SOC Operator at a tech services company with 11-50 employees
Real User
Top 10
2024-11-20T16:33:00Z
Nov 20, 2024
The price of the solution could be lower. Companies utilizing this solution should have a well-developed cybersecurity team to maximize its benefits. It is more suited for large organizations rather than small or medium-sized companies.
Recently, they started implementing microservices in XSOAR, which has improved quality and addressed previous issues. However, they should focus more on licensing costs. The user licensing fees are quite high. For example, I received a quote for XSOAR, and it was $12,000 per user per year. If you have a SOC team of 30 members/analysts, you're looking at a substantial expense. They should consider reducing these costs since this high pricing seems to be more about profit. So, there is room for improvement in the pricing. Moreover, the reporting and dashboard features are decent but could be improved. The user interface (UI) is quite heavy and takes time to load, which is a major drawback.
The solution is complicated to learn. Customers find it difficult to learn how the solution works. We need professionals to learn and understand how the tool works to expand it further. Our customers want to see more use cases. They want to have more facilitations and more visibility on how it works. We need more skilled people inside and outside the team to understand how it works. It’s difficult to find skilled people to understand how the tool works.
Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
One limitation I have noticed with Cortex XSOAR is that it doesn't offer automatic threat intel reports out of the box. However, you can achieve this through coding, and we have managed to do it in our own environment using scripts and playbooks. It is not a built-in feature, but it is possible with some coding skills. The good news is that Palo Alto Networks plans to make this process more automated in the future, but it is not available yet.
Network and Information Security at HCL Technologies
Real User
Top 20
2023-04-07T06:05:53Z
Apr 7, 2023
The dashboard performance could be improved. Another area of improvement is a support team. Moreover, we need to pay for modifying anything with scripting in terms of customization. It can be a challenge if the person isn't 100% good with scripting.
Head of Security Monitoring and Control at Alstom Ferroviaria S.p.A.
Real User
2022-11-14T11:17:12Z
Nov 14, 2022
Customization and performance can be improved. For example, some formats were incompatible when integrating, and they said we needed to work with the vendor to fix this issue because some logs that AVA logs were not compatible, and it did not readily recognize the format. Most of the time, I heard this as feedback. The formats are not compatible, are readily not available, and are not readable. Then we had to work it and write it manually.
Integrations with other applications are challenging and need to be improved. Reports or issues are often duplicated. The solution requires DV but does not support open-source DV elastic searches.
I would like to see Cortex become less dependent on Active Directory and group policies to manage the deployment. Maybe I need to update my understanding of how to deploy it, but that's the way I know how to use it. That makes it somewhat challenging to deploy Cortex where not every client is part of the directory. I've also had some problems with the update process, and it's failed two or three times.
Nothing needs to be changed. It is a part of Cortex inside Palo Alto Networks. If you want to get all the benefits, you will need the Cortex XDR, then you will need to get Cortex XSOAR. It's like a brother and sister, and they will give you a lot of benefits if you integrate them. It's only one cloud right now. It might be helpful for some companies to have an on-premies option.
Deputy Vice President at a financial services firm with 10,001+ employees
Reseller
2022-07-19T10:42:00Z
Jul 19, 2022
It doesn't have any integrations. It lacks multiple integrations. It is been decommissioned by Palo Alto. There's no more trying to support it. There will be no more additional items added. The initial setup was complex.
IT Operations Deputy Manager at Ultramar Agencia MarĂtima
Real User
2022-06-01T06:53:35Z
Jun 1, 2022
Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated.
Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations. In the next release, Palo Alto should include popup features - for example, if someone is working on an incident, it should pop up and display in front of me once it's clicked.
Cybersecurity Cyber Crime Infrastructure Engineer & Investigator at a government with 5,001-10,000 employees
Real User
2021-11-11T20:34:00Z
Nov 11, 2021
In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening. From an analyst perspective, it's not that hard to use. From a developer, it takes a little while in order to get to understand exactly how one would go about creating a playbook. The automation part is not that hard. It's relatively easy. It's just creating the flowchart.
We'd like to be able to add as many integrations as possible. We would like more options for our clients. A few times, I have noticed some bugs. That may be due to the fact that they are consistently upgrading the product. With new releases, a few bugs might get through. The solution is expensive. They should work to make it less costly for the customer.
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees
MSP
2021-04-16T12:03:35Z
Apr 16, 2021
Although we haven't used the solution for too long, we haven't come across any issues and haven't noticed any features that are lacking. We're largely satisfied with the offering. The user interface could be a bit better. It's the only aspect I've noticed that could possibly be improved. Other than that, we've been pretty happy with it.
Network Security Engineer at a tech services company with 201-500 employees
Real User
2020-11-04T15:41:37Z
Nov 4, 2020
For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added.
Director at a tech services company with 11-50 employees
Reseller
2020-04-23T10:13:36Z
Apr 23, 2020
Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners. It has to be richer with respect to IoT. I expect that in future versions, support for a variety of devices will be added.
