We performed a comparison between NetWitness XDR and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The connectivity and analytics are great."
"We have no complaints about the features or functionality."
"It's pretty powerful and its performance is pretty good."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The automation feature is valuable."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"Free ingestion for Azure logs (with E5 licence)"
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"The stability of the RSA NetWitness Endpoint is very good."
"Ability to isolate the machine when there are malicious files."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"It is stable. We have been using it for some time, without any issues."
"The solution is user-friendly and easy to configure."
"I have no complaints about Cortex's stability."
"It is a scalable solution. I would rate scalability a ten out of ten."
"For organizations that are stable with their security operations, like those with around 50 members in their security team running full-phased operations 24/7, Cortex is necessary."
"The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features"
"It is a scalable solution."
"I have found the solution very useful, it integrates well with other platforms."
"The product can automate security tasks."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"I think the number one area of improvement for Sentinel would be the cost."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"The initial setup requires a high level of skill."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"The contamination feature could be improved."
"The solution lacks a reporting engine."
"Threat detection could be better."
"We need a little hands-on experience to install the solution."
"The price of the solution could be improved."
"The dashboard performance could be improved."
"There is room for improvement in support. The response time could be faster."
"It's only one cloud right now. It might be helpful for some companies to have an on-premies option."
"XSOAR could have more integration options."
"Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners."
"I think they should increase their collaboration base."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
NetWitness XDR is ranked 15th in Security Orchestration Automation and Response (SOAR) with 15 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. NetWitness XDR is rated 8.0, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Corelight, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient. See our NetWitness XDR vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.