Splunk SOAR and Cortex XSIAM both compete in the cybersecurity space, focusing on automation and threat detection. Splunk SOAR has the edge in integration capabilities and customizable playbooks, while Cortex XSIAM is superior in advanced analytics and unified threat detection.
Features: Splunk SOAR offers robust integration capabilities, customizable playbooks, and effective time-saving automation. On the other hand, Cortex XSIAM excels with unified threat detection using machine learning and forensic investigation features, providing a comprehensive security solution.
Room for Improvement: Splunk SOAR could enhance integration, reporting, playbook creation, and interface usability. Its case management and certain features require optimization. Cortex XSIAM could expand its integration coverage and address performance issues under heavy loads, along with enhancing contextual reporting.
Ease of Deployment and Customer Service: Splunk SOAR supports flexible deployments on cloud and on-premises, backed by detailed documentation and community support. However, support service efficiency varies. Cortex XSIAM primarily focuses on cloud and hybrid solutions, offering adequate support with room for improving response times and developer flexibility.
Pricing and ROI: Splunk SOAR is perceived as expensive, particularly for smaller organizations, but offers substantial ROI via automation. It uses user-based licensing with possible volume discounts. Cortex XSIAM provides a competitive pricing model aligning with customer budgets, despite facing criticism for high costs associated with additional services. Both solutions are costly, with Splunk SOAR often seen as offering upfront value for its comprehensive features.
We've seen a decrease in false positives and a significant increase in our containment.
With premium support, core Palo Alto technical experts handle issues directly.
It is ineffective in terms of responding to basic queries and addressing future requirements.
The Palo Alto support team is fully responsive and helpful.
Discovering different troubleshooting methods is harder to do with Splunk SOAR than with Enterprise Security or other Splunk services.
Splunk's technical support is very good and generally not needed often due to the stable environment.
Without proper integration, scaling up with more servers is meaningless.
Cortex XSIAM is highly scalable.
It can be extended and adapted as necessary.
Splunk SOAR has the ability to scale quite significantly.
The product was easy to install and set up and worked right.
Overall, Cortex XSIAM is stable.
It works really nice and performs really efficiently after configuration.
We have not experienced any downtime, crashes, or performance issues.
Splunk SOAR provides a stable environment and technology.
It's been pretty reliable.
Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long.
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.
Cortex XSIAM is on the expensive side and requires substantial improvement in pricing.
Although it enhances alert handling, it still has a journey to compete with Palo Alto SOAR and FortiSOAR.
Splunk's Unified Platform does help consolidate networking security and IT observability tools.
I would rate Splunk SOAR support an eight out of ten because escalating a ticket to a higher level can take more time, indicating a need for a larger support team.
The first impression is that XSIAM would be more expensive than others we tried.
The product is very expensive.
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable.
Splunk SOAR is moderately priced, neither cheap nor overly expensive.
Splunk SOAR is affordable cost-wise only.
The solution is free for us, which is a beneficial aspect.
The advanced visualization capabilities of the product are important for understanding security trends in an organization.
One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities.
The flexibility for creating manual workflows stands out.
Creating playbooks using the Playbook Editor in Splunk SOAR is easy. The editor is designed to be user-friendly with visual drag and drop features, allowing for easy workflows without writing any code.
Splunk SOAR saves time in threat response, and the time to solve an incident is currently the best in the market.
The customization of the playbook in Splunk SOAR is very beneficial.
| Product | Market Share (%) |
|---|---|
| Cortex XSIAM | 3.0% |
| Wazuh | 10.2% |
| Splunk Enterprise Security | 9.2% |
| Other | 77.6% |
| Product | Market Share (%) |
|---|---|
| Splunk SOAR | 7.7% |
| Microsoft Sentinel | 15.9% |
| Palo Alto Networks Cortex XSOAR | 9.6% |
| Other | 66.8% |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 2 |
| Large Enterprise | 4 |
| Company Size | Count |
|---|---|
| Small Business | 12 |
| Midsize Enterprise | 7 |
| Large Enterprise | 29 |
Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.
Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.
What are Cortex XSIAM's key features?
What benefits are evident in Cortex XSIAM reviews?
Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.
Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.
Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.
Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.
Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.
Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
