We performed a comparison between Palo Alto Networks Cortex XSOAR and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The Log analytics are useful."
"Free ingestion for Azure logs (with E5 licence)"
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"I have found the solution very useful, it integrates well with other platforms."
"It’s easy to install."
"The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case."
"The solution provides threat intelligence with EDR."
"Cortex XSOAR's most valuable features are the playbooks, custom integration, the machine-learning model, and the layout, classifier, and mapper."
"The most valuable feature is automation."
"The solution is user-friendly and easy to configure."
"From the security team's standpoint, the solution has improved our organization's overall cybersecurity."
"The solution does very well as a baseline EDR and provides good process-level management."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"The most valuable feature of VMware Carbon Black Cloud is the possibility of securing any PC worldwide."
"Integration and scalability are the most valuable."
"VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network."
"The detection response and quarantining are very good features."
"It is nice when you're in a situation where you think someone's device is compromised and that there's some malware getting into your fleet."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"The product can be improved by reducing the cost to use AI machine learning."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The solution could improve the playbooks."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"They should provide integration with machine learning platforms."
"The solution should be made a bit cheaper."
"XSOAR could have more integration options."
"It doesn't offer automatic internet reports out of the box."
"Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners."
"Palo Alto needs to develop more AI-centric products."
"In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening."
"The solution's correlation rules and playbooks should be improved."
"The cloud console has a lot of bugs and issues in the analysis part."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"Training and education for both partner and customer, including product marketing need to be improved."
"Additionally, it is complex to use, and the pricing should be improved."
"The dashboard should be more user-friendly."
"Technical support for the solution should be improved because there is a scarcity of support teams in the Middle East."
"The solution's support could be improved."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while VMware Carbon Black Cloud is ranked 2nd in Security Incident Response with 18 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate and Splunk SOAR.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
