We performed a comparison between Microsoft Sentinel and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"It has a lot of great features."
"Log aggregation and data connectors are the most valuable features."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"I have no complaints about Cortex's stability."
"The drag-and-drop interface enables analysts with no programming knowledge to create playbooks easily."
"The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features"
"They have a portal where you can find any kind of integration that you need."
"The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
"Its agility and scalability are valuable."
"I have found the solution very useful, it integrates well with other platforms."
"It is a scalable solution."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"It doesn't offer automatic internet reports out of the box."
"The solution's technical support could be better."
"There should be an on-premise version available for customers to have different choices."
"The configuration of the solution could improve it is difficult."
"It's only one cloud right now. It might be helpful for some companies to have an on-premies option."
"The user interface could be a bit better."
"The solution is very expensive."
"The dashboard could be better."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Microsoft Sentinel is ranked 1st in Security Orchestration Automation and Response (SOAR) with 85 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. Microsoft Sentinel is rated 8.2, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Microsoft Purview Data Governance, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient. See our Microsoft Sentinel vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.