We performed a comparison between Palo Alto Networks Cortez XSOAR and Splunk Phantom based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both solutions come across as reliable and powerful products. Cortex does slightly better in the Pricing category, however.
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"We have no complaints about the features or functionality."
"The product can integrate with any device."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The machine learning and artificial intelligence on offer are great."
"The most valuable features of Palo Alto Networks Cortex XSOAR are the remote controller from the workstation that can execute commands and isolate the systems outside of the network. Only the system with an internet connection can execute the task because the main console is in the cloud."
"The product can automate security tasks."
"The most valuable feature is its capability to automate responses and collect information for any security event before you even delve into the details. It's a vast product with an active roadmap, so I'm satisfied with it for now. It's very efficient at data collection and correlation."
"I have no complaints about Cortex's stability."
"From the security team's standpoint, the solution has improved our organization's overall cybersecurity."
"It is a scalable solution. I would rate scalability a ten out of ten."
"Palo Alto has gotten the investigators more presence to actually go in the report because being that the platform will email the investigator that it's been assigned to, now the investigators will jump in there and start going through the review process a lot quicker."
"Palo Alto is easy to use."
"The most valuable feature is the risk-based access control."
"Splunk SOAR's quick response to incidents is the most valuable part."
"The product’s integration with other Splunk products is valuable."
"When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved."
"The customizable playbook is the most valuable aspect of the solution."
"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"So far, the interface is very easy to use."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"We'd like also a better ticketing system, which is older."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"The only thing is sometimes you can have a false positive."
"For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added."
"Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs."
"The solution's technical support could be better."
"Palo Alto needs to develop more AI-centric products."
"The configuration of the solution could improve it is difficult."
"It is not a very scalable solution."
"When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot."
"The platform’s setup procedures could be streamlined compared to one of its competitors."
"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."
"Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers."
"The algorithm and machine learning have room for improvement and can be more user-friendly."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
"We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them."
"The number of playbooks on offer should be increased."
"The UI can be more customizable for the clients."
"Splunk's support for integration is subpar and has room for improvement."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 41 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while Splunk SOAR is rated 8.0. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Fortinet FortiSOAR, Swimlane, IBM Resilient and ServiceNow Security Operations, whereas Splunk SOAR is most compared with Cortex XSIAM, ServiceNow Security Operations, Torq, Swimlane and Cisco SecureX. See our Palo Alto Networks Cortex XSOAR vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I would recommend CyberSponse. There is a reason why CyberSponse have been awarded Government and Military contracts over all the competition! Commerical customers need the same power and capability, why settle for anything less!