We performed a comparison between Palo Alto Networks Cortex XSOAR and Trellix Helix based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"We have no complaints about the features or functionality."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"For organizations that are stable with their security operations, like those with around 50 members in their security team running full-phased operations 24/7, Cortex is necessary."
"It has an extensive list of integrations that are available out of the box which makes it easy to start."
"The solution is user-friendly and easy to configure."
"They have a portal where you can find any kind of integration that you need."
"The most valuable features of Palo Alto Networks Cortex XSOAR are the remote controller from the workstation that can execute commands and isolate the systems outside of the network. Only the system with an internet connection can execute the task because the main console is in the cloud."
"It is a scalable solution."
"The product’s stability is good."
"The most valuable features are the orchestration because of the way in which it coordinates the loss from all the devices and it provides us with a high-level overview of the critical log information."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"The most valuable features include predefined use cases and threatening states."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"One key area that can be improved is by building a strong integration with our XDR platform."
"We'd like also a better ticketing system, which is older."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"The playbook is a bit difficult and could be improved."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot."
"It doesn't offer automatic internet reports out of the box."
"I think they should increase their collaboration base."
"The integration could be better. Cortex, for example, does not work with iPhone."
"The user interface could be a bit better."
"Palo Alto needs to develop more AI-centric products."
"It's only one cloud right now. It might be helpful for some companies to have an on-premies option."
"The solution's technical support could be better."
"Integrations could be improved, and the dashboard could be a little better."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"It should have more cloud connectors. It could also be cheaper."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while Trellix Helix is ranked 31st in Security Information and Event Management (SIEM) with 7 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while Trellix Helix is rated 8.6. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and ServiceNow Security Operations, whereas Trellix Helix is most compared with LogRhythm SIEM, Splunk Enterprise Security, Trellix ESM, IBM Security QRadar and Cisco SecureX.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.