We performed a comparison between IBM Security QRadar and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"We have no complaints about the features or functionality."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The automation feature is valuable."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"In terms of the most valuable features, the log collections and log processing mechanisms are good. They have good dashboards."
"Overall a great solution."
"It integrates very easily with other solutions. The solution is flexible. We can add anything to it, as it is a good companion to other tools."
"Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure."
"One very useful feature is the plug-in offering that allows you to integrate it with other solutions, such as integrating it with plug-ins like Scout, Carbon Black, and the rest."
"It helps us discover any threats with their alerts and tracking."
"It comes with many rules disabled. You can tune them and modify them according to your enterprise needs and avoid false positives."
"It has a powerful GUI where you can put together your use cases, and don't have to write your own scripts."
"I have no complaints about Cortex's stability."
"The most valuable feature is its capability to automate responses and collect information for any security event before you even delve into the details. It's a vast product with an active roadmap, so I'm satisfied with it for now. It's very efficient at data collection and correlation."
"I chose Cortex XSOAR because the client also has Palo Alto firewalls. I can incorporate the data from the Palo Alto firewalls into Cortex and send it into the same data lake to manipulate that data. It lets me manage and monitor the data in one place."
"Palo Alto has gotten the investigators more presence to actually go in the report because being that the platform will email the investigator that it's been assigned to, now the investigators will jump in there and start going through the review process a lot quicker."
"The automation is excellent."
"I have found the solution very useful, it integrates well with other platforms."
"It is quite scalable. I would rate it a ten out of ten."
"Many different playbooks are available and can be customized."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"The only thing is sometimes you can have a false positive."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The playbook is a bit difficult and could be improved."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"We'd like to see more connectors."
"You can scale IBM QRadar User Behavior Analytics, but it has room for improvement."
"The solution lacks some maturity."
"From a functionality point of view there are issues sometimes."
"Before we didn't have any security issues but recently a few of the user emails were hacked. We had to actually recreate their emails for them."
"The weak signal detection with QRadar needs improvement. You can detect what you know, but what is unknown to the rule engine can't be detected."
"QRadar needs to be improved on the storage side, particularly when the disc exceeded the maximum threshold."
"The implementation of the solution's technology needs to be simplified."
"The solution should include remote action capabilities."
"It is been decommissioned by Palo Alto."
"The solution's correlation rules and playbooks should be improved."
"The solution requires DV but does not support open-source DV elastic searches."
"For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added."
"There should be an on-premise version available for customers to have different choices."
"Palo Alto Networks Cortex XSOAR lacks to offer SIEM functionalities currently."
"When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot."
"They should provide integration with machine learning platforms."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
IBM Security QRadar is ranked 4th in Security Orchestration Automation and Response (SOAR) with 198 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. IBM Security QRadar is rated 8.0, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient. See our IBM Security QRadar vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.