Palo Alto Networks Cortex XSOAR Reviews

Our clients use it in our managed service platform, in our cloud. We also provide solutions to our clients on Service Cloud and XDR.

The advanced security capabilities and the automation available with the solution are the most valuable solution. Moreover, the scalability and ease of management are additional benefits.

There is room for improvement in terms of the pricing model. 

We've been selling and working with it for eight years.

It is a stable solution. I would rate stability a ten out of ten. 

It is a scalable solution. I would rate scalability a ten out of ten. Our clients are enterprise businesses. 

The customer support is good. 

Positive

Since we handled the installation ourselves in our environment, it's really easy for us to install.

It may not be the easiest installation, especially when configuring agents with specific functionalities. But the initial setup is relatively easy. Maintenance is ongoing. It's always required to ensure the system runs smoothly.

The deployment process really depends on the client. It varies based on the complexity of the deployment. Each time is different. It could take anywhere from a few days to a week.

We probably have around six people involved in the process. When it comes to setup, it's all about proper planning and understanding the client's specific needs and requirements for the service.

I would rate pricing a seven out of ten, where one is a low price, and ten is a high price. We use the annual subscription. There are no additional costs.

I would advise them to explore the extensive features it offers in terms of organization and remediation. It's important to consider its seamless integration with other platforms and the wide range of services and products provided by the company.

Overall, I would rate the solution a nine out of ten because the product offers a comprehensive network and cloud solution. We can provide clients with a complete end-to-end solution through a single vendor.

It is a help desk ticketing tool. It's a sought platform, however, it is just a help desk ticketing tool.

It was useful as a ticketing tool. However, it's been discontinued. 

It doesn't have any integrations. It lacks multiple integrations. 

It is been decommissioned by Palo Alto. There's no more trying to support it. There will be no more additional items added.

The initial setup was complex.

I've been using the solution for a year or more. 

The stability is not there. 

I'm not sure how scalable the solution is.

I can't speak to technical support's capabilities. I don't have much experience with them. 

The setup has a bit of complexity. I'd rate the complexity five out of five. 

I'm not sure how long the deployment took.

We were a reseller. 

I'm not sure which version of the solution we're using. It might be behind a version or two. Demisto has been purchased by Palo Alto. There's a difference in versions between the organizations. The latest version is not defined by the organization.

Potential users should not purchase this product. They decommissioned the product, and it is now at end of life. 

I'd rate the solution three out of ten. It was sold to another company and decommissioned. 

XSOAR is the cherry on top of Cortex XDR. It provides you with the ability to make a lot of response actions to your incidents. Cortex XDR is collecting an incident, and Cortex XSOAR is providing you the ability to remediate it.

When the customers need the ability to remediate incidents, for example, antivirus or network security issues, some SIEM solution, et cetera, yet need to integrate everything, they can use the power of the platform without needing different solutions. Cortex XSOAR will give you the ability to integrate

For example, if some endpoint was infected in your infrastructure, you need to do something about that. XSOAR provides you the ability to understand how that endpoint was infected and to do something with that. 

Cortex XSOAR will go to the firewall and block the IP address of this endpoint. Cortex XSOAR will go to the domain and disable the user as well. Then it will go to some other solution and will do something there. It is a variety of actions based on the incidents. 

It is pretty modern. 

It has a lot of integrations. They have a portal where you can find any kind of integration that you need. The ability to integrate with third-party vendors and solutions is great. 

They have a big amount of playbooks. These are a set of actions that you need to perform based on some exact incident. For example, if you find malware, you will need to block an endpoint. If you find a botnet that is connecting to your infrastructure, you will need to block this botnet on the firewall. This set of playbooks that XSOAR already has inside it is really huge, and it is also great for a lot of informational security or managers and engineers that can just choose what they need and not have to create anything from the scratch.

The initial setup is straightforward. 

Nothing needs to be changed. It is a part of Cortex inside Palo Alto Networks. If you want to get all the benefits, you will need the Cortex XDR, then you will need to get Cortex XSOAR. It's like a brother and sister, and they will give you a lot of benefits if you integrate them. 

It's only one cloud right now. It might be helpful for some companies to have an on-premies option. 

I've been using the solution for a few months. It hasn't really been that long. 

As a cloud, it is really stable. All that you need to do is to provide a stable internet connection. That's all. Even without the internet connection, it still works, however, without the heart of the system, which is based in the cloud.

The solution is scalable. You have the ability to start from a small number of agents and go to any number of agents. Likely, small businesses will not need such a solution, however, if they will need it, and they need to grow, it can scale really well for them - so long as they have the money.

You get the same support you would get from Palo Alto Networks. It's the same support portal. You get really quick answers and nice instructions. The best practices they share with us are great.

The solution is on the cloud. You just have an agent on-premises, and all of the brains are in the cloud.

It is really straightforward, as it is a cloud deployment. You just need an agent, therefore, the basic deployment will be really straightforward, and it will take only maybe one hour or two. If you have thousands of endpoints, maybe it will take more time. That said, it is really is straightforward.

