Splunk SOAR and Cortex XSIAM compete in the security automation tools category. Splunk SOAR is preferred for its extensive integration capabilities despite its higher pricing, while Cortex XSIAM is recognized for its strong machine learning but faces integration issues.
Features: Splunk SOAR is known for its risk-based access control, flexible team collaboration, and automated phishing attempt handling. It also provides playbook flexibility and robust API integration. Cortex XSIAM offers strong machine learning for comprehensive threat analysis, supports endpoint protection, and provides API integrations for improved detection power.
Room for Improvement: Splunk SOAR requires improvements in integration, documentation, and search capabilities. Enhancements are needed in its playbook editor and case management feature. Cortex XSIAM faces challenges with third-party system integration and requires enhanced support response and performance optimization.
Ease of Deployment and Customer Service: Splunk SOAR offers flexibility with private, public, on-premises, and hybrid cloud models, and has responsive customer service. Cortex XSIAM focuses on public cloud deployment and offers good technical support but requires faster response times.
Pricing and ROI: Splunk SOAR is expensive but provides value with a flexible pricing model and significant ROI through automation. Cortex XSIAM's pricing is competitive but can be higher with add-ons and offers comprehensive security features.
It is ineffective in terms of responding to basic queries and addressing future requirements.
The Palo Alto support team is fully responsive and helpful.
Splunk's technical support is very good and generally not needed often due to the stable environment.
Without proper integration, scaling up with more servers is meaningless.
Cortex XSIAM is highly scalable.
It can be extended and adapted as necessary.
The product was easy to install and set up and worked right.
Overall, Cortex XSIAM is stable.
Splunk SOAR provides a stable environment and technology.
In terms of incident response automation, it is quite poor due to the lack of integration with all security tools, making manual intervention necessary.
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable compared to CrowdStrike.
Although it enhances alert handling, it still has a journey to compete with Palo Alto SOAR and FortiSOAR.
To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced lifecycle management.
The product is very expensive.
The first impression is that XSIAM would be more expensive than others we tried.
The licensing cost of Cortex XSIAM is more or less the same as Splunk, making it quite expensive compared to other tools.
Splunk SOAR is moderately priced, neither cheap nor overly expensive.
Splunk SOAR is affordable cost-wise only.
Its signature-less subscriptions and robust detection power stand out in improving threat detection.
Cortex XSIAM is able to detect abnormal behavior of malicious code and subsequently block it.
One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities.
Creating playbooks using the Playbook Editor in Splunk SOAR is easy. The editor is designed to be user-friendly with visual drag and drop features, allowing for easy workflows without writing any code.
The customization of the playbook in Splunk SOAR is very beneficial.
Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.
Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.
What are Cortex XSIAM's key features?
What benefits are evident in Cortex XSIAM reviews?
Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.
Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.
Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.
Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.
Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.
Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
