Try our new research platform with insights from 80,000+ expert users

Palo Alto Networks Cortex XSOAR Valuable Features

CC
Enterprise Security Architect V at FirstEnergy

What I appreciate most about Palo Alto Networks Cortex XSOAR is that it is very open, even more so than Anomali. I can create various custom automations and custom fields. There is significant customization ability in this platform. If I already have an established process, I do not have to change my process to fit into the tool. I can modify the tool to fit into my process, which makes things considerably easier.

All of our alerts from different tools come into this central place as we have multiple SIEMs. We have items coming from Anomali and other platforms that are not SIEM tools. This serves as our central location where our SOC analysts can work and determine if incident response is needed. The platform provides data enrichment capabilities, offering information upfront so analysts do not have to search for it. They can access details such as username, phone number, email address, and workplace information. For malware files, they can retrieve details from VirusTotal, including file names and environment presence. We have built substantial automation around these features, which also helps us track case metrics, investigation time, and threat mitigation duration.

View full review »
NikhilSharma2 - PeerSpot reviewer
Manager at Deloitte

The best feature is the CLI part. If you want to execute any command or something like that, it is very easy. You can get a tab, and you just type the command there, and it will run. The playground feature is very good. You don't need a separate development environment; you can use it directly within XSOAR. These are the things that make XSOAR stand out compared to other products.

For orchestration, the processes are very user-friendly. Even if I'm not an XSOAR admin, I can quickly become proficient with it. You just have to navigate through the various options in Palo Alto Networks Cortex XSOAR, and it becomes easy to manage. For instance, if you are a SOC analyst and want to start using XSOAR, it's very easy to access and retrieve the details you need.

To put it in simpler terms, using XSOAR is like using a Fire Stick, where you have all your OTT platforms available. Similarly, in XSOAR, you get all the related alerts, whether from SIEM, EDR, or XDR, all consolidated in one place. You can analyze the data, make decisions, and even automate certain processes based on the data you receive. XSOAR assists in automating workflows, making decision-making processes easier.

The orchestration in XSOAR is significantly easier compared to other SOAR tools I've used, like Siemplify, Splunk Phantom, and FortiSOAR. The processes are much more streamlined in XSOAR, which is what I appreciate most about it.

So, when it comes to automation and playbooks, it is very easy. XSOAR is the only platform that supports three scripting languages: Python, JavaScript, and PowerShell. So you don't have to worry much about compatibility. If someone knows Python, they can easily create a playbook for automation. They can write the automation scripts and handle everything. Even if you're like me, coming from a Windows background and only familiar with PowerShell scripting, you can still create automation within XSOAR. This flexibility is something that XSOAR provides, unlike other tools that only support Python.

XSOAR uses machine learning and generative AI, particularly in threat intelligence. In security, threat intelligence is the only area where AI and machine learning are truly effective. Aside from that, whatever vendors are claiming about AI is often just marketing hype. They might suggest that AI can be used everywhere, but security compliance is a crucial factor. 

For example, if I request AD admin access, it's unlikely anyone would grant it due to security concerns. This demonstrates the limits of AI in certain aspects of security. They may have chatbots and other features, but their necessity is questionable. For instance, if I need details about a particular IP or URL, I can retrieve it myself by running a command. Human intervention is still necessary in these cases.

We can definitely use AI in incident response, but the major thing is in managing case notes. We recently initiated a project focused on ensuring that case notes added by analysts follow a proper format. We can then utilize generative AI to improve this process. For example, if an alert is related to a DNS query, we can create different templates. Based on the best keyword match, AI can make decisions, which is part of our plan.

View full review »
Engineerinfosec67 - PeerSpot reviewer
Presale Engineer at Westcon-Comstor

The solution is an orchestration automation platform. Three main features can help me: execution of automatic tasks for collecting, enriching, and correlating security events from hundreds of different technologies that I can integrate into the platform. Each incident collected is orchestrated with automation that selects the security analyst to be involved, or provides complex execution plans for managing security incidents.

View full review »
Buyer's Guide
Palo Alto Networks Cortex XSOAR
June 2025
Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,481 professionals have used our research since 2012.
Shubham Pandharpote - PeerSpot reviewer
Cyber Security Analyst at Altisec Technologies Pvt Ltd

The most valuable features of Cortex XSOAR include its vast library of plugins, which allow us to integrate various tools and solutions seamlessly. Additionally, the ability to create complex playbooks tailored to our needs and the option to incorporate user input within the workflows are highly beneficial.

View full review »
Jasmin Surani - PeerSpot reviewer
Senior Cybersecurity Engineer (Security Operations & Engineering) at a manufacturing company with 10,001+ employees

The most valuable feature is its capability to automate responses and collect information for any security event before you even delve into the details.

