• Home
  • Palo Alto Networks Cortex XSOAR vs. SentinelOne Singularity Complete

Palo Alto Networks Cortex XSOAR vs SentinelOne Singularity Complete comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo
Microsoft Sentinel
Read 85 Microsoft Sentinel reviews
17,715 views|9,994 comparisons
92% willing to recommend
Palo Alto Networks Logo
Palo Alto Networks Cortex XSOAR
Read 42 Palo Alto Networks Cortex XSOAR reviews
11,001 views|6,061 comparisons
91% willing to recommend
SentinelOne Logo
SentinelOne Singularity Complete
Read 177 SentinelOne Singularity Complete reviews
35,625 views|18,180 comparisons
98% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
May 2024
Executive Summary

We performed a comparison between Palo Alto Networks Cortex XSOAR and SentinelOne Singularity Complete based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR).
To learn more, read our detailed Security Orchestration Automation and Response (SOAR) Report (Updated: May 2024).
Download the complete report
771,170 professionals have used our research since 2012.
Featured Review
Joseph Messina
Helps save us time, streamlines event investigations, and improves our visibility
Sentinel provides us with a unified set of tools for detecting, investigating, and responding to incidents. This centralized approach offers both... Read more →
ShubhamAgarwal
Drastically reduces trivial tasks inside the SOC environment
Cortex XSOAR drastically reduces trivial tasks inside the SOC environment, which provides a huge benefit for L1 analysts.
Prateek Parashar.
Helps consolidate security solutions, reduce alerts, and free up staff time
SentinelOne Singularity Complete boasts good interoperability. It has helped consolidate some of our security solutions. While the number of... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"We have no complaints about the features or functionality.""Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions.""One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service.""It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us.""The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage.""The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning.""Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment.""Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."

More Microsoft Sentinel Pros →

"Many different playbooks are available and can be customized.""Cortex XSOAR's most valuable features are the playbooks, custom integration, the machine-learning model, and the layout, classifier, and mapper.""The drag-and-drop interface enables analysts with no programming knowledge to create playbooks easily.""The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case.""It is quite scalable. I would rate it a ten out of ten.""For organizations that are stable with their security operations, like those with around 50 members in their security team running full-phased operations 24/7, Cortex is necessary.""The Palo Alto ecosystem has a marketplace offering integration with Sentinel or other products.""It is a scalable solution."

More Palo Alto Networks Cortex XSOAR Pros →

"We collect a lot of telemetry from Singularity Complete.""Having the capability to gain insights across our network, observe all our machines, and have a centralized view of what's protected and where things are is incredibly advantageous.""The most valuable aspects of SentinelOne Singularity Complete are the ease of deployment with the Sentinel Agent and the enhanced visibility with Skylight, which provides correlation of logs and all endpoint data in a centralized location.""The most valuable aspect of SentinelOne Singularity Complete is the protection it provides.""It has a one-click button that we can use to reverse all those dodgy changes made by the virus program and bring the system quickly back to what it was. That's one of the most important features.""The most valuable features are asset tracking, patching, endpoint tagging, and policy updates.""It is easy to manage and install. It has a very nice graphical interface that is very intuitive when end users are using it. You don't have to follow or read a book about 600 pages to have knowledge on how to use it. When SentinelOne is up and running, you can easily find your way.""The most valuable feature is the machine learning capability, as opposed to the traditional rule-based antivirus."

More SentinelOne Singularity Complete Pros →

Cons
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall.""They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome.""There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it.""Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter.""Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools.""The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel.""There is room for improvement in entity behavior and the integration site.""If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."

More Microsoft Sentinel Cons →

"Palo Alto Networks Cortex XSOAR lacks to offer SIEM functionalities currently.""The solution should be made a bit cheaper.""The integration could be better. Cortex, for example, does not work with iPhone.""There is room for improvement in terms of the pricing model.""Palo Alto needs to develop more AI-centric products.""I would love to see more flexibility on what we can display and design on the dashboards.""Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated.""The solution's correlation rules and playbooks should be improved."

More Palo Alto Networks Cortex XSOAR Cons →

"With respect to product patches, it should have the ability to patch directly from SentinelOne, rather than be presented with a list and have to do it separately.""SentinelOne needs to improve its endpoint deployment process.""The filtering features of the application management console could be improved.""I would appreciate seeing the browser extension react more effectively to events, going beyond mere detection.""I really haven't done enough to really see any improvements.""I would like to see something a little more sophisticated than simply being able to mark a false positive as safe or there's usually just one or two options in certain areas and they're a little rudimentary at this stage.""I would like to have a remote desktop feature added so we can remotely access our endpoints.""The SentinelOne portal is not user-friendly, which is one of its drawbacks."

