Cortex XSIAM vs Splunk SOAR comparison

The compared Palo Alto Networks and Splunk solutions aren't in the same category. Palo Alto Networks is ranked #14 in SIEM , with an average rating of 9.0, and holds a 2.5% mindshare in the category. Splunk is ranked #3 in SOAR , with an average rating of 8.1, and holds a 7.2% mindshare. Additionally, 100% of Palo Alto Networks users are willing to recommend the solution, compared to 87% of Splunk users who would recommend it.

Cortex XSIAM

Read 9 Cortex XSIAM reviews

1,890 Views
1,337 Comparison Views

100% willing to recommend

Splunk SOAR

Read 43 Splunk SOAR reviews

4,898 Views
2,961 Comparison Views

87% willing to recommend

Cortex XSIAM

Splunk SOAR

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Dec 8, 2024

Splunk SOAR and Cortex XSIAM are competitors in the security software market, focusing on providing robust security orchestration and threat management solutions. Splunk SOAR seems to have the upper hand due to its strong automation, integration, and playbook customization capabilities.

Features: Splunk SOAR is notable for its automation in streamlining processes, varied integration possibilities, and extensive playbook customization, reducing manual efforts. Its documentation and flexibility in security orchestration are also significant. Cortex XSIAM stands out with machine learning for threat detection, integration with third-party systems, and its focus on unified detection across diverse systems.

Room for Improvement: Splunk SOAR requires better API integration and documentation, improved analytics, and a user-friendly playbook editor. It also needs better IAM integration, case management, scalability, and cost management. Cortex XSIAM could benefit from an enhanced Attack Surface Management module, optimized performance with multiple tabs, and improved integration and flexibility for developers, alongside pricing and support service enhancements.

Ease of Deployment and Customer Service: Splunk SOAR offers deployment flexibility across hybrid environments, receiving praise for its responsive support and dedicated account management. While its documentation is beneficial, technical support experiences vary. Cortex XSIAM is mainly deployed on public cloud platforms, with users requesting faster support responses and better documentation and integration assistance, compared to the more comprehensive support structure of Splunk.

Pricing and ROI: Splunk SOAR uses a subscription model often seen as costly for small to medium enterprises. Despite high licensing costs, its capabilities justify expenses through process improvements, although initial setup results in slow ROI. Cortex XSIAM offers competitive pricing, viewed as reasonable against industry standards yet still costly by some. It provides value with strong threat management features, offering ROI through cost-effective service contracts despite high initial expenses.

To learn more, read our detailed Security Information and Event Management (SIEM) Report (Updated: January 2025).

Buyer's Guide

Security Information and Event Management (SIEM)

January 2025

Download the complete report

Helped 838,713 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XSIAM

Average Rating

8.4

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (14th), Identity Threat Detection and Response (ITDR) (6th), AI-Powered Cybersecurity Platforms (8th)

Splunk SOAR

Average Rating

8.2

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (3rd)

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Cortex XSIAM is designed for Security Information and Event Management (SIEM) and holds a mindshare of 2.5%, up 0.4% compared to last year.
Splunk SOAR, on the other hand, focuses on Security Orchestration Automation and Response (SOAR), holds 7.2% mindshare, down 8.7% since last year.

Security Information and Event Management (SIEM)

Security Orchestration Automation and Response (SOAR)

Featured Reviews

Forrest Stevens

Senior Manager - Security Operations at First Advantage Corporation

A robust security operation that ensures achieving automation, stability, and scalability

There is room for improvement in some areas, and I would highlight three key aspects. Firstly, the Attack Surface Management (ASM) module could benefit from more contextual depth. Currently, it tends to provide a broad overview without enriched context, and there's room for enhancement in this regard. Secondly, further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous. This would enhance its versatility and interoperability within a broader ecosystem. Regarding performance, there's potential for optimization. When multiple tabs are open in Cortex XSIAM, it can experience slowdowns, leading to longer load times for web pages. It's worth noting that this isn't a severe issue, and it doesn't entail waiting for extended periods, but there is room for improvement in terms of performance optimization.