It's a vast product with an active roadmap, so I'm satisfied with it for now. It's very efficient at data collection and correlation. 

View full review »
Henok Tsegaye - PeerSpot reviewer
BDM/Chief Information Officer at Afcor PLC

The solution is user-friendly and easy to configure.

View full review »
Donald Keeber - PeerSpot reviewer
President at Margate Net

I chose Cortex XSOAR because we use Palo Alto firewalls. My plan was to consolidate our log data from the Palo Alto firewalls and Cortex into a single pane of glass. However, this has not been the experience. The log data from the firewalls never correlates with the log data from Cortex. We still have seperate streams of information to examine. I have not found an easy way to get this to work. But I'm sure there is one.

View full review »
Oleksii Pavlyk - PeerSpot reviewer
Head of the direction of ensuring the security of digital systems, electronic databases and networks at Ukreximbank

Owing to the features of Palo Alto Networks Cortex XSOAR, my team that operates within our company likes it.

View full review »
MA
MSS Delivery Lead at Help AG

The product’s stability is good. We are able to achieve our use cases. We have multiple playbooks to support automation.

View full review »
Iskandar Iskak - PeerSpot reviewer
Director Sales for Education Market at Telekom Malaysia

The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features. It is followed by a lot of people simply needing to reference it. So, it is very easy to use for people facing chat problems.

View full review »
Nethra Sk - PeerSpot reviewer
Head of Security Monitoring and Control at Alstom Ferroviaria S.p.A.

Its agility and scalability are valuable.

View full review »
Sara Qafa - PeerSpot reviewer
Systems Engineer at Exclusive Networks

The solution has a lot of information, like playbooks and incidents. It goes really deep. The vendor provides training, knowledge bases, workshops, and webinars. The product can automate security tasks. Playbooks are the most beneficial feature. We can create a playbook. We can get visibility on incidents.

We can also analyze user behavior and understand whether it is a true positive or a false positive. We have so many false positives these days in security, so it's nice when we can put things in the block list. We can perform investigations. The product can be integrated with third-party tools.

View full review »
reviewer1940673 - PeerSpot reviewer
Security Project Manager at a retailer with 10,001+ employees

The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case.

View full review »
DL
Senior Information Technology Support Engineer at TSCNET Services GmbH

The solution works well.

It’s easy to install.

It’s stable.

The solution can scale as needed.

View full review »
reviewer1469436 - PeerSpot reviewer
Splunker, Networking and E-Mail Security Architect, Engineer and Guru at a healthcare company with 10,001+ employees

It is very easy to use.

It has an extensive list of integrations that are available out of the box which makes it easy to start.

View full review »
Nuno-Santos - PeerSpot reviewer
SOC Operator at a tech services company with 11-50 employees

Cortex XSOAR's playbook for incident management and automation is highly valuable. We develop Playbooks automation, centralize incident data, and try to enhance the efficiency of resolving incident cases. The platform's features focus on closing the incident lifecycle more quickly, managing incidents efficiently, and integration capabilities across security infrastructure.

View full review »
AkashMajumder - PeerSpot reviewer
SOC Analyst at Contensis

We use the solution to automate our SIEM tools and incidents.

View full review »
Mostafa-Ahmed - PeerSpot reviewer
Cybersecurity incident response team lead at Information Technology Solutions- ITS

What I like most about Palo Alto Networks Cortex XSOAR is how user-friendly it is for development. It is much simpler to work with compared to similar tools I've used. If you can think of it, you can probably do it. However, there are some limitations, but speed isn't one of them.

View full review »
Cemil Altug - PeerSpot reviewer
Hybrid Cyber Security Team Lead at dndx

Palo Alto is easy to use. 

View full review »
reviewer1480533 - PeerSpot reviewer
Vice President Global Technology Infrastructure Automation at a financial services firm with 10,001+ employees

The solution is very reliable. The performance is great.

The scalability of the solution is excellent. 

We find the solution to be very robust. Palo Alto has been in the industry a long time and the solution reflects that.

The initial setup is very straightforward. It's not hard to deploy.

View full review »
Rodrigo AlexiPizarro - PeerSpot reviewer
IT Operations Deputy Manager at Ultramar Agencia Marítima

The most valuable features of Palo Alto Networks Cortex XSOAR are the remote controller from the workstation that can execute commands and isolate the systems outside of the network. Only the system with an internet connection can execute the task because the main console is in the cloud.

View full review »
ShubhamAgarwal - PeerSpot reviewer
Specialist - Information Security at LPI

Cortex XSOAR's most valuable features are the playbooks, custom integration, the machine-learning model, and the layout, classifier, and mapper.

