We performed a comparison between Palo Alto Networks Cortex XSOAR and SentinelOne Singularity Complete based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"Free ingestion for Azure logs (with E5 licence)"
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"It has a lot of great features."
"I have found the solution very useful, it integrates well with other platforms."
"I chose Cortex XSOAR because the client also has Palo Alto firewalls. I can incorporate the data from the Palo Alto firewalls into Cortex and send it into the same data lake to manipulate that data. It lets me manage and monitor the data in one place."
"We use the solution to automate our SIEM tools and incidents."
"It is a scalable solution. I would rate scalability a ten out of ten."
"The solution provides threat intelligence with EDR."
"It has an extensive list of integrations that are available out of the box which makes it easy to start."
"It’s easy to install."
"The most valuable feature is automation."
"The most valuable features include the agent installation and update processes."
"The tool saves 50% of the staff's time."
"The solution offers excellent detection and integration capabilities."
"The best thing is it has a secure shell command that you can use to get into any endpoint and do some jobs."
"They provide a map, a process tree, and that is pretty good for analysis."
"Their platform is really easy to work with."
"SentinelOne is very lightweight. It doesn’t consume much memory of endpoints. Endpoints don't hang, and machine performance doesn’t get impacted. Their technical support is also very nice."
"The external drive scanning is great."
"The solution could improve the playbooks."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"XSOAR could have more integration options."
"The integration could be better. Cortex, for example, does not work with iPhone."
"It is been decommissioned by Palo Alto."
"Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated."
"There is room for improvement in support. The response time could be faster."
"I think they should increase their collaboration base."
"They should provide integration with machine learning platforms."
"The configuration of the solution could improve it is difficult."
"The most difficult part of using Singularity Complete is logging in, as they often update the management console."
"There should be more integration models with different security operations tools or soft tools."
"The reporting needs improvement and I would like to see a more granular level of administrative privileges."
"The training for SentinelOne Singularity should be free. The solution has a lot of features but we do not know how to use them all. The moment someone purchases the solution they should contact them and provide them with a feature session on how to use the features."
"I would like to see a better control panel for the managed service side of it."
"There is not much focus on the on-premise solution as the license cap is so huge for small and medium-sized institutions."
"Their CASB tool needs to mature. I think there are some CASB vendors out there that have a dashboard tool that's much more mature than SentinelOne. That would be the only constructive criticism that I have."
"I would like to see something a little more sophisticated than simply being able to mark a false positive as safe or there's usually just one or two options in certain areas and they're a little rudimentary at this stage."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
More SentinelOne Singularity Complete Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while SentinelOne Singularity Complete is ranked 2nd in Endpoint Detection and Response (EDR) with 177 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while SentinelOne Singularity Complete is rated 8.8. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of SentinelOne Singularity Complete writes "Provides peace of mind and is good at ingesting data and correlating". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, ServiceNow Security Operations and Swimlane, whereas SentinelOne Singularity Complete is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, ThreatLocker Protect and Datto Endpoint Detection and Response (EDR).
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.