Read full review

Shubham Sinha.

Senior Principal Information Security Analyst at Veritas Technologies LLC

Helped eliminate repetitive and redundant tasks, but custom functions and reporting need a lot of work

The visibility of the solution’s playbook viewer depends on the right you assign to the analyst. SOAR has the flexibility to distinguish between the roles of analyst and owner. If the analyst's role is to just work on a ticket, they cannot view the playbook design platform. That is limited to the owner. That can be both a good and bad thing. A major problem I have faced in SOAR's rights distribution is roles and responsibilities. Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch, just to amend the rights and responsibilities of one role. This bug was not fixed. Also, the latest GUI is terrible. The previous one was better. Another point is that while using Splunk SOAR in an investigation is not difficult, there are some complex parameters. We have SOAR case management, but the licensing is going to put a big hole in your pocket. Also, there is an issue with investigation node addition. When you are doing node additions you cannot grant the entire environment to have SOAR visibility into the incident. So when you integrate it with an ITSM tool, like ServiceNow or Jira for ticketing purposes, there is a challenge. When you do nodes for investigation on a regular basis, sometimes it does not update our ServiceNow platform, which is terrible. It is a redundant activity for an analyst to update that in the case management as well as in the ITSM tool. Although SOAR provides integration, the functionality of investigation and nodes is terrible when it comes to integration. An additional area for improvement is custom function creation. It's terrible. A newbie cannot create custom functions right away. They would require a solid understanding first. Also, the reporting is really awful. If I want to do a report for a customized time period, such as the last three days or the last four days, or from the 10th to the 12th of June, that is not available in SOAR at all. That kind of feature is available in Cortex XSOAR. Reporting is a real challenge.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The flexibility for creating manual workflows stands out."

"The automation capabilities significantly improve response times by allowing us to respond to incidents from a single dashboard rather than navigating multiple dashboards."

"The most valuable feature is the integration capability."

"The flexibility for creating manual workflows stands out."

"One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities."

"Its ability to deliver a substantial amount of security intelligence greatly enhances and optimizes our security operations program."

"The most valuable features of Cortex XSIAM are the machine learning used to identify threats, the complexity of the environment of products, and efficiency."

"It does a better job of identifying anomalies that are more likely to be incidents of compromise without as many false positives or false negatives."

More Cortex XSIAM pros

"Splunk integrates with so many products. It provides us with good information for us to be able to do our jobs."

"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."

"The solution’s dashboard is really good and customizable. It also has a good UI."

"In Splunk SOAR, I find the playbooks valuable. We get to create multiple playbooks, and within each playbook, there is a different type of investigation attached to it, which helps out an analyst or new analysts coming on board."

"Very flexible integration with other tools"

"Scalability is the best feature of the solution."

"Splunk has many features that make work easier, and it's simple to implement in a large production environment. Splunk collects a massive amount of data from cloud servers and handles it perfectly."

"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."

More Splunk SOAR pros

Cons

"The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long."

"Cortex could improve the detection and online resolution of security vulnerabilities."

"The standard integrations are very limited, and the integrations available are not listed in the marketplace."

"Further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous."

"The platform isn't very developer-friendly and it should provide more flexibility and ease."

"The solution’s pricing and technical support could be improved."

"The first impression is that XSIAM would be more expensive than others we tried."

"I am not sure if any improvements are needed right now."

More Cortex XSIAM cons

"Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much."

"Unfortunately, not all of our analysts are iPhone users or iOS users. The mobile app is only supported on iOS. Our analysts who have Android do not have that benefit. That would be a nice thing to have so that we can have it across the board and not just for iOS."

"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks."

"have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning."

"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."

"The technical support for the Splunk SIEM solution was average."

