We performed a comparison between IBM Security QRadar and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's pretty powerful and its performance is pretty good."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"Sentinel pricing is good"
"The most valuable feature is the DSM Editor. The custom parsing tool is very nice, outstanding."
"It can analyze event logs, event security, and give a good consult."
"It is a pretty solid product for the type that it is representing. It is a CM solution as compared to Splunk or ArcSight from HP. It is also user friendly. It comes with some internal AI as well, in which it automatically maps multiple lots from unrelated devices and makes a smart decision to link them back and create an offense based on that. It is a smart tool."
"It is the core of our entire SOX."
"IBM QRadar has improved my organization by introducing many functions. It collects logs from all of our systems in the organization and has functioned very well. It alerts and correlates the aggregate events or offenses we receive through all the applications we use."
"The UBA feature is the most valuable because you can see everything about users' activities."
"It protect us from multiple authentication values, unauthorized access and antivirus threats."
"I have found IBM QRadar to be stable."
"The pricing is very good."
"It is a scalable solution."
"The solution provides threat intelligence with EDR."
"I have no complaints about Cortex's stability."
"I chose Cortex XSOAR because the client also has Palo Alto firewalls. I can incorporate the data from the Palo Alto firewalls into Cortex and send it into the same data lake to manipulate that data. It lets me manage and monitor the data in one place."
"The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case."
"It has an extensive list of integrations that are available out of the box which makes it easy to start."
"It is quite scalable. I would rate it a ten out of ten."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"The reporting could be more structured."
"The playbook is a bit difficult and could be improved."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"There is room for improvement in entity behavior and the integration site."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The user interface is a bit clunky, a bit hard to find what you need."
"The solution is clunky."
"It needs more resilience and functionality."
"There could be better integration with the solution."
"The solution lacks vendor support."
"While the interface is easy to use, it could be a little more responsive."
"The reporting system could use some upgrading."
"The IBM support can be better."
"The price of the solution could be improved."
"Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated."
"For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added."
"I think they should increase their collaboration base."
"With Palo Alto Networks Cortex XSOAR, managing its setup phase can be a complicated task."
"There should be an on-premise version available for customers to have different choices."
"It doesn't offer automatic internet reports out of the box."
"It's only one cloud right now. It might be helpful for some companies to have an on-premies option."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
IBM Security QRadar is ranked 4th in Security Orchestration Automation and Response (SOAR) with 198 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. IBM Security QRadar is rated 8.0, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". IBM Security QRadar is most compared with Splunk Enterprise Security, Wazuh, LogRhythm SIEM, Elastic Security and Sentinel, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient. See our IBM Security QRadar vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.