We performed a comparison between Palo Alto Networks Cortex XSOAR and Rapid7 InsightConnect based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We have no complaints about the features or functionality."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The initial setup is very simple and straightforward."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The analytic rule is the most valuable feature."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Palo Alto has gotten the investigators more presence to actually go in the report because being that the platform will email the investigator that it's been assigned to, now the investigators will jump in there and start going through the review process a lot quicker."
"It is a scalable solution."
"From the security team's standpoint, the solution has improved our organization's overall cybersecurity."
"What I like most about Palo Alto Networks Cortex XSOAR is how user-friendly it is for development. It is much simpler to work with compared to similar tools I've used."
"The most valuable features are simplicity and ease of integration."
"The pricing is very good."
"It’s easy to install."
"The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features"
"The tool is stable. The initial setup is straightforward. The product is user-friendly."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"There is room for improvement in entity behavior and the integration site."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The solution could be more user-friendly; some query languages are required to operate it."
"The solution should allow for a streamlined CI/CD procedure."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening."
"We need a little hands-on experience to install the solution."
"I would like to see Cortex become less dependent on Active Directory and group policies to manage the deployment. Maybe I need to update my understanding of how to deploy it, but that's the way I know how to use it."
"The tool’s multi-tenancy feature must be improved."
"The solution requires DV but does not support open-source DV elastic searches."
"Its dashboard features need improvement."
"Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners."
"The solution should be made a bit cheaper."
"The technical support should be improved."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 39 reviews while Rapid7 InsightConnect is ranked 21st in Security Orchestration Automation and Response (SOAR) with 2 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while Rapid7 InsightConnect is rated 8.0. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of Rapid7 InsightConnect writes "Excellent security orchestration and automation AI features". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient, whereas Rapid7 InsightConnect is most compared with CrowdStrike Falcon, ThreatConnect Threat Intelligence Platform (TIP), ServiceNow Security Operations and Splunk SOAR. See our Palo Alto Networks Cortex XSOAR vs. Rapid7 InsightConnect report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.