More SentinelOne Singularity Complete Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "There is a perception that it is priced very high compared to other solutions."
  • "From the cost perspective, I have heard that its price is a bit high as compared to other similar products."
  • "There is a yearly license required for this solution and it is expensive."
  • "It is approx $10,000 or $20,000 per year for two user licenses."
  • "When I first looked at Demisto, it had a price tag of $250,000 but when we finally purchased it, it was $345,000."
  • "The price of Palo Alto Networks Cortex XSOAR is expensive."
  • "The price of Palo Alto Networks Cortex XSOAR is comparable to other solutions in the market."
  • "The solution is based on an annual licensing model that is expensive."

    • More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →

  • "The price is competitive, if you compare it with other solutions on the market."
  • "Spend money on the security for the endpoint."
  • "The price for it is very competitive compared to other Next Gen EPP."
  • "The per-seat cost is low, but you have to commit to a certain number of licenses for a year."
  • "The larger count you have, the deeper discount you will receive in your contract."
  • "Our licensing fees are about $5 USD per endpoint, per month."
  • "USD$6 per end point which decreases as end points increase."
  • "Pricing is a bit of a pain point. That's where we have not been able to convince all of our customers to use SentinelOne. The pricing is still on the higher side. It's almost double the price, if not more, of a normal antivirus, such as NOD32, Kaspersky, or Symantec."

    • More SentinelOne Singularity Complete Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
    See Recommendations
    771,170 professionals have used our research since 2012.
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    What do you like most about Palo Alto Networks Cortex XSOAR?
    Top Answer:The product can automate security tasks.
    Read all 30 answers   →
    What is your experience regarding pricing and costs for Palo Alto Network...
    Top Answer:Whether the product is cheap or expensive depends on the company and how much they are willing to spend on security… more »
    Read all 23 answers   →
    What needs improvement with Palo Alto Networks Cortex XSOAR?
    Top Answer:The solution is complicated to learn. Customers find it difficult to learn how the solution works. We need professionals… more »
    Read all 28 answers   →
    Cortex XDR by Palo Alto vs. Sentinel One
    Top Answer:Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks.… more »
    Read all 3 answers   →
    Which is better - SentinelOne or Darktrace?
    Top Answer:Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is… more »
    Read all 7 answers   →
    What do you like most about SentinelOne?
    Top Answer:The AI solution makes it easy for customers to detect and manage policies, as well as documents that help customers… more »
    Read all 57 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    Demisto Enterprise, Cortex XSOAR, Demisto
    Sentinel Labs, SentinelOne Singularity
    Learn More
    Microsoft
    Palo Alto Networks
    SentinelOne
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Palo Alto Networks delivers a complete solution that helps Tier-1 through Tier-3 analysts and SOC managers to optimize the entire incident life cycle while auto documenting and journaling all the evidence. More than 100+ integrations enable security orchestration workflows for incident management and other critical security operation tasks.

    Palo Alto Networks Cortex XSOAR is a piece of Security Orchestration, Automation, and Response software that redefines what it means for a program to orchestrate security in an automated manner. It is a next-generation solution that offers all of the features of dozens of siloed security operations center tools in one place. Cortex XSOAR combines case management, automation, real-time collaboration, and threat intelligence management to create a platform that can handle all aspects of system security. Teams that make use of Cortex XSOAR can expect to cut the number of issues that they will have to deal with by 75%. At the same time, the speed at which they resolve those issues that slip through will rise by 90%.

    Cortex XSOAR ensures that all of the IT and security tools that you employ function as a unified system. It does this by employing hundreds of integrations that allow you to run a wide variety of programs at once without ever worrying about them interfering with each other. These integrations are limited only by your imagination. They can be used immediately as they are, if that is what you need. However, they can also be customized according to the requirements of your system. This approach provides you with the maximum levels of both flexibility and utility.

    The model that this platform uses is based on a machine learning algorithm. The level of automation allows you to provide more than an unchanging and inflexible blanket of coverage. Cortex XSOAR takes all of the data that it gathers and uses it to expand its protective capabilities. This creates recommendations that you can use to create a threat playbook that can be deployed uniformly throughout your organization.


    Benefits of Palo Alto Networks Cortex XSOAR

    Some of Palo Alto Networks Cortex XSOAR’s benefits include:

    • The ability to have all of your data collected in a single location. Valuable time can be saved now that everything that security analysts need to know in order to diagnose and react to threats has been centralized.
    • Security operations center tasks can be automated. This allows you to assign management and analyst staff to the most essential tasks. The effectiveness of your organization will be increased, which will result in a rise in your company’s overall security and productivity.
    • Many kinds of data can be stitched together by this platform. Network, endpoint, cloud, and identity data can be combined to offer a more complete picture of the threats that are discovered.
    • Integrated threat intelligence management can notify you about threats in real time. Now you can diagnose and address issues as they arise. You can also assign values to the threats so that your resources are being used in the most effective manner possible.


