We just raised a $30M Series A: Read our story

Palo Alto Networks Cortex XSOAR OverviewUNIXBusinessApplication

Palo Alto Networks Cortex XSOAR is #2 ranked solution in SOAR tools. IT Central Station users give Palo Alto Networks Cortex XSOAR an average rating of 8 out of 10. Palo Alto Networks Cortex XSOAR is most commonly compared to Splunk Phantom: Palo Alto Networks Cortex XSOAR vs Splunk Phantom. The top industry researching this solution is Computer Software Company, accounting for 30% of all views.
What is Palo Alto Networks Cortex XSOAR?

Demisto Enterprise delivers a complete solution that helps Tier-1 through Tier-3 analysts and SOC managers to optimize the entire incident life cycle while auto documenting and journaling all the evidence. More than 100+ integrations enable security orchestration workflows for incident management and other critical security operation tasks.

Palo Alto Networks Cortex XSOAR is also known as Demisto Enterprise, Cortex XSOAR, Demisto.

Buyer's Guide

Download the Security Orchestration Automation and Response (SOAR) Buyer's Guide including reviews and more. Updated: October 2021

Palo Alto Networks Cortex XSOAR Customers

Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity

Palo Alto Networks Cortex XSOAR Video

Pricing Advice

What users are saying about Palo Alto Networks Cortex XSOAR pricing:
  • "It is approx $10,000 or $20,000 per year for two user licenses."
  • "There is a yearly license required for this solution and it is expensive."
  • "From the cost perspective, I have heard that its price is a bit high as compared to other similar products."
  • "There is a perception that it is priced very high compared to other solutions."

Palo Alto Networks Cortex XSOAR Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
ML
Splunker, Networking and E-Mail Security Architect, Engineer and Guru at a healthcare company with 10,001+ employees
Real User
Top 20
Easy to use, stable, scalable, and has responsive support

Pros and Cons

  • "It has an extensive list of integrations that are available out of the box which makes it easy to start."
  • "I would love to see more flexibility on what we can display and design on the dashboards."

What is our primary use case?

We use Palo Alto Networks Cortex XSOAR for several areas of security automation, such as phishing, investigating, mitigating, the detection of impossible travel, and consolidating threat information for our internal systems.

How has it helped my organization?

It reduces manual interactions of security analysts. Before they had to check on three, or four different websites to see if something was good or bad. Now, Cortex does all of that for us.

What is most valuable?

It is very easy to use.

It has an extensive list of integrations that are available out of the box which makes it easy to start.

What needs improvement?

I would love to see more flexibility on what we can display and design on the dashboards.

For how long have I used the solution?

Palo Alto Networks Cortex XSOAR has been active for six months. 

We are always on the latest version.

What do I think about the stability of the solution?

Palo Alto Networks Cortex XSOAR is pretty stable.

What do I think about the scalability of the solution?

It offers some architecture recommendations to make it really scalable if you choose.

For example, hot standby, bond standby, clustering, and breaking out components in dedicated servers. You can go wild if you want to go wild, but we wanted to keep it easy and stable.

Pretty much network security and SOC are the main users. I believe that we are licensed for 20 users.

We are definitely extensively using this solution. We are currently training many additional teams to be self-sufficient in usage. The usage will increase more and more.

How are customer service and technical support?

With Palo Alto technical support, if you get to the right people, you get an answer very quickly. 

What I like about the Cortex team is that they have a dedicated select center where you can get service in minutes and that's extremely helpful.

Overall, I am satisfied with the technical support.

Which solution did I use previously and why did I switch?

We evaluated two or three other vendors. 

We are a very big Palo Alto shop and we needed to have some Palo Alto features, which are implemented now in Cortex. We are pretty much guided in that direction for some of the security features we need for our firewalls.

How was the initial setup?

I would say the initial setup was really straightforward. 

You need to be a little bit aware of Linux unless you buy the hosted version, then you don't need to know anything about it. If you decide you want to run it yourself, you should have some Linux skills because it's a Docker framework on Linux. Knowing a bit about that is handy.

It was up and running in half a day.

What about the implementation team?

It only requires one person to maintain this solution. I do it myself along with many other tasks. In a larger environment, you split into two teams, OS maintenance and application maintenance.

We had help from Palo Alto SE resource for the PoC, but the setup was completed on our own.

