Cortex XSIAM serves as a comprehensive solution that combines the functionalities of both SIM (Security Information and Event Management) and EDR (Endpoint Detection and Response) with added automation capabilities. It streamlines the entire process into a single, unified solution. Its operation involves data collection, detection, response, and integration. Unlike traditional SIMs, it doesn't only deal with logs but also collects network traffic data and information from various security controls and systems. This holistic approach allows for a more comprehensive understanding of the entire attack cycle. It excels in threat detection and has the potential for even more extensive integration in the future.
Cybersecurity incident response team lead at Information Technology Solutions- ITS
A comprehensive cloud-based security solution with strong detection capabilities
Pros and Cons
- "It operates on a single, extensive database which enables it to excel in detecting threats and anomalies across the network and endpoints, delivering a highly effective and comprehensive security solution."
- "The platform isn't very developer-friendly and it should provide more flexibility and ease."
What is our primary use case?
What is most valuable?
It provides a level of detection capabilities that's hard to achieve with other tools, such as traditional SIMs. The key differentiator lies in its holistic analysis, which grants it a broader perspective on the entire attack lifecycle. Unlike solutions composed of multiple integrated components, Cortex XSIAM stands out because it's built as a unified solution. It operates on a single, extensive database which enables it to excel in detecting threats and anomalies across the network and endpoints, delivering a highly effective and comprehensive security solution.
What needs improvement?
While Cortex XSIAM is making progress in terms of integration, it's not quite at the same level as some other solutions, particularly when it comes to extensive integration. The platform isn't very developer-friendly and it should provide more flexibility and ease.
For how long have I used the solution?
I had the opportunity to use Cortex XSIAM since its launch last year. I'm fortunate to be among the early partners who had the chance to work closely with it during the initial development phase and beyond.
Buyer's Guide
Security Information and Event Management (SIEM)
March 2025

Find out what your peers are saying about Palo Alto Networks, Microsoft, IBM and others in Security Information and Event Management (SIEM). Updated: March 2025.
842,672 professionals have used our research since 2012.
What do I think about the stability of the solution?
Due to its cloud-based nature, it has proven to be highly stable in our environment. We have experienced minimal maintenance requirements, and the software remains consistently reliable. I would give it a full score for its stability.
What do I think about the scalability of the solution?
Cortex XSIAM is a fully cloud-based solution, making it highly scalable. I am unsure if this solution will become available for on-premises deployment due to the tool's extensive capabilities. I would only consider giving it a perfect score if it can replicate the same functionality on-premises. On a scale of one to ten, I would rate the scalability a nine.
How are customer service and support?
There were instances when we encountered notifications or issues that didn't align with the provided guidance. When we reached out to the technical support team for assistance and suggestions on improving the situation, they proved to be highly helpful. It was a smooth and efficient process. They promptly addressed the issues, and the resolution steps were laid out clearly, essentially guiding us through the process step by step.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Our company deals with integrated technology solutions, so we often utilize connectors to link various external solutions. These connections range from IBM QRadar to Splunk and even encompass the entire suite of FireEye products, such as FireEye HX. Cortex XSIAM stands out as the most straightforward option, especially if your environment is cloud-centric.
How was the initial setup?
It operates as a SaaS solution and its setup is straightforward. The only requirement is to deploy the broker, and it automatically connects to your integrations. It's a simple process with minimal steps involved.
What about the implementation team?
The deployment process itself is simple. After you place the order, they handle the installation, which happens quickly. The more time-consuming part is setting up the integrations, particularly on the broker and related configurations. For larger environments, this complexity can be compounded, sometimes necessitating the use of multiple brokers and nodes to ensure everything operates smoothly.
What's my experience with pricing, setup cost, and licensing?
The solution comes at a significant cost.
What other advice do I have?
Before opting for it, it's essential to ensure that your organization is cloud-friendly because Cortex XSIAM is a fully cloud-based solution. You should also be comfortable with the idea of sharing and storing your logs in the cloud, as this might not align with every organization's preferences. I would suggest verifying that the desired controls are fully supported. The platform is still evolving in terms of integrations, as mentioned earlier. When it comes to taking action, it's beneficial to have an on-site developer or if that's not possible, consider purchasing specific services or features that meet the needs. It is crucial to develop a well-thought-out adoption strategy for such a comprehensive solution. Cortex XSIAM offers a wide range of capabilities, and realizing its full potential- might take multiple years and careful planning. I would rate it nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Senioor Engineer of System and Security at Connex Information Technologies
Helps us identify incidents across the network and provides valuable automation capabilities
Pros and Cons
- "The automation capabilities significantly improve response times by allowing us to respond to incidents from a single dashboard rather than navigating multiple dashboards."
- "There is room for improvement in expanding integrations to include more cybersecurity solutions."
What is our primary use case?
We use the product to integrate several third-party logs into the dashboard and perform micro-automation in response to incidents.
What is most valuable?
The platform's most valuable features include third-party integration for analyzing incidents across the network, forensic investigation automation, and playbooks.
What needs improvement?
There is room for improvement in expanding integrations to include more cybersecurity solutions.
For how long have I used the solution?
I have been working with Cortex XSIAM for two years.
What do I think about the stability of the solution?
I rate the product stability a ten.
What do I think about the scalability of the solution?
We have six customers using XSIAM. They are predominantly enterprise businesses. I rate the scalability an eight.
How are customer service and support?
The technical support team can be slow in providing solutions, often requiring additional research or escalations to resolve issues.
How would you rate customer service and support?
Neutral
How was the initial setup?
The documentation on deployment procedures needed to be improved and the deployment options were limited, 95% being cloud-based. It typically takes one to two weeks, though fine-tuning and integration can extend this timeframe depending on the scope.
The process involves integrating our XDR Cortex platform with the XSIAM SaaS deployment or management console, correlating the necessary information, and creating the analytics rules.
I would rate the initial setup experience as a seven.
What's my experience with pricing, setup cost, and licensing?
The product cost could be considered value for money compared to other solutions in the market, though it is quite high.
I rate the pricing a nine.
What other advice do I have?
The platform's analytics capabilities are particularly effective in identifying and correlating incidents. It helps identify endpoint-based incidents.
The automation capabilities significantly improve response times by allowing us to respond to incidents from a single dashboard rather than navigating multiple dashboards.
I rate it an eight.
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Last updated: Aug 3, 2024
Flag as inappropriateBuyer's Guide
Security Information and Event Management (SIEM)
March 2025

