Palo Alto Networks Cortex XSOAR Reviews

I primarily pitch and sell this solution to our customers. We do product assessments and consult with customers for the most part.

Clients can use it for automation. 

The solution has very good integration capabilities. It's really the best at integration. Inside every integration, there are certain commands which we can call upon, which makes it very useful as a product.

The automation is excellent. 

The product is very robust.

With this solution, we can do dynamic remediation.

It's a product that is constantly upgrading and improving.

It's a user-friendly solution.

Technical support is very helpful and responsive.

We'd like to be able to add as many integrations as possible. We would like more options for our clients. 

A few times, I have noticed some bugs. That may be due to the fact that they are consistently upgrading the product. With new releases, a few bugs might get through.

The solution is expensive. They should work to make it less costly for the customer.

I've been working with the solution for the past five years or so at this point. It's been a while. 

There are a few bugs here and there when new releases happen. We've used it from version four all the way to version six and have dealt with a few bugs, however, that is expected. That's always some in any products. It's fine for us.

Mostly, the stability is okay. The integration keeps on triggering every time. It has jobs that are learning all the time. It's based on completely API integrations. As long as there is compatibility, the solution is pretty available. It is always ready to go.

We haven't tried to scale, however, as per the technical documents which I have read, it should be understood by the customer before it is deployed. It all depends on how many integrations or how many triggering points a company has. You need to have an idea of the scope. Remediation can take a minute or two, however, it will still be possible. There isn't too much of a concern for scaling right now.

We have one or two customers using the solution for their own purposes. We are consulting with two more customers. We do plan to increase usage in the future. 

We've dealt with technical support in the past. They're 100% responsive and they have a lot of channels in which to talk to them. You can always get a hold of them and they are very knowledgeable. We are quite satisfied with their level of support.

Initially, we found the implementation to be a bit difficult. However, now we have done it quite a few times for clients, and we find it to be very straightforward and simple. You get used to the process. You learn how to do it. It's simple.

We implement the solution for our clients as consultants. 

The licensing is paid on a yearly basis. It is quite expensive. 

When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot. 

We are a partner for Palo Alto. I have been certified with them. I did certifications around their certificates when they were Demisto, however, right now, we are Palo Alto partners.

It's not a SIEM product, however, it's a next-gen automation platform for SIEM SOC services.

I'd advise companies considering the solution to assess the existing environment before they go ahead and choose something. This solution is basically built for a vast organization or a medium and big organization. Smaller organizations have other options which are available to them that might be more appropriate. 

Companies should assess the product before it's brought on, as the cost is high. Businesses need to check their budget around that, and whether it will be flexible or not. 

It's also important to have a proper engineering and design team to implement that product.

I'd rate the solution at a nine out of ten overall.

We have a lot of playbooks. It makes our SOC operations easy.

Our response has become very fast. We are able to achieve SLAs faster.

The product’s stability is good. We are able to achieve our use cases. We have multiple playbooks to support automation.

The tool’s multi-tenancy feature must be improved. The user interface must be made a little bit easier.

I have been using the solution for two years. I am using the latest version of the solution.

I rate the tool’s stability a ten out of ten.

The tool is highly scalable. I rate the scalability an eight out of ten. There are ten users in our organization. The solution is used 24/7. We have a plan to increase the usage.

We had some issues with the professional services. The team should not waste time and close the projects quickly.

Positive

I rate the ease of setup an eight out of ten. The initial setup was straightforward. There were issues during integration. We found a lot of challenges in it. It should be improved. The deployment took around two weeks. Developing the playbooks took a long time. It could take a month or more.

We deployed two main servers in the primary and secondary locations. We started the integration with a couple of technologies. During the third phase, we started working with the playbook development. After that, we started with the notifications and email templates. Finally, we did the test phase. We needed only one person for deployment and maintenance.

The solution is expensive. I rate the pricing a nine out of ten. There are no additional costs associated with the product. The license renewal cost increased this year.

We reviewed other solutions, but we did not choose them. We chose XSOAR because it is the market leader. Some friends who used the solution recommended it. We also considered the Gartner report.

