We performed a comparison between DFLabs IncMan SOAR and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"We have no complaints about the features or functionality."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"It has basic out-of-the-box integrations with multiple log sources."
"It's pretty powerful and its performance is pretty good."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The vendors themselves will actually help with any customizations a client may require"
"The most valuable feature is automation."
"The solution provides threat intelligence with EDR."
"It is a scalable solution. I would rate scalability a ten out of ten."
"For organizations that are stable with their security operations, like those with around 50 members in their security team running full-phased operations 24/7, Cortex is necessary."
"They have a portal where you can find any kind of integration that you need."
"Its agility and scalability are valuable."
"The most valuable features are simplicity and ease of integration."
"The drag-and-drop interface enables analysts with no programming knowledge to create playbooks easily."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The support is not 24/7."
"Palo Alto Networks Cortex XSOAR lacks to offer SIEM functionalities currently."
"Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations."
"We need a little hands-on experience to install the solution."
"The solution's technical support could be better."
"The solution is complicated to learn."
"I would love to see more flexibility on what we can display and design on the dashboards."
"The user interface could be a bit better."
"The solution is very expensive."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Earn 20 points
DFLabs IncMan SOAR is ranked 28th in Security Orchestration Automation and Response (SOAR) while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. DFLabs IncMan SOAR is rated 0.0, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of DFLabs IncMan SOAR writes "Protects an organization from the threat of a data breach or cyberattack". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". DFLabs IncMan SOAR is most compared with IBM Resilient, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.