We performed a comparison between IBM Security QRadar and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Free ingestion for Azure logs (with E5 licence)"
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"Sentinel pricing is good"
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"IBM QRadar Advisor with Watson is a stable solution."
"The interface is good."
"The ability to add extensions is the most valuable feature. For example, extensions that provide valuable test ports."
"IBM QRadar User Behavior Analytics has easy architecture, has a good portfolio and integration."
"Most valuable features include the granularity of information."
"There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson. It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS."
"No doubt about it, the solution is extremely stable."
"Technical support is good overall."
"The most valuable feature is its capability to automate responses and collect information for any security event before you even delve into the details. It's a vast product with an active roadmap, so I'm satisfied with it for now. It's very efficient at data collection and correlation."
"The product can automate security tasks."
"It is a scalable solution."
"From the security team's standpoint, the solution has improved our organization's overall cybersecurity."
"The Palo Alto ecosystem has a marketplace offering integration with Sentinel or other products."
"The most valuable features are the orchestration because of the way in which it coordinates the loss from all the devices and it provides us with a high-level overview of the critical log information."
"The most valuable features are simplicity and ease of integration."
"For organizations that are stable with their security operations, like those with around 50 members in their security team running full-phased operations 24/7, Cortex is necessary."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"The only thing is sometimes you can have a false positive."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The troubleshooting has room for improvement."
"QRadar needs to be more specialized, along the lines of what other SIEM solutions are."
"The AI engine could be smarter."
"There needs to be better integration with other applications."
"The solution could improve by having more out-of-the-box use cases."
"The solution should include remote action capabilities."
"There is room for improvement in IBM QRadar in integrating features for SOC maturity and security levels directly into QRadar."
"I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things."
"The tech support is not that good."
"The formats are not compatible, are readily not available, and are not readable."
"We need a little hands-on experience to install the solution."
"Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs."
"There should be an on-premise version available for customers to have different choices."
"The dashboard could be better."
"There is room for improvement in support. The response time could be faster."
"Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations."
"The configuration of the solution could improve it is difficult."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
IBM Security QRadar is ranked 4th in Security Orchestration Automation and Response (SOAR) with 198 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. IBM Security QRadar is rated 8.0, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient. See our IBM Security QRadar vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.