What's my experience with pricing, setup cost, and licensing?

We have a concurrent user license. 

The licensing is a pretty high price for a user license per year.

The base product is very cheap, you can even get it for free, but the fee per user is expensive. It is approx $10,000 or $20,000 per year for two user licenses.

It's a great product, although it might become very pricey if you need several user licenses.

They need to automate everything to reduce the number of user licenses needed. If it is an automated workflow, you don't need to be licensed.

If Cortex sends an email asking a user to say yes or no, you don't need a license for that user. You just need a user license if you want to improve what Cortex does in terms of workbooks, cases, and more.

Which other solutions did I evaluate?

We evaluated Splunk for six months and decided against it three to six months ago.

What other advice do I have?

Have a very good understanding of what you want to automate. Define the process and make sure the integrations you need are available out of the box.

I would also suggest starting simple. Try easy use cases first and until you feel confident before you get into more complex use cases.

I would rate Palo Alto Networks Cortex XSOAR a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
reviewer1285209
Tech Lead at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
User-friendly and robust with good technical support

Pros and Cons

  • "The automation is excellent."
  • "When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot."

What is our primary use case?

I primarily pitch and sell this solution to our customers. We do product assessments and consult with customers for the most part.

Clients can use it for automation. 

What is most valuable?

The solution has very good integration capabilities. It's really the best at integration. Inside every integration, there are certain commands which we can call upon, which makes it very useful as a product.

The automation is excellent. 

The product is very robust.

With this solution, we can do dynamic remediation.

It's a product that is constantly upgrading and improving.

It's a user-friendly solution.

Technical support is very helpful and responsive.

What needs improvement?

We'd like to be able to add as many integrations as possible. We would like more options for our clients. 

A few times, I have noticed some bugs. That may be due to the fact that they are consistently upgrading the product. With new releases, a few bugs might get through.

The solution is expensive. They should work to make it less costly for the customer.

For how long have I used the solution?

I've been working with the solution for the past five years or so at this point. It's been a while. 

What do I think about the stability of the solution?

There are a few bugs here and there when new releases happen. We've used it from version four all the way to version six and have dealt with a few bugs, however, that is expected. That's always some in any products. It's fine for us.

Mostly, the stability is okay. The integration keeps on triggering every time. It has jobs that are learning all the time. It's based on completely API integrations. As long as there is compatibility, the solution is pretty available. It is always ready to go.

What do I think about the scalability of the solution?

We haven't tried to scale, however, as per the technical documents which I have read, it should be understood by the customer before it is deployed. It all depends on how many integrations or how many triggering points a company has. You need to have an idea of the scope. Remediation can take a minute or two, however, it will still be possible. There isn't too much of a concern for scaling right now.

We have one or two customers using the solution for their own purposes. We are consulting with two more customers. We do plan to increase usage in the future. 

How are customer service and technical support?

We've dealt with technical support in the past. They're 100% responsive and they have a lot of channels in which to talk to them. You can always get a hold of them and they are very knowledgeable. We are quite satisfied with their level of support.

How was the initial setup?

Initially, we found the implementation to be a bit difficult. However, now we have done it quite a few times for clients, and we find it to be very straightforward and simple. You get used to the process. You learn how to do it. It's simple.

What about the implementation team?

We implement the solution for our clients as consultants. 

What's my experience with pricing, setup cost, and licensing?

The licensing is paid on a yearly basis. It is quite expensive. 

When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot. 

What other advice do I have?

We are a partner for Palo Alto. I have been certified with them. I did certifications around their certificates when they were Demisto, however, right now, we are Palo Alto partners.

It's not a SIEM product, however, it's a next-gen automation platform for SIEM SOC services.

I'd advise companies considering the solution to assess the existing environment before they go ahead and choose something. This solution is basically built for a vast organization or a medium and big organization. Smaller organizations have other options which are available to them that might be more appropriate. 

Companies should assess the product before it's brought on, as the cost is high. Businesses need to check their budget around that, and whether it will be flexible or not. 

It's also important to have a proper engineering and design team to implement that product.

I'd rate the solution at a nine out of ten overall.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Find out what your peers are saying about Palo Alto Networks, Splunk, IBM and others in Security Orchestration Automation and Response (SOAR). Updated: October 2021.
543,936 professionals have used our research since 2012.
SB
Vice President Global Technology Infrastructure Automation at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
Detects and whitelists certain IP addresses based on where they're coming from

Pros and Cons

  • "The solution is very reliable."
  • "The solution is very expensive."