I can't speak to the exact cost of the solution. 

I'd recommend the solution.

I would rate it ten out of ten.

We are using this solution to have a completely organized SOC from a list of devices in our environment. We are able to manage all of our devices, such as firewalls and endpoint protection solutions.

The most valuable features are the orchestration because of the way in which it coordinates the loss from all the devices and it provides us with a high-level overview of the critical log information. Additionally, this solution integrates very well, we have integrated a Palo Alto firewall and everything is working perfectly.

There should be an on-premise version available for customers to have different choices.

I have been using this solution for approximately one year.

The solution is very reliable because it is on the cloud.

The solution is scalable. We have already approximately 200 devices deployed into the cloud and we are planning to increase usage in the future. We have approximately 600 employees using this solution in my organization and the solution has been completely coordinating the logs of all these users well.

The technical support is satisfactory. If we need any clarification or faced any issues we have been in contact with the support. However, there is room for improvement.

The solution is easy to deploy and manage.

There is a yearly license required for this solution and it is expensive.

We have evaluated other solutions but they do not compare with the number of features this solution provides. There is a wide range of features in this solution.

I would recommend this solution to those that already have a SOC or a NOC. It will enhance their logs and XSOAR will handle their internet activities. 

If they are not involved with SOCs or NOCs then I do not think they require this solution.

I rate Palo Alto Networks Cortex XSOAR an eight out of ten.

We primarily use the solution for automation and the orchestration of security.

We've only just installed the solution and need time to explore its functionality and capabilities. So far, we haven't experienced any issues.

The stability has been good overall.

The initial implementation wasn't overly complex. It was easy.

The pricing is very good.

Technical support is helpful and responsive.

Although we haven't used the solution for too long, we haven't come across any issues and haven't noticed any features that are lacking. We're largely satisfied with the offering. 

The user interface could be a bit better. It's the only aspect I've noticed that could possibly be improved. 

Other than that, we've been pretty happy with it.

We've just implemented the solution. We've only been using it for a few weeks. It hasn't been too long just yet.

So far, we have found the stability to be very reliable. There are no bugs or glitches. It doesn't crash or freeze. The performance, in the few weeks we've used it, has been good.

Technical support has been helpful so far. They are knowledgeable and responsive and we've been very satisfied with their level of support.

The installation was very straightforward. It only took about a day. Not even that long. The deployment was fast. A company shouldn't have run into any issues with the initial setup.

I was able to handle the implementation myself. I did not need the assistance of an integrator or consultant.

We've found the pricing to be very reasonable. It's not particularly expensive.

The customers do not have to pay for licensing; we deliver it for free.

We have the solution integrated into our QRadar.

In the time we've used it, from what I've experienced, I'd rate the product at an eight out of ten. We've had a very positive experience.

I would recommend the solution to other companies.

The use cases basically came from the customers. Most of the time, the major concern is from a security perspective because various kinds of attacks are happening. To restrict or stop those attacks, we are building playbooks. We are also automating repetitive tasks.

We are using on-premise as well as cloud deployments.

The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work.

For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else.

In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added.

I have been working on this solution for the last four months.

Its stability is okay.

It is very scalable. It can be easily integrated with other third-party APIs.

Their technical support is awesome. It is far better than the technical support of any other company.

The setup is very easy. It is very straightforward. The deployment took around 15 minutes.

From the cost perspective, I have heard that its price is a bit high as compared to other similar products.

For each SOC and MSS environment, I would recommend using Cortex XSOAR for better productivity, scalability, performance, and efficiency. A lot of manual work is happening right now, and that could be avoided. People can be utilized for more productive work.

I would rate Palo Alto Network Cortex XSOAR an eight out of ten.

We are a solution provider and this is one of the products that we are selling to our clients.

The most valuable features are simplicity and ease of integration.

The documentation is fantastic.

Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners.

It has to be richer with respect to IoT. I expect that in future versions, support for a variety of devices will be added.

We have about two months of experience with Demisto Enterprise.

This is a stable solution.

My impression is that Demisto is scalable and it is capable of working across wide geography at any given point in time. The traffic comes in from everywhere in the world and this solution is able to identify threats ahead of time.

Our clients for this solution are medium-sized and enterprise-level businesses.

The initial setup of this solution is complex. My understanding is that it can be deployed within a few days.

There is a perception that it is priced very high compared to other solutions.

Demisto is a product that I recommend.

I would rate this solution an eight out of ten.

I am satisfied with the product overall.

The solution’s price and technical support could be improved.

I would recommend Palo Alto Networks Cortex XSOAR for bigger businesses.

It is the kind of product I would recommend for clients who know what they want to achieve. They can put the potential tools to the test or POCs and verify the checkpoints of their needs before using the product. Palo Alto Networks Cortex XSOAR is not an out-of-the-box kind of product.

Overall, I rate the solution a seven out of ten.