2020-07-28T13:32:00Z
Sanguan Treejareonwiwat - PeerSpot reviewer
President at Chunbok Company Limited
  • 6
  • 1668

Which SIEM is best fit with Palo Alto Cortex XDR?

Can anyone advise on which SIEM will work best with Palo Alto Cortex XDR?

Thanks!

6
PeerSpot user
6 Answers
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Real User
Top 5Leaderboard
2021-03-03T15:27:50Z
Mar 3, 2021

I think most of them understand "de-facto standards" very well (including Palo Alto - if that doesn't happen the problem is with PA and not with SIEM). Although the question is "excellent and specific", I would be concerned with a SIEM that works better with EVERYONE asset and less with a specific product/3rd party (because in long-term it will be just another datasource of your correlation ecosystem).

Search for a product comparison in Security Information and Event Management (SIEM)
Norman Freitag - PeerSpot reviewer
Account-Manager at Consist ITU Environmental Software GmbH
Real User
Top 5
2021-03-08T11:49:23Z
Mar 8, 2021

Hi Sanguan,



its "quite easy" there are only two option, if you go for the best.


One is Q-Radar, as recommended below the other one is of course splunk.


https://www.paloaltonetworks.c...


In terms of easyness of use, quickness of installation, speed of adaptation (dynamic serach) splunk is #1


If you take required manpower in account you should accept Splunk Licence costs (TCO).


On the other hand Q-Radar is a well proven tool.


In my humble opinion everthig else is 2nd Choice.



Best Regards


Norman




MK
Deputy Technical Manager (SOC Operations) at a tech services company with 1,001-5,000 employees
Real User
Top 5
2021-03-04T07:43:36Z
Mar 4, 2021


Palo Alto Networks and IBM have partnered to deliver logging extensions for Palo Alto Networks Cortex XDR for the widely used IBM QRadar SIEM.


Referenece : IBM Security App Exchange - Cortex XDR for QRadar (ibmcloud.com)


MD
Information Security Architect at H5
User
2021-03-03T21:13:10Z
Mar 3, 2021

I would advise not using LogRhythm. They do not have a log parser for the Cortex. 


Splunk works well with it. You do have to setup a log forwarder in Cortex though (that would apply for any SIEM). 

Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Community Manager
2021-12-17T04:27:02Z
Dec 17, 2021

Hi @Wouter Hindriks, @Mantu Shaw, @Dwayne Samson, @Ken Shaurette ​and @Darshil Sanghvi ,


Do you have any insights to assist with this question? Thanks.

DB
Security Sales Consultant at Google, LLC
Reseller
2021-12-10T15:56:00Z
Dec 10, 2021

Any of the mainstream SIEM tools will integrate well with Cortex XDR -  QRadar, Splunk, Exabeam, etc. 


The other question is which is the best SOAR partner - Demisto from Palo Alto should be a good bet here.

Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
655,994 professionals have used our research since 2012.
Related Questions
Ammar Jibarah - PeerSpot reviewer
IT Security at Aramex
Sep 8, 2022
Hi community, I work as an IT Security person at a large Logistics company. At the moment, I'm researching these 2 products for my organization: Microsoft Defender for Endpoint and Cortex XDR by Palo Alto Networks. Most comparisons and reviews I found were done in late 2021 and early 2022. As of now, considering all Microsoft Updates on their Defender, which product would you prefer to use?...
2 out of 3 answers
Zubair Ahmad - PeerSpot reviewer
Chief Manager at Arcil
Sep 7, 2022
I have not used Microsoft Defender and only used Cortex XDR by Palo Alto Networks. My experience with Cortex is not good as you need to whitelist each and every exe file of each adn every computer. My recommendation for you is to go for Cynet360 MDR which is far better than Cortex in terms of auto detection and remediation. You will get genuine alert.
JH
Director, Customer Success at SecureWorks
Sep 7, 2022
I would go for the one with the best independent threat intelligence, a platform that allows you to change, add, move IT and Security infrastructure without impacting your security platform.  I would also place a close attention to storage costs, service levels and the number of resources providing human intelligence on top of machine intelligence for investigation and incident response, all in one platform.  But I am biased ;-)
Jorge Pizarro - PeerSpot reviewer
Senior Engineer at Neosecure
Oct 30, 2021
Hi, What are the biggest differences between BlackBerry Protect vs Cortex XDR by Palo Alto Networks? Thanks
See 1 answer
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Oct 30, 2021
Hello @DeAndre Valentine, @Donald Dindial, @Mayur Jadhav ​and @KostiantynFrolov. Can you chime in here to share your professional knowledge with the community? Thanks.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Aug 5, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top Extended Detection and Response (XDR...
See 1 comment
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Aug 5, 2022
Well, some times ago, EDR agents was moved to XDR but now, XDR is on "peak of inflated expectations", the second of five phases in product development hype. I'd rather wait a little bit, may be ZDR :)
Navcharan Singh - PeerSpot reviewer
Senior Seo Executive at Ace Cloud Hosting
Oct 7, 2022
Security Information and Event Management (SIEM) solutions differ significantly from firewalls. While both security solutions are integral components of cybersecurity infrastructure, they have different capabilities, functions, and roles. Do you need SIEM if you already have a firewall? If you have questions about the difference between SIEM and firewall, you have come to the right place....
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Apr 4, 2022
Hi peers, This is our new Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members. Trending Is RPA beneficial for a healthcare organization? With the increasing risk of cyber attacks in the west, due to the war in Ukraine, how safe is your data in the cloud? Articles 8 Business Automation Ideas to Save Time and...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Mar 18, 2022
Hi community members, Here we go with a new Community Spotlight. We publish it to help YOU catch up on recent contributions by community members. Trending What open-source HCI solution do you recommend? How much time does SSO save? What are the main technical differences between Microsoft Power Automate and Blue Prism? Articles Top HCI in 2022 What is Web Design? The Ultima...
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Aug 5, 2022
Top 8 Extended Detection and Response (XDR) Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Navcharan Singh - PeerSpot reviewer
Senior Seo Executive at Ace Cloud Hosting
Oct 7, 2022
SIEM vs. Firewall
Security Information and Event Management (SIEM) solutions differ significantly from firewalls. W...
Download Free Report
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
DOWNLOAD NOW
655,994 professionals have used our research since 2012.