The product is perfectly suitable for enterprise customers. We can achieve whatever playbooks we want to deploy. The stability is really good. We need the right professional services person who can finish the project on time. Overall, I rate the tool a nine out of ten.

We use the solution to automate our SIEM tools and incidents.

The solution's correlation rules and playbooks should be improved.

I have been using Palo Alto Networks Cortex XSOAR for six to seven months.

I rate the solution seven and a half out of ten for stability.

More than 100 users are using the solution in our organization.

I rate the solution a six out of ten for the scalability of its on-premises version.

I also use the ArcSight solution.

The solution can be deployed within a few minutes.

We are using the latest version of Palo Alto Networks Cortex XSOAR. The solution's on-premises version is not scalable. Around five people are involved with the solution’s maintenance.

Overall, I rate the solution an eight out of ten.

From the security team's standpoint, the solution has improved our organization's overall cybersecurity.

The price of the solution could be improved.

I have been using the solution for the past three and a half years.

I rate the stability of the tool as a ten out of ten.

I rate the scalability of the solution as an eight out of ten.

We haven’t used technical support yet.

The initial setup was not complex. 

Overall, I would rate the product as an eight out of ten.

We use Palo Alto as a firewall, a system for detecting and whitelisting certain IP addresses or to block certain IP addresses based on where they're coming from. We then send the logs to another log management tool for more forensics and analysis before we make a decision.

We're basically using Palo Alto for firewalling and sending those logs to another security monitoring tool to make decisions based on analytics that it provides us.

The solution is very reliable. The performance is great.

The scalability of the solution is excellent. 

We find the solution to be very robust. Palo Alto has been in the industry a long time and the solution reflects that.

The initial setup is very straightforward. It's not hard to deploy.

The solution is very expensive. They would get more clients if it wasn't so pricey.

I've been using the solution for about four years at this time. It's been a while. 

The solution is very reliable in terms of performance. It doesn't crash or freeze. There are no bugs or glitches.

The solution is extremely scalable. If a company needs to expand it, it can do so easily.

The technical support has been very good. Palo Alto is top of the line. They've been in the industry a long time and their support team reflects that knowledge. We are very satisfied with their level of support.

I also work with Fortinet. We've used them for around the same amount of time.

We found the initial setup to be quite straightforward. It's not hard to do. A company shouldn't have too much of a problem getting it up and running.

I cannot speak to the exact cost of the solution or how much our organization pays.

However, it is my understanding that the product is extremely expensive.

I'm not sure which version of the solution we're using at this time.

I'd rate the solution at an eight out of ten. We've been quite pleased with its capabilities. The only thing is it is pretty expensive.

I'd recommend other users work both with Palo Alto and Fortinet. They are great together. They compliment each other nicely.

I mainly use Cortex XSOAR to automate cybersecurity and the SOC environment.

To minimize manual tasks and increase level of automation. 

Cortex XSOAR drastically reduces trivial tasks inside the SOC environment, which provides a huge benefit for L1 analysts.

Cortex XSOAR's most valuable features are the playbooks, custom integration, the machine-learning model, and the layout, classifier, and mapper.

Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations. In the next release, Palo Alto should include popup features - for example, if someone is working on an incident, it should pop up and display in front of me once it's clicked.

4 years

Cortex XSOAR is very stable in our environment, and we haven't seen any platform issues with it.

Cortex XSOAR is scalable.

Palo Alto's support services require a lot of improvement.

I used Qradar SOAR . Cortex xsoar support is very good and contain lot of OOTB playbooks but comparatively qradar soar lack in OOTB Playbooks. 

The initial setup is very easy. Also in latest version platform is managed by Palo alto cloud itself and rest of the configuration is done from UI itself. 

So zero load in configuring platform. 

Cortex XSOAR's license price could be lower.

I would give Cortex SOAR a rating of eight out of ten.

We automate security processes, particularly SOC automation, for our clients using Cortex XSOAR. We implement these processes for major companies in Portugal.

