Information Security Manager at a retailer with 10,001+ employees
Real User
Top 5
Mar 3, 2021
I think most of them understand "de-facto standards" very well (including Palo Alto - if that doesn't happen the problem is with PA and not with SIEM). Although the question is "excellent and specific", I would be concerned with a SIEM that works better with EVERYONE asset and less with a specific product/3rd party (because in long-term it will be just another datasource of your correlation ecosystem).
Search for a product comparison in Security Information and Event Management (SIEM)
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
Cortex XDR by Palo Alto Networks delivers comprehensive endpoint security, integrating well with other systems to offer robust threat detection and real-time protection through AI-driven analytics.
Cortex XDR by Palo Alto Networks offers advanced endpoint protection and threat detection through AI and behavior-based analytics. Its user-friendly design simplifies integration with firewalls, delivering multi-layered protection with low resource consumption. Valued for policy management, USB...
I think most of them understand "de-facto standards" very well (including Palo Alto - if that doesn't happen the problem is with PA and not with SIEM). Although the question is "excellent and specific", I would be concerned with a SIEM that works better with EVERYONE asset and less with a specific product/3rd party (because in long-term it will be just another datasource of your correlation ecosystem).
Hi Sanguan,
its "quite easy" there are only two option, if you go for the best.
One is Q-Radar, as recommended below the other one is of course splunk.
https://www.paloaltonetworks.c...
In terms of easyness of use, quickness of installation, speed of adaptation (dynamic serach) splunk is #1
If you take required manpower in account you should accept Splunk Licence costs (TCO).
On the other hand Q-Radar is a well proven tool.
In my humble opinion everthig else is 2nd Choice.
Best Regards
Norman
Palo Alto Networks and IBM have partnered to deliver logging extensions for Palo Alto Networks Cortex XDR for the widely used IBM QRadar SIEM.
Referenece : IBM Security App Exchange - Cortex XDR for QRadar (ibmcloud.com)
I would advise not using LogRhythm. They do not have a log parser for the Cortex.
Splunk works well with it. You do have to setup a log forwarder in Cortex though (that would apply for any SIEM).
Hi @Wouter Hindriks, @Mantu Shaw, @Dwayne Samson, @Ken Shaurette and @Darshil Sanghvi ,
Do you have any insights to assist with this question? Thanks.
Any of the mainstream SIEM tools will integrate well with Cortex XDR - QRadar, Splunk, Exabeam, etc.
The other question is which is the best SOAR partner - Demisto from Palo Alto should be a good bet here.