moved to the ServiceNow platform.

To create processes and automate them, ServiceNow offers more flexibility.

Cortex is a single point for automation. For end-to-end deployment, it involves front-end and back-end technologies. We have implemented Logix in Cortex to communicate with network devices. So, we haven't faced any issues during deployment, but after deployment, the slowness of Cortex application or system becomes apparent.

Deployment model:

It's deployed on-premises because I worked for an IT company. They had a relationship with Cortex, and we provided automation services to a telecom client using Cortex.

Integration:

It was easy to integrate Cortex with existing infrastructure and other tech tools. We have done integrations with Amdocs products for the telecom industry using MuleSoft, webMethods, and REST APIs, so it definitely supports these.

It's cheaper. For example, if UiPath costs ten dollars, Cortex might be around three to four dollars. But I'm not part of the pricing team, so this is just my opinion.

It's not difficult for a beginner to learn to use Cortex. I started as a beginner, and it was manageable. It just depends on the learner's interest.

I would rate it a seven out of ten. However, compared to other automation tools, Cortex is not the best, according to current market trends.

I suggest looking at alternatives like UiPath and Automation Anywhere. I don't have experience with them, but they are trending in the market. 

Currently, ServiceNow is also popular for automation purposes.