We performed a comparison between NetWitness XDR and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The pricing of the product is excellent."
"The machine learning and artificial intelligence on offer are great."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The log correlation is good."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"This solution allows us to locate the malware in real-time."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"The product is quite easy to use."
"The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features"
"It was useful as a ticketing tool."
"Its agility and scalability are valuable."
"The product can automate security tasks."
"We use the solution to automate our SIEM tools and incidents."
"They have a portal where you can find any kind of integration that you need."
"I chose Cortex XSOAR because the client also has Palo Alto firewalls. I can incorporate the data from the Palo Alto firewalls into Cortex and send it into the same data lake to manipulate that data. It lets me manage and monitor the data in one place."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"The AI capabilities must be improved."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The solution lacks a reporting engine."
"The contamination feature could be improved."
"The user interface could be a bit better."
"With Palo Alto Networks Cortex XSOAR, managing its setup phase can be a complicated task."
"There is room for improvement in terms of the pricing model."
"The solution should be made a bit cheaper."
"There should be an on-premise version available for customers to have different choices."
"The solution is complicated to learn."
"They should provide integration with machine learning platforms."
"XSOAR could have more integration options."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
NetWitness XDR is ranked 15th in Security Orchestration Automation and Response (SOAR) with 15 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. NetWitness XDR is rated 8.0, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Corelight, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient. See our NetWitness XDR vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.