Try our new research platform with insights from 80,000+ expert users

Cortex XSIAM vs Splunk SOAR comparison

The compared Palo Alto Networks and Splunk solutions aren't in the same category. Palo Alto Networks is ranked #29 in SIEM , with an average rating of 9.3, and holds a 1.7% mindshare in the category. Splunk is ranked #3 in SOAR , with an average rating of 8.1, and holds a 8.8% mindshare. Additionally, 100% of Palo Alto Networks users are willing to recommend the solution, compared to 87% of Splunk users who would recommend it.
Cortex XSIAM
Read 8 Cortex XSIAM reviews
  • 1,323 Views
  • 942 Comparison Views
100% willing to recommend
Splunk SOAR
Read 43 Splunk SOAR reviews
  • 5,505 Views
  • 3,291 Comparison Views
87% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 4, 2024

Splunk SOAR and Cortex XSIAM are two leading security orchestration, automation, and response tools. Splunk SOAR is praised for its ease of deployment and customer service, whereas Cortex XSIAM excels in features, making it worth its higher price.

Features: Splunk SOAR users enjoy extensive integration capabilities, customizable playbooks, and efficient automation. Cortex XSIAM stands out for its advanced threat detection, automated response features, and superior threat intelligence.

Room for Improvement: Splunk SOAR could benefit from streamlined processes, additional third-party integrations, and enhanced user experience. Cortex XSIAM users suggest better documentation, improved support responsiveness, and more intuitive interface design.

Ease of Deployment and Customer Service: Splunk SOAR is known for its straightforward setup process and reliable customer support. Cortex XSIAM is more complex to deploy but offers excellent post-deployment support. Splunk SOAR is favored for easier deployment, while Cortex XSIAM is preferred for comprehensive support after deployment.

Pricing and ROI: Splunk SOAR is competitively priced and delivers good ROI with efficient automation capabilities. Cortex XSIAM is more expensive but justifies the cost with enhanced features and response efficacy. Splunk SOAR offers better initial pricing, whereas Cortex XSIAM's higher cost is considered worthwhile for superior functionality.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Security Information and Event Management (SIEM) Report (Updated: November 2024).
Buyer's Guide
Security Information and Event Management (SIEM)
November 2024
Download the complete report
Helped 815,854 peers since 2012
 

Categories and Ranking

Cortex XSIAM
Average Rating
9.0
Reviews Sentiment
7.3
Number of Reviews
8
Ranking in other categories
Security Information and Event Management (SIEM) (29th), Identity Threat Detection and Response (ITDR) (10th)
Splunk SOAR
Average Rating
8.2
Number of Reviews
43
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (3rd)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Cortex XSIAM is designed for Security Information and Event Management (SIEM) and holds a mindshare of 1.7%, up 0.1% compared to last year.
Splunk SOAR, on the other hand, focuses on Security Orchestration Automation and Response (SOAR), holds 8.8% mindshare, down 9.8% since last year.
Security Information and Event Management (SIEM)
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Forrest Stevens - PeerSpot reviewer
Sep 28, 2023
A robust security operation that ensures achieving automation, stability, and scalability
There is room for improvement in some areas, and I would highlight three key aspects. Firstly, the Attack Surface Management (ASM) module could benefit from more contextual depth. Currently, it tends to provide a broad overview without enriched context, and there's room for enhancement in this regard. Secondly, further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous. This would enhance its versatility and interoperability within a broader ecosystem. Regarding performance, there's potential for optimization. When multiple tabs are open in Cortex XSIAM, it can experience slowdowns, leading to longer load times for web pages. It's worth noting that this isn't a severe issue, and it doesn't entail waiting for extended periods, but there is room for improvement in terms of performance optimization.
Read full review
Ryan Plas - PeerSpot reviewer
Jun 12, 2024
Offers playbook automation that helps reduce the manual and tedious work for users
When it comes to Splunk SOAR's ability to provide end-to-end visibility into our company's cloud-native environment, I would say that we are not using the cloud portions of it. I don't know if that's super relevant to what we are doing in our organization. I am 100 percent sure that Splunk SOAR helped reduce your mean time to resolve, but I don't have any metrics on hand but I know it has dramatically decreased. The tool has helped with the business resilience part. I think having it as a platform has been a solid portion of the product that we offer to people. Spunk SOAR has definitely saved my time in alert triage. When some of the tedious enrichment and lookup stuff happens, the analyst doesn't have to deal with such areas, and they can just jump in and see relevant data all in one pane of glass, which has been super helpful for speeding things up. The unified platform helps consolidate networking, security, and IT observability tools. The consolidation of tools impacts our organization as it just helps focus the SOC analyst on a single unified place to find information. It helps keep things streamlined and regular so they know where to look for certain stuff they want. It really helps people with training. It is a really easy tool to onboard people into because everything is right there in the product itself. The product is really great. I would love to see more SOAR innovation going into the tool, especially the on-premises version since it is what we use in our company. I feel the tool needs to encourage continuous improvements, but as a product itself, my company is really happy with the solution. I rate the tool an eight out of ten.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features of Cortex XSIAM are the machine learning used to identify threats, the complexity of the environment of products, and efficiency."
"It operates on a single, extensive database which enables it to excel in detecting threats and anomalies across the network and endpoints, delivering a highly effective and comprehensive security solution."
"The most valuable feature is the integration capability."
"Its ability to deliver a substantial amount of security intelligence greatly enhances and optimizes our security operations program."
"One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities."
"The automation capabilities significantly improve response times by allowing us to respond to incidents from a single dashboard rather than navigating multiple dashboards."
"One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities."
"It does a better job of identifying anomalies that are more likely to be incidents of compromise without as many false positives or false negatives."
More Cortex XSIAM pros
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable."
"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."
"Workflow management is most valuable. It is easily customizable"
"Technical support is helpful."
"I'm just a beginner on the solution and it's pretty easy for me to use."
"The product’s integration with other Splunk products is valuable."
"My understanding is the initial setup isn't too hard."
More Splunk SOAR pros
 

