What needs improvement with Palo Alto Networks Cortex XSOAR?

Creating complex playbooks using coding languages, such as Python, could be easier. Sometimes the process becomes tedious and requires manual tasks.

Recently, they started implementing microservices in XSOAR, which has improved quality and addressed previous issues. However, they should focus more on licensing costs. The user licensing fees are quite high. For example, I received a quote for XSOAR, and it was $12,000 per user per year. If you have a SOC team of 30 members/analysts, you're looking at a substantial expense. They should consider reducing these costs since this high pricing seems to be more about profit. So, there is room for improvement in the pricing. Moreover, the reporting and dashboard features are decent but could be improved. The user interface (UI) is quite heavy and takes time to load, which is a major drawback.

The solution is complicated to learn. Customers find it difficult to learn how the solution works. We need professionals to learn and understand how the tool works to expand it further. Our customers want to see more use cases. They want to have more facilitations and more visibility on how it works. We need more skilled people inside and outside the team to understand how it works. It’s difficult to find skilled people to understand how the tool works.

Palo Alto needs to develop more AI-centric products. Also, the price could be cheaper. It doesn’t have infinite connectors.

There is room for improvement in support. The response time could be faster.

The tool’s multi-tenancy feature must be improved. The user interface must be made a little bit easier.

One limitation I have noticed with Cortex XSOAR is that it doesn't offer automatic threat intel reports out of the box. However, you can achieve this through coding, and we have managed to do it in our own environment using scripts and playbooks. It is not a built-in feature, but it is possible with some coding skills. The good news is that Palo Alto Networks plans to make this process more automated in the future, but it is not available yet.

The dashboard could be better.

The price of the solution could be improved.

The solution's features for reporting and dashboards need improvement. They need more customization options.

The solution should be made a bit cheaper.

The solution's integration with non-security solutions will be helpful.

The dashboard performance could be improved. Another area of improvement is a support team. Moreover, we need to pay for modifying anything with scripting in terms of customization. It can be a challenge if the person isn't 100% good with scripting.

Customization and performance can be improved. For example, some formats were incompatible when integrating, and they said we needed to work with the vendor to fix this issue because some logs that AVA logs were not compatible, and it did not readily recognize the format. Most of the time, I heard this as feedback. The formats are not compatible, are readily not available, and are not readable. Then we had to work it and write it manually.

Integrations with other applications are challenging and need to be improved. Reports or issues are often duplicated. The solution requires DV but does not support open-source DV elastic searches.

I would like to see Cortex become less dependent on Active Directory and group policies to manage the deployment. Maybe I need to update my understanding of how to deploy it, but that's the way I know how to use it. That makes it somewhat challenging to deploy Cortex where not every client is part of the directory. I've also had some problems with the update process, and it's failed two or three times.

I think they should increase their collaboration base so that XSOAR can be utilized for any number of automation.

Nothing needs to be changed. It is a part of Cortex inside Palo Alto Networks. If you want to get all the benefits, you will need the Cortex XDR, then you will need to get Cortex XSOAR. It's like a brother and sister, and they will give you a lot of benefits if you integrate them. It's only one cloud right now. It might be helpful for some companies to have an on-premies option.

It doesn't have any integrations. It lacks multiple integrations. It is been decommissioned by Palo Alto. There's no more trying to support it. There will be no more additional items added. The initial setup was complex.

The stability could be better. The integration could be better. Cortex, for example, does not work with iPhone.

Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated.

Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations. In the next release, Palo Alto should include popup features - for example, if someone is working on an incident, it should pop up and display in front of me once it's clicked.

In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening. From an analyst perspective, it's not that hard to use. From a developer, it takes a little while in order to get to understand exactly how one would go about creating a playbook. The automation part is not that hard. It's relatively easy. It's just creating the flowchart.

I would love to see more flexibility on what we can display and design on the dashboards.

The solution is very expensive. They would get more clients if it wasn't so pricey.

There should be an on-premise version available for customers to have different choices.

We'd like to be able to add as many integrations as possible. We would like more options for our clients. A few times, I have noticed some bugs. That may be due to the fact that they are consistently upgrading the product. With new releases, a few bugs might get through. The solution is expensive. They should work to make it less costly for the customer.

Although we haven't used the solution for too long, we haven't come across any issues and haven't noticed any features that are lacking. We're largely satisfied with the offering. The user interface could be a bit better. It's the only aspect I've noticed that could possibly be improved. Other than that, we've been pretty happy with it.

For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added.

Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners. It has to be richer with respect to IoT. I expect that in future versions, support for a variety of devices will be added.