Palo Alto Networks delivers a complete solution that helps Tier-1 through Tier-3 analysts and SOC managers to optimize the entire incident life cycle while auto documenting and journaling all the evidence. More than 100+ integrations enable security orchestration workflows for incident management and other critical security operation tasks.
Palo Alto Networks Cortex XSOAR is a piece of Security Orchestration, Automation, and Response software that redefines what it means for a program to...
The price of the solution could be lower. Companies utilizing this solution should have a well-developed cybersecurity team to maximize its benefits. It is more suited for large organizations rather than small or medium-sized companies.
Creating complex playbooks using coding languages, such as Python, could be easier. Sometimes the process becomes tedious and requires manual tasks.
Recently, they started implementing microservices in XSOAR, which has improved quality and addressed previous issues. However, they should focus more on licensing costs. The user licensing fees are quite high. For example, I received a quote for XSOAR, and it was $12,000 per user per year. If you have a SOC team of 30 members/analysts, you're looking at a substantial expense. They should consider reducing these costs since this high pricing seems to be more about profit. So, there is room for improvement in the pricing. Moreover, the reporting and dashboard features are decent but could be improved. The user interface (UI) is quite heavy and takes time to load, which is a major drawback.
The solution is complicated to learn. Customers find it difficult to learn how the solution works. We need professionals to learn and understand how the tool works to expand it further. Our customers want to see more use cases. They want to have more facilitations and more visibility on how it works. We need more skilled people inside and outside the team to understand how it works. It’s difficult to find skilled people to understand how the tool works.
Palo Alto needs to develop more AI-centric products. Also, the price could be cheaper. It doesn’t have infinite connectors.
There is room for improvement in support. The response time could be faster.
The tool’s multi-tenancy feature must be improved. The user interface must be made a little bit easier.
One limitation I have noticed with Cortex XSOAR is that it doesn't offer automatic threat intel reports out of the box. However, you can achieve this through coding, and we have managed to do it in our own environment using scripts and playbooks. It is not a built-in feature, but it is possible with some coding skills. The good news is that Palo Alto Networks plans to make this process more automated in the future, but it is not available yet.
The dashboard could be better.
The price of the solution could be improved.
The solution's features for reporting and dashboards need improvement. They need more customization options.
The solution should be made a bit cheaper.
The solution's integration with non-security solutions will be helpful.
The dashboard performance could be improved. Another area of improvement is a support team. Moreover, we need to pay for modifying anything with scripting in terms of customization. It can be a challenge if the person isn't 100% good with scripting.
Customization and performance can be improved. For example, some formats were incompatible when integrating, and they said we needed to work with the vendor to fix this issue because some logs that AVA logs were not compatible, and it did not readily recognize the format. Most of the time, I heard this as feedback. The formats are not compatible, are readily not available, and are not readable. Then we had to work it and write it manually.
Integrations with other applications are challenging and need to be improved. Reports or issues are often duplicated. The solution requires DV but does not support open-source DV elastic searches.
I would like to see Cortex become less dependent on Active Directory and group policies to manage the deployment. Maybe I need to update my understanding of how to deploy it, but that's the way I know how to use it. That makes it somewhat challenging to deploy Cortex where not every client is part of the directory. I've also had some problems with the update process, and it's failed two or three times.
I think they should increase their collaboration base so that XSOAR can be utilized for any number of automation.
Nothing needs to be changed. It is a part of Cortex inside Palo Alto Networks. If you want to get all the benefits, you will need the Cortex XDR, then you will need to get Cortex XSOAR. It's like a brother and sister, and they will give you a lot of benefits if you integrate them. It's only one cloud right now. It might be helpful for some companies to have an on-premies option.
It doesn't have any integrations. It lacks multiple integrations. It is been decommissioned by Palo Alto. There's no more trying to support it. There will be no more additional items added. The initial setup was complex.
The stability could be better. The integration could be better. Cortex, for example, does not work with iPhone.
Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated.
Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations. In the next release, Palo Alto should include popup features - for example, if someone is working on an incident, it should pop up and display in front of me once it's clicked.
In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening. From an analyst perspective, it's not that hard to use. From a developer, it takes a little while in order to get to understand exactly how one would go about creating a playbook. The automation part is not that hard. It's relatively easy. It's just creating the flowchart.
I would love to see more flexibility on what we can display and design on the dashboards.
The solution is very expensive. They would get more clients if it wasn't so pricey.
There should be an on-premise version available for customers to have different choices.
We'd like to be able to add as many integrations as possible. We would like more options for our clients. A few times, I have noticed some bugs. That may be due to the fact that they are consistently upgrading the product. With new releases, a few bugs might get through. The solution is expensive. They should work to make it less costly for the customer.
Although we haven't used the solution for too long, we haven't come across any issues and haven't noticed any features that are lacking. We're largely satisfied with the offering. The user interface could be a bit better. It's the only aspect I've noticed that could possibly be improved. Other than that, we've been pretty happy with it.
For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added.
Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners. It has to be richer with respect to IoT. I expect that in future versions, support for a variety of devices will be added.