Cons

"Cortex could improve the detection and online resolution of security vulnerabilities."
"The support could be a bit faster."
"The platform isn't very developer-friendly and it should provide more flexibility and ease."
"It could provide more integration with a large variety of products."
"Further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous."
"The solution’s pricing and technical support could be improved."
"There is room for improvement in expanding integrations to include more cybersecurity solutions."
"I am not sure if any improvements are needed right now."
More Cortex XSIAM cons
"The tool's response is slower because it has to search through a huge dataset, which can be improved for latency."
"Providing Splunk app developers and playbook developers Python Stub files so that way when they create custom code through their IDE, they can have IntelliCode suggestions."
"It could be easier to implement."
"It would be ideal if we could automate processes even more."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"While there have been improvements to the investigation process, particularly with the playbook data, the current log review method is cumbersome."
"Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient."
"I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region."
More Splunk SOAR cons
 

Pricing and Cost Advice

"The solution is expensive compared to its competitors."
"The product cost could be considered value for money compared to other solutions in the market, though it is quite high."
"In terms of pricing, we found Cortex XSIAM to offer a very reasonable and competitive rate."
"The solution comes at a significant cost."
"Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."
"Splunk SOAR is more expensive compared to other options for SOAR."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."
"The licensing cost is reasonable."
"The cost is high and the licensing is on an annual basis."
"I don't know the exact price, but for my region, it is very expensive."
"The tool is not cheap."
"I found the price of Splunk SOAR to be good."
More Splunk SOAR pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
815,854 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Manufacturing Company
11%
Financial Services Firm
9%
Government
7%
Computer Software Company
15%
Financial Services Firm
13%
Manufacturing Company
12%
Government
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Cortex XSIAM?
It is an effective solution in terms of performance and functionalities.
See all answers
What is your experience regarding pricing and costs for Cortex XSIAM?
We do not deal with licensing. Only the accounts team handles that information.
See all answers
What needs improvement with Cortex XSIAM?
I am not sure if any improvements are needed right now. The current features are satisfactory, and new features are implemented following customer feature requests.
See all answers
What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
See all answers
What is your experience regarding pricing and costs for Splunk Phantom?
I rate Splunk SOAR two out of 10 for affordability. Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all ...
See all answers
What needs improvement with Splunk Phantom?
The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginne...
See all answers
 

Comparisons

Palo Alto Networks Cortex XSOAR vs Cortex XSIAM Logo
Palo Alto Networks Cortex XSOAR vs Cortex XSIAM
Compared 43% of the time
Microsoft Sentinel vs Cortex XSIAM Logo
Microsoft Sentinel vs Cortex XSIAM
Compared 17% of the time
IBM Security QRadar vs Cortex XSIAM Logo
IBM Security QRadar vs Cortex XSIAM
Compared 11% of the time
CrowdStrike Falcon vs Cortex XSIAM Logo
CrowdStrike Falcon vs Cortex XSIAM
Compared 5% of the time
Microsoft Defender for Identity vs Cortex XSIAM Logo
Microsoft Defender for Identity vs Cortex XSIAM
Compared 2% of the time
More Cortex XSIAM Competitors
Palo Alto Networks Cortex XSOAR vs Splunk SOAR Logo
Palo Alto Networks Cortex XSOAR vs Splunk SOAR
Compared 20% of the time
ServiceNow Security Operations vs Splunk SOAR Logo
ServiceNow Security Operations vs Splunk SOAR
Compared 8% of the time
Tines vs Splunk SOAR Logo
Tines vs Splunk SOAR
Compared 7% of the time
Torq vs Splunk SOAR Logo
Torq vs Splunk SOAR
Compared 7% of the time
Fortinet FortiSOAR vs Splunk SOAR Logo
Fortinet FortiSOAR vs Splunk SOAR
Compared 7% of the time
More Splunk SOAR Competitors
 

Product Reports

Buyer's Guide
Security Information and Event Management (SIEM)
November 2024
Cortex XSIAM reportDownload Cortex XSIAM product report
Buyer's Guide
Splunk SOAR
October 2024
Splunk SOAR reportDownload Splunk SOAR product report
 

Also Known As

No data available
Phantom
 

Learn More

Palo Alto Networks
Splunk
 

Overview

Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.

Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.

What are Cortex XSIAM's key features?
  • Security Orchestration: Streamlines processes across security operations.
  • Automation and Response: Efficient incident response management.
  • Detection Enrichment: Enhances identification of threats.
  • Centralized Endpoint Security: Comprehensive protection and monitoring of endpoints.
  • Forensic Investigation: Automated investigation to expedite threat analysis.
What benefits are evident in Cortex XSIAM reviews?
  • Cost-Effectiveness: Provides economical options compared to other market players.
  • Comprehensive Integration: Seamlessly integrates with multiple data sources and vendors.
  • Reduced Management Effort: Simplifies the administration of security operations.
  • Enhanced Threat Detection: Strengthens identification and remediation processes.

Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

 

Sample Customers

Information Not Available
Recorded Future, Blackstone
Buyer's Guide
Security Information and Event Management (SIEM)
November 2024
Download Free Report
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM). Updated: November 2024.
DOWNLOAD NOW
815,854 professionals have used our research since 2012.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.