We performed a comparison between Palo Alto Networks Cortez XSOAR and Splunk Phantom based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both solutions come across as reliable and powerful products. Cortex does slightly better in the Pricing category, however.
"Sentinel pricing is good"
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"It has basic out-of-the-box integrations with multiple log sources."
"The initial setup is very simple and straightforward."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"It is a scalable solution. I would rate scalability a ten out of ten."
"It is a scalable solution."
"Cortex XSOAR's most valuable features are the playbooks, custom integration, the machine-learning model, and the layout, classifier, and mapper."
"The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features"
"The automation is excellent."
"It is a scalable solution."
"It’s easy to install."
"Palo Alto has gotten the investigators more presence to actually go in the report because being that the platform will email the investigator that it's been assigned to, now the investigators will jump in there and start going through the review process a lot quicker."
"The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"Splunk SOAR's quick response to incidents is the most valuable part."
"The automation part of the product is great."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful."
"It helps increase efficiency and productivity."
"Scalability is the best feature of the solution."
"The product can be improved by reducing the cost to use AI machine learning."
"We'd like also a better ticketing system, which is older."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The AI capabilities must be improved."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"The user interface could be a bit better."
"The solution's correlation rules and playbooks should be improved."
"Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated."
"The solution is complicated to learn."
"I think they should increase their collaboration base."
"Its dashboard features need improvement."
"Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly."
"The solution’s price and technical support could be improved."
"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."
"And most of the challenges that I have faced with the solution can be found in the documentation itself."
"The cost of Splunk SOAR has room for improvement."
"The scalability could be better."
"Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers."
"Splunk's support for integration is subpar and has room for improvement."
"Some of the training materials are on a basic level."
"The algorithm and machine learning have room for improvement and can be more user-friendly."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while Splunk SOAR is rated 8.0. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Fortinet FortiSOAR, Swimlane, IBM Resilient and ServiceNow Security Operations, whereas Splunk SOAR is most compared with Cortex XSIAM, ServiceNow Security Operations, Torq, Tines and Cisco SecureX. See our Palo Alto Networks Cortex XSOAR vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I would recommend CyberSponse. There is a reason why CyberSponse have been awarded Government and Military contracts over all the competition! Commerical customers need the same power and capability, why settle for anything less!