We performed a comparison between Palo Alto Networks Cortex XSOAR and ThreatQ based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The machine learning and artificial intelligence on offer are great."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"Sentinel pricing is good"
"The product’s stability is good."
"The most valuable feature is automation."
"The solution provides threat intelligence with EDR."
"It is quite scalable. I would rate it a ten out of ten."
"The most valuable feature is its capability to automate responses and collect information for any security event before you even delve into the details. It's a vast product with an active roadmap, so I'm satisfied with it for now. It's very efficient at data collection and correlation."
"It is a scalable solution."
"The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case."
"Many different playbooks are available and can be customized."
"The reporting services are great. With reporting services, if you have customers that just visit a URL you can see the result - including why it's blocked and how and how the URL was first recognized as malicious."
"Integrating the solution with our existing security tools and workflows was easy."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"The solution could be more user-friendly; some query languages are required to operate it."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"The configuration of the solution could improve it is difficult."
"Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated."
"It doesn't offer automatic internet reports out of the box."
"Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs."
"For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added."
"The dashboard could be better."
"Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly."
"The solution's technical support could be better."
"The tool is not user-friendly."
"The solution should be simpler for the end-user in terms of reporting and navigating the product."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 39 reviews while ThreatQ is ranked 25th in Security Orchestration Automation and Response (SOAR) with 2 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while ThreatQ is rated 7.0. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of ThreatQ writes "Improves the threat intelligence gathering process, but it is not user-friendly". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient, whereas ThreatQ is most compared with ThreatConnect Threat Intelligence Platform (TIP), Anomali ThreatStream, Recorded Future and CrowdStrike Falcon.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.