    Reviews from Real Users

    Palo Alto Networks Cortex XSOAR’s centralized monitoring interface and automation are two features that help it stand out. This might help explain why one quarter of the Fortune 500 companies choose Palo Alto Networks Cortex XSOAR over the competition.

    Peerspot users note the effectiveness of these features. One user wrote, “We were looking for a single pane of glass type of solution that would allow us to physically be in one appliance - be able to work in concert with other servers that we have within our environment. We wanted orchestration and automation. The single pane of glass was the most important part.” Another noted, "The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."

    SentinelOne is a leading comprehensive enterprise-level autonomous security solution that is very popular in today’s marketplace. SentinelOne will ensure that today’s aggressive dynamic enterprises are able to defend themselves more rapidly, at any scale, and with improved precision, by providing comprehensive, thorough security across the entire organizational threat surface.

    SentinelOne makes keeping your infrastructure safe and secure easy and affordable. They offer several tiered levels of security and varied payment options. SentinelOne works well with Linux, Windows, and MacOS, and can successfully support legacy infrastructures as well as the newer popular environments, including the latest operating systems. The single pane of glass management will save time and money by reducing manpower and ensuring comprehensive security protection of all your endpoints locally and worldwide.

    SentinelOne offers intensive training and support to meet every organization’s unique business needs.

    SentinelOne's levels of services and support include, but are not limited to:

    SentinelOne GO is a guided 90-day onboarding service to ensure successful deployment and success. It assists with the deployment planning and overview, initial user setup, and product overviews. It provides ongoing training and advisory meetings, ensuring that everything is set up correctly and that your team understands the appropriate protocols to ensure success.

    SentinelOne offers multi-tiered support based on your organizational needs from small business to enterprise, using their Designed Technical Account Management (TAM). They have support for every business level: Standard, Enterprise, and Enterprise Pro. SentinelOne is always available to ensure that you and your organization work together to minimize the risk of downtime and any threat exposure.

    Threat Hunting & Response Services

    Support for threat hunting and response include Watch Tower, Watch Tower Pro, Vigilance Respond, and Vigilance Respond Pro. Each of these services builds on the other, progressively adding features based on your organizational needs.

    Watch Tower: This is the entry-level plan and includes: Active campaign hunting and cyber crime alerts and course correction for potential threats, access to the Monthly Hunting & Intelligence Digest.

    Watch Tower Pro: Includes everything in WatchTower and customized threat hunting for all current & historical threats, unlimited access to Signal Hunting Library of Pre-Built Queries, Incident-Based Triage and Hunting, continuous customer service, followup and reporting, a Security Assessment, and quarterly Cadence meetings.

    Vigilance Respond: Includes all of the features of Watch Tower in addition to a security assessment and Cadence meetings, which are on-demand. Provides the features of Watch Tower Pro in addition to 24x7x365 monitoring, triage, and response.

    Vigilance Respond Pro: Includes all of the features of the above options, including a security assessment and quarterly cadence meeting as well as a complete digital forensic investigation and malware analysis.

    Reviews from Real Users

    Jeff D. who is an Operations Manager at Proton Dealership IT, tells us that "The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind."

    "The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring." relates Rae J., Director IR and MDR at a tech services company.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity
    Havas, Flex, Estee Lauder, McKesson, Norfolk Southern, JetBlue, Norwegian airlines, TGI Friday, AVX, Fim Bank
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Comms Service Provider8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm20%
    Educational Organization15%
    Retailer10%
    Security Firm10%
    VISITORS READING REVIEWS
    Financial Services Firm12%
    Computer Software Company12%
    Government9%
    Manufacturing Company8%
    REVIEWERS
    Manufacturing Company16%
    Computer Software Company10%
    Financial Services Firm9%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Manufacturing Company6%
    Government6%
    Financial Services Firm6%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business36%
    Midsize Enterprise18%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise14%
    Large Enterprise65%
    REVIEWERS
    Small Business40%
    Midsize Enterprise23%
    Large Enterprise37%
    VISITORS READING REVIEWS
    Small Business35%
    Midsize Enterprise19%
    Large Enterprise46%
    Buyer's Guide
    Security Orchestration Automation and Response (SOAR)
    May 2024
    Download Free Report
    Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: May 2024.
    DOWNLOAD NOW
    771,170 professionals have used our research since 2012.

    Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while SentinelOne Singularity Complete is ranked 2nd in Endpoint Detection and Response (EDR) with 177 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while SentinelOne Singularity Complete is rated 8.8. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of SentinelOne Singularity Complete writes "Provides peace of mind and is good at ingesting data and correlating". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient, whereas SentinelOne Singularity Complete is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, ThreatLocker Protect and Datto Endpoint Detection and Response (EDR).

    We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.