View full review »
Nick Rama - PeerSpot reviewer
System Engineer at Nexus Technologies,Inc.

The strengths of Palo Alto Networks Cortex XSOAR stem from the fact that it provides functionalities related to patching and URL blocking, and its strengths are the major reason why I recommend the product to others.

View full review »
reviewer2125281 - PeerSpot reviewer
Intern Cybersecurity at a computer software company with 10,001+ employees

The drag-and-drop interface enables analysts with no programming knowledge to create playbooks easily. 

View full review »
reviewer2284569 - PeerSpot reviewer
Manager at a financial services firm with 5,001-10,000 employees

Many different playbooks are available and can be customized. 

View full review »
Chetankumar Savalagimath - PeerSpot reviewer
Delivery Manager at a tech services company with 1,001-5,000 employees

The solution has very good integration capabilities. It's really the best at integration. Inside every integration, there are certain commands which we can call upon, which makes it very useful as a product.

The automation is excellent. 

The product is very robust.

With this solution, we can do dynamic remediation.

It's a product that is constantly upgrading and improving.

It's a user-friendly solution.

Technical support is very helpful and responsive.

View full review »
HendrikDu Plooy - PeerSpot reviewer
Business Development Manager at a tech services company with 11-50 employees

The advanced security capabilities and the automation available with the solution are the most valuable solution. Moreover, the scalability and ease of management are additional benefits.

View full review »
reviewer2666148 - PeerSpot reviewer
Associate Director at a financial services firm with 10,001+ employees

It was useful as a ticketing tool. However, it's been discontinued. 

View full review »
DL
Sales engineer at MUK

It is pretty modern. 

It has a lot of integrations. They have a portal where you can find any kind of integration that you need. The ability to integrate with third-party vendors and solutions is great. 

They have a big amount of playbooks. These are a set of actions that you need to perform based on some exact incident. For example, if you find malware, you will need to block an endpoint. If you find a botnet that is connecting to your infrastructure, you will need to block this botnet on the firewall. This set of playbooks that XSOAR already has inside it is really huge, and it is also great for a lot of informational security or managers and engineers that can just choose what they need and not have to create anything from the scratch.

The initial setup is straightforward. 

View full review »
DS
Consultant at a tech services company with 501-1,000 employees

The most valuable features are the orchestration because of the way in which it coordinates the loss from all the devices and it provides us with a high-level overview of the critical log information. Additionally, this solution integrates very well, we have integrated a Palo Alto firewall and everything is working perfectly.

View full review »
reviewer1520922 - PeerSpot reviewer
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees

We've only just installed the solution and need time to explore its functionality and capabilities. So far, we haven't experienced any issues.

The stability has been good overall.

The initial implementation wasn't overly complex. It was easy.

The pricing is very good.

Technical support is helpful and responsive.

View full review »
SA
Network Security Engineer at a tech services company with 201-500 employees

The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work.

View full review »
it_user1333062 - PeerSpot reviewer
Director at a tech services company with 11-50 employees

The most valuable features are simplicity and ease of integration.

The documentation is fantastic.

View full review »
reviewer1232895 - PeerSpot reviewer
Commercial Director at a security firm with 11-50 employees

I am satisfied with the product overall.

View full review »
SA
CyberSecurity Consultant at Information Technology Solutions- ITS

The solution is user-friendly and provides integration with multiple products.

View full review »
reviewer1446645 - PeerSpot reviewer
Network and Information Security at a tech services company with 10,001+ employees

According to Gartner, it's a leader in NID. Customers are investing more in it, and that's why we are using the product.

View full review »
reviewer1367535 - PeerSpot reviewer
Security Professional at a tech services company with 51-200 employees

The most valuable feature is automation. There is a huge variety of automation that can help any team and there is a threat model.

View full review »
AYOUB ECH-CHKAF - PeerSpot reviewer
Security Operations Center Analyst (L2 at Thales

The solution has the best processing and incident analysis features.

View full review »
NN
None at Invecto

NGFW and Cortex are the best features of the product. The solution provides threat intelligence with EDR. The most interesting part is that the product uses artificial intelligence and machine learning capabilities.

View full review »
reviewer1726734 - PeerSpot reviewer
Supervisor SOC at a tech services company with 51-200 employees

I have found the solution very useful, it integrates well with other platforms.

View full review »
reviewer2208075 - PeerSpot reviewer
Cyber Security Analyst at a tech services company with 11-50 employees

It is a good tool for automation. The product is quite easy to use. It provides great integrations.

View full review »
Buyer's Guide
Palo Alto Networks Cortex XSOAR
June 2025
Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,481 professionals have used our research since 2012.