2020-07-28T13:32:00Z

Which SIEM is best fit with Palo Alto Cortex XDR?

it_user1395831 - PeerSpot reviewer
  • 6
  • 979
PeerSpot user
6

6 Answers

Jairo Willian Pereira - PeerSpot reviewer
Real User
Top 5
2021-03-03T15:27:50Z
Mar 3, 2021

I think most of them understand "de-facto standards" very well (including Palo Alto - if that doesn't happen the problem is with PA and not with SIEM). Although the question is "excellent and specific", I would be concerned with a SIEM that works better with EVERYONE asset and less with a specific product/3rd party (because in long-term it will be just another datasource of your correlation ecosystem).

Search for a product comparison in Security Information and Event Management (SIEM)
NF
Real User
Top 20
2021-03-08T11:49:23Z
Mar 8, 2021

Hi Sanguan,



its "quite easy" there are only two option, if you go for the best.


One is Q-Radar, as recommended below the other one is of course splunk.


https://www.paloaltonetworks.c...


In terms of easyness of use, quickness of installation, speed of adaptation (dynamic serach) splunk is #1


If you take required manpower in account you should accept Splunk Licence costs (TCO).


On the other hand Q-Radar is a well proven tool.


In my humble opinion everthig else is 2nd Choice.



Best Regards


Norman




Murali Krishnan L - PeerSpot reviewer
Real User
Top 5Leaderboard
2021-03-04T07:43:36Z
Mar 4, 2021


Palo Alto Networks and IBM have partnered to deliver logging extensions for Palo Alto Networks Cortex XDR for the widely used IBM QRadar SIEM.


Referenece : IBM Security App Exchange - Cortex XDR for QRadar (ibmcloud.com)


MD
User
2021-03-03T21:13:10Z
Mar 3, 2021

I would advise not using LogRhythm. They do not have a log parser for the Cortex. 


Splunk works well with it. You do have to setup a log forwarder in Cortex though (that would apply for any SIEM). 

EB
Community Manager
2021-12-17T04:27:02Z
Dec 17, 2021

Hi @Wouter Hindriks, @Mantu Shaw, @Dwayne Samson, @Ken Shaurette ​and @Darshil Sanghvi ,


Do you have any insights to assist with this question? Thanks.

DB
Vendor
2021-12-10T15:56:00Z
Dec 10, 2021

Any of the mainstream SIEM tools will integrate well with Cortex XDR -  QRadar, Splunk, Exabeam, etc. 


The other question is which is the best SOAR partner - Demisto from Palo Alto should be a good bet here.

Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs...
Download Cortex XDR by Palo Alto Networks ReportRead more

Related Q&As

Security Information and Event Management (SIEM) experts

Prateek Agarwal - PeerSpot reviewer
Nagendra Nekkala. - PeerSpot reviewer
Olajide Olusegun - PeerSpot reviewer
Nagendra Nekkala - PeerSpot reviewer
Shashank N - PeerSpot reviewer
Shaamil Ashraff - PeerSpot reviewer
Derrick Brockel - PeerSpot reviewer
JA