The main area for improvement is the user interface intuitiveness - specifically how quickly users can grasp the portal functionality. For SOC analysts, the focus should be on improving the speed of accessing defined searches and filtering capabilities. While Palo Alto performs adequately in these areas, there is always room for enhancement. They can continue to improve the search functionality and defined results presentation.
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports. Additionally, a future update request is to enable tagging of endpoints in groups, similar to a feature available in Cortex XDR. The AI analytics need fine-tuning because some use cases are not working from my side.
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable compared to CrowdStrike. CrowdStrike offers an annual recurring revenue option that Cortex XSIAM does not provide.
Associate Director at a financial services firm with 10,001+ employees
Real User
Top 20
2025-02-20T08:50:00Z
Feb 20, 2025
The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long. The solution would benefit from having more standard playbooks and templates available, as in other partners. Currently, everything must be created from scratch. In terms of incident response automation, it is quite poor due to the lack of integration with all security tools, making manual intervention necessary.
Cortex could improve the detection and online resolution of security vulnerabilities. We hope that the artificial intelligence in Cortex will assist in optimizing responses to vulnerabilities.
TAC Engineer at a tech services company with 10,001+ employees
MSP
Top 20
2024-09-30T06:56:00Z
Sep 30, 2024
I am not sure if any improvements are needed right now. The current features are satisfactory, and new features are implemented following customer feature requests.
Senior Manager - Security Operations at First Advantage Corporation
Real User
Top 10
2023-09-28T14:59:50Z
Sep 28, 2023
There is room for improvement in some areas, and I would highlight three key aspects. Firstly, the Attack Surface Management (ASM) module could benefit from more contextual depth. Currently, it tends to provide a broad overview without enriched context, and there's room for enhancement in this regard. Secondly, further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous. This would enhance its versatility and interoperability within a broader ecosystem. Regarding performance, there's potential for optimization. When multiple tabs are open in Cortex XSIAM, it can experience slowdowns, leading to longer load times for web pages. It's worth noting that this isn't a severe issue, and it doesn't entail waiting for extended periods, but there is room for improvement in terms of performance optimization.
Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.
Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to...
The main area for improvement is the user interface intuitiveness - specifically how quickly users can grasp the portal functionality. For SOC analysts, the focus should be on improving the speed of accessing defined searches and filtering capabilities. While Palo Alto performs adequately in these areas, there is always room for enhancement. They can continue to improve the search functionality and defined results presentation.
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports. Additionally, a future update request is to enable tagging of endpoints in groups, similar to a feature available in Cortex XDR. The AI analytics need fine-tuning because some use cases are not working from my side.
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable compared to CrowdStrike. CrowdStrike offers an annual recurring revenue option that Cortex XSIAM does not provide.
The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long. The solution would benefit from having more standard playbooks and templates available, as in other partners. Currently, everything must be created from scratch. In terms of incident response automation, it is quite poor due to the lack of integration with all security tools, making manual intervention necessary.
Cortex could improve the detection and online resolution of security vulnerabilities. We hope that the artificial intelligence in Cortex will assist in optimizing responses to vulnerabilities.
I am not sure if any improvements are needed right now. The current features are satisfactory, and new features are implemented following customer feature requests.
There is room for improvement in expanding integrations to include more cybersecurity solutions.
It could provide more integration with a large variety of products.
There is room for improvement in the support. It could be a bit faster.
The solution’s pricing and technical support could be improved.
There is room for improvement in some areas, and I would highlight three key aspects. Firstly, the Attack Surface Management (ASM) module could benefit from more contextual depth. Currently, it tends to provide a broad overview without enriched context, and there's room for enhancement in this regard. Secondly, further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous. This would enhance its versatility and interoperability within a broader ecosystem. Regarding performance, there's potential for optimization. When multiple tabs are open in Cortex XSIAM, it can experience slowdowns, leading to longer load times for web pages. It's worth noting that this isn't a severe issue, and it doesn't entail waiting for extended periods, but there is room for improvement in terms of performance optimization.