Cortex XSIAM vs Splunk SOAR comparison

The compared Palo Alto Networks and Splunk solutions aren't in the same category. Palo Alto Networks is ranked #15 in SIEM , with an average rating of 9.0, and holds a 2.3% mindshare in the category. Splunk is ranked #3 in SOAR , with an average rating of 8.1, and holds a 8.3% mindshare. Additionally, 100% of Palo Alto Networks users are willing to recommend the solution, compared to 87% of Splunk users who would recommend it.

Cortex XSIAM

Read 8 Cortex XSIAM reviews

1,700 Views
1,229 Comparison Views

100% willing to recommend

Splunk SOAR

Read 43 Splunk SOAR reviews

5,110 Views
3,052 Comparison Views

87% willing to recommend

Cortex XSIAM

Splunk SOAR

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Dec 8, 2024

Splunk SOAR and Cortex XSIAM are competitors in the security software market, focusing on providing robust security orchestration and threat management solutions. Splunk SOAR seems to have the upper hand due to its strong automation, integration, and playbook customization capabilities.

Features: Splunk SOAR is notable for its automation in streamlining processes, varied integration possibilities, and extensive playbook customization, reducing manual efforts. Its documentation and flexibility in security orchestration are also significant. Cortex XSIAM stands out with machine learning for threat detection, integration with third-party systems, and its focus on unified detection across diverse systems.

Room for Improvement: Splunk SOAR requires better API integration and documentation, improved analytics, and a user-friendly playbook editor. It also needs better IAM integration, case management, scalability, and cost management. Cortex XSIAM could benefit from an enhanced Attack Surface Management module, optimized performance with multiple tabs, and improved integration and flexibility for developers, alongside pricing and support service enhancements.

Ease of Deployment and Customer Service: Splunk SOAR offers deployment flexibility across hybrid environments, receiving praise for its responsive support and dedicated account management. While its documentation is beneficial, technical support experiences vary. Cortex XSIAM is mainly deployed on public cloud platforms, with users requesting faster support responses and better documentation and integration assistance, compared to the more comprehensive support structure of Splunk.

Pricing and ROI: Splunk SOAR uses a subscription model often seen as costly for small to medium enterprises. Despite high licensing costs, its capabilities justify expenses through process improvements, although initial setup results in slow ROI. Cortex XSIAM offers competitive pricing, viewed as reasonable against industry standards yet still costly by some. It provides value with strong threat management features, offering ROI through cost-effective service contracts despite high initial expenses.

To learn more, read our detailed Security Information and Event Management (SIEM) Report (Updated: December 2024).

Buyer's Guide

Security Information and Event Management (SIEM)

December 2024

Download the complete report

Helped 831,020 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XSIAM

Average Rating

9.0

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (15th), Identity Threat Detection and Response (ITDR) (6th), AI-Powered Cybersecurity Platforms (8th)

Splunk SOAR

Average Rating

8.2

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (3rd)

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Cortex XSIAM is designed for Security Information and Event Management (SIEM) and holds a mindshare of 2.3%, up 0.3% compared to last year.
Splunk SOAR, on the other hand, focuses on Security Orchestration Automation and Response (SOAR), holds 8.3% mindshare, down 9.8% since last year.

Security Information and Event Management (SIEM)

Security Orchestration Automation and Response (SOAR)

Featured Reviews

Forrest Stevens

Senior Manager - Security Operations at First Advantage Corporation

A robust security operation that ensures achieving automation, stability, and scalability

There is room for improvement in some areas, and I would highlight three key aspects. Firstly, the Attack Surface Management (ASM) module could benefit from more contextual depth. Currently, it tends to provide a broad overview without enriched context, and there's room for enhancement in this regard. Secondly, further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous. This would enhance its versatility and interoperability within a broader ecosystem. Regarding performance, there's potential for optimization. When multiple tabs are open in Cortex XSIAM, it can experience slowdowns, leading to longer load times for web pages. It's worth noting that this isn't a severe issue, and it doesn't entail waiting for extended periods, but there is room for improvement in terms of performance optimization.

Read full review

Shubham Sinha.

Senior Principal Information Security Analyst at Veritas Technologies LLC

Helped eliminate repetitive and redundant tasks, but custom functions and reporting need a lot of work

The visibility of the solution’s playbook viewer depends on the right you assign to the analyst. SOAR has the flexibility to distinguish between the roles of analyst and owner. If the analyst's role is to just work on a ticket, they cannot view the playbook design platform. That is limited to the owner. That can be both a good and bad thing. A major problem I have faced in SOAR's rights distribution is roles and responsibilities. Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch, just to amend the rights and responsibilities of one role. This bug was not fixed. Also, the latest GUI is terrible. The previous one was better. Another point is that while using Splunk SOAR in an investigation is not difficult, there are some complex parameters. We have SOAR case management, but the licensing is going to put a big hole in your pocket. Also, there is an issue with investigation node addition. When you are doing node additions you cannot grant the entire environment to have SOAR visibility into the incident. So when you integrate it with an ITSM tool, like ServiceNow or Jira for ticketing purposes, there is a challenge. When you do nodes for investigation on a regular basis, sometimes it does not update our ServiceNow platform, which is terrible. It is a redundant activity for an analyst to update that in the case management as well as in the ITSM tool. Although SOAR provides integration, the functionality of investigation and nodes is terrible when it comes to integration. An additional area for improvement is custom function creation. It's terrible. A newbie cannot create custom functions right away. They would require a solid understanding first. Also, the reporting is really awful. If I want to do a report for a customized time period, such as the last three days or the last four days, or from the 10th to the 12th of June, that is not available in SOAR at all. That kind of feature is available in Cortex XSOAR. Reporting is a real challenge.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It is an effective solution in terms of performance and functionalities."