Find out what your peers are saying about Palo Alto Networks, Microsoft, IBM and others in Security Information and Event Management (SIEM). Updated: March 2025.
842,672 professionals have used our research since 2012.
Commercial Director at a security firm with 11-50 employees
An efficient solution that uses machine learning to identify threats, but its pricing and technical support could be improved
Pros and Cons
- "The most valuable features of Cortex XSIAM are the machine learning used to identify threats, the complexity of the environment of products, and efficiency."
- "The solution’s pricing and technical support could be improved."
What is most valuable?
The most valuable features of Cortex XSIAM are the machine learning used to identify threats, the complexity of the environment of products, and efficiency.
What needs improvement?
The solution’s pricing and technical support could be improved.
For how long have I used the solution?
I have been using Cortex XSIAM for five years.
What's my experience with pricing, setup cost, and licensing?
The solution is expensive compared to its competitors.
What other advice do I have?
Users should test the solution quite massively and deeply to verify whether it really suits their needs.
You have to gather some specific knowledge to really get the profits and fully use the functionalities of the product. It's not an out-of-the-box product.
If you have used the product before and know what you want to achieve, it is easy to use the solution. However, if you are newly using the solution, you have to analyze and know what you want to achieve using this tool.
Overall, I rate Cortex XSIAM a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller

Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Palo Alto Networks, Microsoft, IBM, and more!
Updated: March 2025
Product Categories
Security Information and Event Management (SIEM) Identity Threat Detection and Response (ITDR) AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
IBM Security QRadar
Elastic Security
Fortinet FortiSIEM
Securonix Next-Gen SIEM
Google Chronicle Suite
Exabeam
Sentinel
Google Security Operations
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Palo Alto Networks, Microsoft, IBM, and more!
Quick Links
Learn More: Questions:
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- What's The Best Way to Trial SIEM Solutions?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- RSA-EMC vs. other SIEM products?
- What Questions Should I Ask Before Buying SIEM?
- What are the pros and cons of internal SOC vs SOC-as-a-Service?
Does Cortex XSIAM have 5 years history?