We performed a comparison between NetWitness XDR and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Log aggregation and data connectors are the most valuable features."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"This solution allows us to locate the malware in real-time."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"The log correlation is good."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"It is stable. We have been using it for some time, without any issues."
"The interface of this solution is very flexible and easy to use."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"Many different playbooks are available and can be customized."
"Palo Alto is easy to use."
"From the security team's standpoint, the solution has improved our organization's overall cybersecurity."
"Its agility and scalability are valuable."
"The product’s stability is good."
"It was useful as a ticketing tool."
"The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
"The product can automate security tasks."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"I think the number one area of improvement for Sentinel would be the cost."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"We are invoiced according to the amount of data generated within each log."
"I would like to be able to monitor applications outside of the Azure Cloud."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"RSA NetWitness Network could improve on integration with non-native application integration."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"The configuration of the solution could improve it is difficult."
"It's only one cloud right now. It might be helpful for some companies to have an on-premies option."
"The user interface could be a bit better."
"The solution is very expensive."
"For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added."
"Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations."
"Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated."
"Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
NetWitness XDR is ranked 15th in Security Orchestration Automation and Response (SOAR) with 15 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 41 reviews. NetWitness XDR is rated 8.0, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient. See our NetWitness XDR vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.