Try our new research platform with insights from 80,000+ expert users

Cortex XSIAM vs ServiceNow Security Operations comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XSIAM
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
12
Ranking in other categories
Security Information and Event Management (SIEM) (17th), Identity Threat Detection and Response (ITDR) (6th), AI-Powered Cybersecurity Platforms (7th)
ServiceNow Security Operations
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
20
Ranking in other categories
Security Incident Response (2nd), Security Orchestration Automation and Response (SOAR) (8th), Risk-Based Vulnerability Management (10th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Cortex XSIAM is designed for Security Information and Event Management (SIEM) and holds a mindshare of 2.8%, up 0.6% compared to last year.
ServiceNow Security Operations, on the other hand, focuses on Security Incident Response, holds 19.2% mindshare, up 12.6% since last year.
Security Information and Event Management (SIEM)
Security Incident Response
 

Featured Reviews

AKASH MAJUMDER - PeerSpot reviewer
Incident response times have significantly reduced with efficient device integration and log parsing capabilities
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports. Additionally, a future update request is to enable tagging of endpoints in groups, similar to a feature available in Cortex XDR. The AI analytics need fine-tuning because some use cases are not working from my side.
KishoreKumar4 - PeerSpot reviewer
A low-cost and open-source tool for incident and change management
If we encounter challenges while deploying, we raise incidents. These incidents are categorized by priority: high, medium, and low. We assign an incident number and notify the relevant teams to address the issue. For instance, if we experience a problem with Cloud services or any other issue, we…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I would give Cortex XSIAM a rating of ten out of ten."
"Cortex XSIAM enhances our ability to apply endpoint protection policies, implement restrictions, conduct scans, and engage in sandboxing."
"It is an effective solution in terms of performance and functionalities."
"The automation capabilities significantly improve response times by allowing us to respond to incidents from a single dashboard rather than navigating multiple dashboards."
"The flexibility for creating manual workflows stands out."
"The flexibility for creating manual workflows stands out."
"One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities."
"It does a better job of identifying anomalies that are more likely to be incidents of compromise without as many false positives or false negatives."
"The product has a very simple UI."
"Reduces time to closure and closure metrics for vulnerabilities."
"ServiceNow Security Operations also takes care of GRC, governance, risk and compliance, enabling it to provide risk assessment."
"It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities."
"The SOAR module of ServiceNow Security Operations is the most valuable feature"
"The solution is stable."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"ServiceNow is a convenient platform to raise tickets, and the respective support team will contact us to resolve any issues."
 

Cons

"The support could be a bit faster."
"The platform isn't very developer-friendly and it should provide more flexibility and ease."
"Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable compared to CrowdStrike."
"Further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous."
"I am not sure if any improvements are needed right now."
"The first impression is that XSIAM would be more expensive than others we tried."
"The solution’s pricing and technical support could be improved."
"Cortex could improve the detection and online resolution of security vulnerabilities."
"We'd like customization to be easier in terms of the UI and using the dashboards."
"The product is called SecOps, but it is not security operations in terms of SIEM solutions."
"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."
"There is room for improvement in terms of developer support and documentation."
"There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."
"Report generation within ServiceNow can take some time."
"An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate. As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution."
"Report generation within ServiceNow can take some time. Additionally, there are occasional issues when raising a ticket, which can also consume time."
 

Pricing and Cost Advice

"The solution is expensive compared to its competitors."
"In terms of pricing, we found Cortex XSIAM to offer a very reasonable and competitive rate."
"The solution comes at a significant cost."
"Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."
"The product cost could be considered value for money compared to other solutions in the market, though it is quite high."
"The solution is more expensive than BMC Remedy, the other ITSM tool available in the market."
"If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that."
"This product is a good value for the money."
"The product is more expensive than other solutions."
"It is an expensive product."
"Compared to competitor tools, ServiceNow Security Operations is more affordable"
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Manufacturing Company
10%
Financial Services Firm
10%
Government
7%
Financial Services Firm
20%
Manufacturing Company
11%
Computer Software Company
9%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Cortex XSIAM?
It is an effective solution in terms of performance and functionalities.
What is your experience regarding pricing and costs for Cortex XSIAM?
The licensing cost of Cortex XSIAM is more or less the same as Splunk, making it quite expensive compared to other tools. There are additional expenses for more functionalities.
What needs improvement with Cortex XSIAM?
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports. Additionally, a future update request is to enable tagging of endpoints in groups, simila...
What do you like most about ServiceNow Security Operations?
The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product.
What is your experience regarding pricing and costs for ServiceNow Security Operations?
The product is more expensive than other solutions like Archer but offers more features, making the pricing justifiable.
What needs improvement with ServiceNow Security Operations?
Report generation within ServiceNow can take some time. Additionally, there are occasional issues when raising a ticket, which can also consume time.
 

Overview

 

Sample Customers

Information Not Available
DXC Technology, Freedom Security Alliance, Prime Therapeutics, Seton Hall University, York Risk Services
Find out what your peers are saying about Splunk, Wazuh, Microsoft and others in Security Information and Event Management (SIEM). Updated: April 2025.
849,190 professionals have used our research since 2012.