"One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities."

"The most valuable features of Cortex XSIAM are the machine learning used to identify threats, the complexity of the environment of products, and efficiency."

"It operates on a single, extensive database which enables it to excel in detecting threats and anomalies across the network and endpoints, delivering a highly effective and comprehensive security solution."

"Its ability to deliver a substantial amount of security intelligence greatly enhances and optimizes our security operations program."

"The most valuable feature is the integration capability."

"The automation capabilities significantly improve response times by allowing us to respond to incidents from a single dashboard rather than navigating multiple dashboards."

"One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities."

More Cortex XSIAM pros

"The product provides 100% automation for certain processes."

"I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work."

"The customizable playbook is the most valuable aspect of the solution."

"Very flexible integration with other tools"

"My understanding is the initial setup isn't too hard."

"Scalability is the best feature of the solution."

"Splunk integrates with so many products. It provides us with good information for us to be able to do our jobs."

"The customization continues to be excellent."

More Splunk SOAR pros

Cons

"The first impression is that XSIAM would be more expensive than others we tried."

"I am not sure if any improvements are needed right now."

"The solution’s pricing and technical support could be improved."

"Cortex could improve the detection and online resolution of security vulnerabilities."

"Further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous."

"The platform isn't very developer-friendly and it should provide more flexibility and ease."

"There is room for improvement in expanding integrations to include more cybersecurity solutions."

"The support could be a bit faster."

More Cortex XSIAM cons

"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."

"It would be ideal if we could automate processes even more."

"I haven't had any issues with the solution so far."

"They can improve on what they are currently doing. They can provide more playbooks or at least template playbooks that are in their repository."

"have put a number of ideas on the ideas.splunk.com site for feature requests for the Splunk SOAR product. I posted one of them about three years ago, which finally got implemented in the latest release that just got announced, so the time to implement new features and things like that is a little bit concerning."

"The technical support for the Splunk SIEM solution was average."

"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."

"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."

More Splunk SOAR cons

Pricing and Cost Advice

"The solution comes at a significant cost."

"Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."

"The product cost could be considered value for money compared to other solutions in the market, though it is quite high."

"The solution is expensive compared to its competitors."

"In terms of pricing, we found Cortex XSIAM to offer a very reasonable and competitive rate."

"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."

"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."

"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."

"The licensing cost is reasonable."

"I found the price of Splunk SOAR to be good."

"Splunk SOAR is an expensive solution for an organization of our size."

"The cost is high and the licensing is on an annual basis."

"I don't know the exact price, but for my region, it is very expensive."

More Splunk SOAR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

831,020 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

13%

Manufacturing Company

10%

Financial Services Firm

10%

Government

Computer Software Company

14%

Financial Services Firm

14%

Manufacturing Company

11%

Government

10%

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Cortex XSIAM?

It is an effective solution in terms of performance and functionalities.

See all answers

What is your experience regarding pricing and costs for Cortex XSIAM?

The first impression is that XSIAM would be more expensive than others we tried.

See all answers

What needs improvement with Cortex XSIAM?

Cortex could improve the detection and online resolution of security vulnerabilities. We hope that the artificial intelligence in Cortex will assist in optimizing responses to vulnerabilities.

See all answers

What do you like most about Splunk Phantom?

Splunk SOAR's quick response to incidents is the most valuable part.

See all answers

What is your experience regarding pricing and costs for Splunk Phantom?

I rate Splunk SOAR two out of 10 for affordability. Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all ...

See all answers

What needs improvement with Splunk Phantom?

The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginne...

See all answers

Comparisons

Palo Alto Networks Cortex XSOAR vs Cortex XSIAM

Compared 41% of the time

Microsoft Sentinel vs Cortex XSIAM

Compared 17% of the time

IBM Security QRadar vs Cortex XSIAM

Compared 11% of the time

CrowdStrike Falcon vs Cortex XSIAM

Compared 6% of the time

Microsoft Defender for Identity vs Cortex XSIAM

Compared 3% of the time

More Cortex XSIAM Competitors

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Compared 18% of the time

Fortinet FortiSOAR vs Splunk SOAR

Compared 8% of the time

Tines vs Splunk SOAR

Compared 8% of the time

Torq vs Splunk SOAR

Compared 7% of the time

Swimlane vs Splunk SOAR

Compared 7% of the time

More Splunk SOAR Competitors

Product Reports

Buyer's Guide

Security Information and Event Management (SIEM)

December 2024

Download Cortex XSIAM product report

Buyer's Guide

Splunk SOAR

December 2024

Download Splunk SOAR product report

Also Known As

No data available

Phantom

Learn More

Palo Alto Networks

Splunk

Overview

Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.

Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.

What are Cortex XSIAM's key features?

Security Orchestration: Streamlines processes across security operations.
Automation and Response: Efficient incident response management.
Detection Enrichment: Enhances identification of threats.
Centralized Endpoint Security: Comprehensive protection and monitoring of endpoints.
Forensic Investigation: Automated investigation to expedite threat analysis.

What benefits are evident in Cortex XSIAM reviews?

Cost-Effectiveness: Provides economical options compared to other market players.
Comprehensive Integration: Seamlessly integrates with multiple data sources and vendors.
Reduced Management Effort: Simplifies the administration of security operations.
Enhanced Threat Detection: Strengthens identification and remediation processes.

Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Sample Customers

Information Not Available

Recorded Future, Blackstone

Buyer's Guide

Security Information and Event Management (SIEM)

December 2024

Download Free Report

Find out what your peers are saying about Splunk, Wazuh, Microsoft and others in Security Information and Event Management (SIEM). Updated: December 2024.

DOWNLOAD NOW

831,020 professionals have used our research since 2012.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.