We performed a comparison between Palo Alto Networks Cortez XSOAR and Splunk Phantom based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both solutions come across as reliable and powerful products. Cortex does slightly better in the Pricing category, however.
"The pricing of the product is excellent."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The main benefit is the ease of integration."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The product can automate security tasks."
"Cortex XSOAR's most valuable features are the playbooks, custom integration, the machine-learning model, and the layout, classifier, and mapper."
"The solution is user-friendly and easy to configure."
"Many different playbooks are available and can be customized."
"It is a scalable solution. I would rate scalability a ten out of ten."
"The solution is very reliable."
"It is a scalable solution."
"Its agility and scalability are valuable."
"Our customers find it easy to conduct searches and consider it an excellent content management system."
"The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools."
"Very flexible integration with other tools"
"My understanding is the initial setup isn't too hard."
"Splunk SOAR's quick response to incidents is the most valuable part."
"So far, the interface is very easy to use."
"The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point."
"The most valuable feature is the risk-based access control."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The troubleshooting has room for improvement."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"It is not a very scalable solution."
"Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs."
"The dashboard could be better."
"For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added."
"The price of the solution could be improved."
"When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot."
"The configuration of the solution could improve it is difficult."
"Its dashboard features need improvement."
"There is a lot of room for improvement with the UI."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much."
"Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers."
"It could be easier to implement."
"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."
"The number of playbooks on offer should be increased."
"Splunk's support for integration is subpar and has room for improvement."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while Splunk SOAR is rated 8.0. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Fortinet FortiSOAR, Swimlane, IBM Resilient and ServiceNow Security Operations, whereas Splunk SOAR is most compared with Cortex XSIAM, ServiceNow Security Operations, Torq, Swimlane and Cisco SecureX. See our Palo Alto Networks Cortex XSOAR vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I would recommend CyberSponse. There is a reason why CyberSponse have been awarded Government and Military contracts over all the competition! Commerical customers need the same power and capability, why settle for anything less!