Cortex XSOAR's playbook for incident management and automation is highly valuable. We develop Playbooks automation, centralize incident data, and try to enhance the efficiency of resolving incident cases. The platform's features focus on closing the incident lifecycle more quickly, managing incidents efficiently, and integration capabilities across security infrastructure.

The price of the solution could be lower. Companies utilizing this solution should have a well-developed cybersecurity team to maximize its benefits. It is more suited for large organizations rather than small or medium-sized companies.

We have been using Cortex XSOAR for three years.

The stability is rated eight out of ten, indicating it's quite stable without major issues.

Scalability is rated nine, reflecting its ability to scale effectively.

Our team has more experience with the solution than Palo Alto's technical support. Our experience initially showed that the Palo Alto implementation was not optimal, but this has improved over time.

Neutral

We previously used Fortinet. We have now shifted focus to Palo Alto, specifically relying on the Cortex XDR and Cortex XSOAR solutions.

The initial setup of Cortex XSOAR is simple.

Our internal team has been pivotal in implementing and solving issues with the solution.

The price of the solution is high and not justifiable for small or medium-sized companies without a developed cybersecurity team.

We moved from a primary focus on Fortinet to Palo Alto.

I would rate the overall solution eight out of ten as it is considered top-notch in the market. It is highly recommended, however, better suited for organizations with mature cybersecurity teams.

As an integrator, I have used Palo Alto Networks Cortex XSOAR in various customer environments for a wide range of purposes. This includes improving IT security, streamlining operations, automating incident response actions, creating playbooks with approvals, and enhancing integrations with different security tools. In essence, Cortex XSOAR serves as a versatile platform that helps address multiple cybersecurity and operational needs in organizations.

What I like most about Palo Alto Networks Cortex XSOAR is how user-friendly it is for development. It is much simpler to work with compared to similar tools I've used. If you can think of it, you can probably do it. However, there are some limitations, but speed isn't one of them.

One limitation I have noticed with Cortex XSOAR is that it doesn't offer automatic threat intel reports out of the box. However, you can achieve this through coding, and we have managed to do it in our own environment using scripts and playbooks. It is not a built-in feature, but it is possible with some coding skills. The good news is that Palo Alto Networks plans to make this process more automated in the future, but it is not available yet.

I have been using Palo Alto Networks Cortex XSOAR for three years.

Cortex XSOAR's stability depends on the right sizing. When sized correctly, it is very stable and I would rate it a strong nine out of ten. But if the sizing is wrong, performance problems can arise. For instance, customers with closed storage systems had issues during heavy workloads. To keep it stable, having at least 3,000 IOPs is advised, especially for customers with high storage needs. So, sizing is key for a successful and stable experience.

Cortex XSOAR is generally scalable and I would rate the scalability an eight out of ten. It is a bit challenging to migrate it from a regular database to a high-availability Elastic database, but it is possible. The ease of migration depends on how well it was planned from the start. Overall, it is a good option for scalability, but careful planning is essential for smooth transitions. The engine, which acts as a broker for connections and integrations in Cortex XSOAR, is highly efficient and reliable.

The initial setup of Cortex XSOAR is generally straightforward, but it can get a bit tricky when dealing with a lot of use cases. If you plan to create large playbooks, it is crucial to size the system correctly from the start. Otherwise, you might run into performance issues. Apart from that, there aren't many problems with the implementation process. The challenge mainly revolves around sizing the system correctly, especially when customers have lots of ideas that could make playbooks complex and resource-intensive. So, it is important to plan carefully in such cases. In the best-case scenario, deploying Cortex XSOAR can be done in about 30 minutes when everything is prepared and ready. However, for full integration into the customer's environment, assuming no restrictions or communication issues, it might take roughly two and a half hours.

Overall, I would rate the solution an eight out of ten. My advice to new users would be to plan ahead before implementing Cortex XSOAR. Understand your use cases well and have a solid strategy because the implementation is an ongoing process that you can always improve. Consider creating an adoption plan for what you will do this year and next year in terms of integration and use cases. Keep it user-friendly and introduce use cases gradually to your team instead of overwhelming them all at once. It's about taking steps to make it effective over time.