We performed a comparison between Palo Alto Networks Cortex XSOAR and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The solution provides threat intelligence with EDR."
"The product is quite easy to use."
"The most valuable feature is its capability to automate responses and collect information for any security event before you even delve into the details. It's a vast product with an active roadmap, so I'm satisfied with it for now. It's very efficient at data collection and correlation."
"From the security team's standpoint, the solution has improved our organization's overall cybersecurity."
"The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case."
"They have a portal where you can find any kind of integration that you need."
"The most valuable features are simplicity and ease of integration."
"The automation is excellent."
"Sumo Logic Security is a good solution for searching the logs and identifying the issues."
"It helps a lot because we can troubleshoot issues pretty easily."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"Support has been excellent. Sumo Logic's support staff is really good, both their account management staff and direct support."
"For many of our services, we use Sumo Logic to track errors and send notifications to our Slack channel, if there are issues. Then, we have our support people monitoring this, and they can react quickly."
"We can integrate threat intelligence solutions into the product."
"The solution is quite stable."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The troubleshooting has room for improvement."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The solution could be more user-friendly; some query languages are required to operate it."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Palo Alto needs to develop more AI-centric products."
"XSOAR could have more integration options."
"The configuration of the solution could improve it is difficult."
"I would like to see Cortex become less dependent on Active Directory and group policies to manage the deployment. Maybe I need to update my understanding of how to deploy it, but that's the way I know how to use it."
"The solution's technical support could be better."
"When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot."
"The formats are not compatible, are readily not available, and are not readable."
"We need a little hands-on experience to install the solution."
"It would be nice to have an improved ability to scroll through logs within a time frame. Right now, we can search for specific errors. However, if we want to look for "before and after" within a specific time frame, it's not easy using the tool. This would be an improvement."
"There are some API gaps that are missing."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."
"I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial."
"The solution should improve its UI."
"Sumo Logic Security is expensive, and its pricing could be improved."
"It took a bit of trial and error to get it set up correctly based on everything we had to do. In the end, we had to send everything over HTTP, which was sort of a stop-gap."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while Sumo Logic Security is ranked 11th in Security Orchestration Automation and Response (SOAR) with 18 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while Sumo Logic Security is rated 8.6. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and ServiceNow Security Operations, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security, Google Chronicle Suite and Grafana Loki. See our Palo Alto Networks Cortex XSOAR vs. Sumo Logic Security report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