"I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region."

"Some of the training materials are on a basic level."

More Splunk SOAR cons

Pricing and Cost Advice

"The solution comes at a significant cost."

"In terms of pricing, we found Cortex XSIAM to offer a very reasonable and competitive rate."

"The solution is expensive compared to its competitors."

"The product cost could be considered value for money compared to other solutions in the market, though it is quite high."

"Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."

"I found the price of Splunk SOAR to be good."

"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."

"I don't know the exact price, but for my region, it is very expensive."

"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."

"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."

"It's very overpriced because it is based on the number of users. There is no bulk licensing."

"The licensing cost is reasonable."

"Splunk SOAR is an expensive solution for an organization of our size."

More Splunk SOAR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

838,713 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

14%

Manufacturing Company

10%

Financial Services Firm

10%

Government

Computer Software Company

14%

Financial Services Firm

13%

Manufacturing Company

11%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Cortex XSIAM?

It is an effective solution in terms of performance and functionalities.

See all answers

What is your experience regarding pricing and costs for Cortex XSIAM?

The first impression is that XSIAM would be more expensive than others we tried.

See all answers

What needs improvement with Cortex XSIAM?

Cortex could improve the detection and online resolution of security vulnerabilities. We hope that the artificial intelligence in Cortex will assist in optimizing responses to vulnerabilities.

See all answers

What do you like most about Splunk Phantom?

Splunk SOAR's quick response to incidents is the most valuable part.

See all answers

What is your experience regarding pricing and costs for Splunk Phantom?

I rate Splunk SOAR two out of 10 for affordability. Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all ...

See all answers

What needs improvement with Splunk Phantom?

The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginne...

See all answers

Comparisons

Palo Alto Networks Cortex XSOAR vs Cortex XSIAM

Compared 39% of the time

Microsoft Sentinel vs Cortex XSIAM

Compared 16% of the time

IBM Security QRadar vs Cortex XSIAM

Compared 10% of the time

CrowdStrike Falcon vs Cortex XSIAM

Compared 6% of the time

Microsoft Defender for Identity vs Cortex XSIAM

Compared 3% of the time

More Cortex XSIAM Competitors

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Compared 18% of the time

Tines vs Splunk SOAR

Compared 9% of the time

Fortinet FortiSOAR vs Splunk SOAR

Compared 9% of the time

Torq vs Splunk SOAR

Compared 8% of the time

ServiceNow Security Operations vs Splunk SOAR

Compared 7% of the time

More Splunk SOAR Competitors

Product Reports

Buyer's Guide

Security Information and Event Management (SIEM)

January 2025

Download Cortex XSIAM product report

Buyer's Guide

Splunk SOAR

January 2025

Download Splunk SOAR product report

Also Known As

No data available

Phantom

Overview

Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.

Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.

What are Cortex XSIAM's key features?

Security Orchestration: Streamlines processes across security operations.
Automation and Response: Efficient incident response management.
Detection Enrichment: Enhances identification of threats.
Centralized Endpoint Security: Comprehensive protection and monitoring of endpoints.
Forensic Investigation: Automated investigation to expedite threat analysis.

What benefits are evident in Cortex XSIAM reviews?

Cost-Effectiveness: Provides economical options compared to other market players.
Comprehensive Integration: Seamlessly integrates with multiple data sources and vendors.
Reduced Management Effort: Simplifies the administration of security operations.
Enhanced Threat Detection: Strengthens identification and remediation processes.

Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.

Palo Alto Networks

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Splunk

Sample Customers

Information Not Available

Recorded Future, Blackstone

Buyer's Guide

Security Information and Event Management (SIEM)

January 2025

Download Free Report

Find out what your peers are saying about Splunk, Wazuh, Microsoft and others in Security Information and Event Management (SIEM). Updated: January 2025.

DOWNLOAD NOW

838,713 professionals have used our research since 2012.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.