What is our primary use case?

We use Palo Alto as a firewall, a system for detecting and whitelisting certain IP addresses or to block certain IP addresses based on where they're coming from. We then send the logs to another log management tool for more forensics and analysis before we make a decision.

We're basically using Palo Alto for firewalling and sending those logs to another security monitoring tool to make decisions based on analytics that it provides us.

What is most valuable?

The solution is very reliable. The performance is great.

The scalability of the solution is excellent. 

We find the solution to be very robust. Palo Alto has been in the industry a long time and the solution reflects that.

The initial setup is very straightforward. It's not hard to deploy.

What needs improvement?

The solution is very expensive. They would get more clients if it wasn't so pricey.

For how long have I used the solution?

I've been using the solution for about four years at this time. It's been a while. 

What do I think about the stability of the solution?

The solution is very reliable in terms of performance. It doesn't crash or freeze. There are no bugs or glitches.

What do I think about the scalability of the solution?

The solution is extremely scalable. If a company needs to expand it, it can do so easily.

How are customer service and technical support?

The technical support has been very good. Palo Alto is top of the line. They've been in the industry a long time and their support team reflects that knowledge. We are very satisfied with their level of support.

Which solution did I use previously and why did I switch?

I also work with Fortinet. We've used them for around the same amount of time.

How was the initial setup?

We found the initial setup to be quite straightforward. It's not hard to do. A company shouldn't have too much of a problem getting it up and running.

What's my experience with pricing, setup cost, and licensing?

I cannot speak to the exact cost of the solution or how much our organization pays.

However, it is my understanding that the product is extremely expensive.

What other advice do I have?

I'm not sure which version of the solution we're using at this time.

I'd rate the solution at an eight out of ten. We've been quite pleased with its capabilities. The only thing is it is pretty expensive.

I'd recommend other users work both with Palo Alto and Fortinet. They are great together. They compliment each other nicely.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
RP
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees
MSP
Top 5Leaderboard
Easy to set up with good technical support and good stability

Pros and Cons

  • "The pricing is very good."
  • "The user interface could be a bit better."

What is our primary use case?

We primarily use the solution for automation and the orchestration of security.

What is most valuable?

We've only just installed the solution and need time to explore its functionality and capabilities. So far, we haven't experienced any issues.

The stability has been good overall.

The initial implementation wasn't overly complex. It was easy.

The pricing is very good.

Technical support is helpful and responsive.

What needs improvement?

Although we haven't used the solution for too long, we haven't come across any issues and haven't noticed any features that are lacking. We're largely satisfied with the offering. 

The user interface could be a bit better. It's the only aspect I've noticed that could possibly be improved. 

Other than that, we've been pretty happy with it.

For how long have I used the solution?

We've just implemented the solution. We've only been using it for a few weeks. It hasn't been too long just yet.

What do I think about the stability of the solution?

So far, we have found the stability to be very reliable. There are no bugs or glitches. It doesn't crash or freeze. The performance, in the few weeks we've used it, has been good.

How are customer service and technical support?

Technical support has been helpful so far. They are knowledgeable and responsive and we've been very satisfied with their level of support.

How was the initial setup?

The installation was very straightforward. It only took about a day. Not even that long. The deployment was fast. A company shouldn't have run into any issues with the initial setup.

What about the implementation team?

I was able to handle the implementation myself. I did not need the assistance of an integrator or consultant.

What's my experience with pricing, setup cost, and licensing?

We've found the pricing to be very reasonable. It's not particularly expensive.

The customers do not have to pay for licensing; we deliver it for free.

What other advice do I have?

We have the solution integrated into our QRadar.

In the time we've used it, from what I've experienced, I'd rate the product at an eight out of ten. We've had a very positive experience.

I would recommend the solution to other companies.

Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
Flag as inappropriate
Darshil Sanghvi
Consultant at a tech services company with 501-1,000 employees
Reseller
Top 5Leaderboard
High level log overviews, integrates well, and effective orchestration

Pros and Cons

  • "The most valuable features are the orchestration because of the way in which it coordinates the loss from all the devices and it provides us with a high-level overview of the critical log information."
  • "There should be an on-premise version available for customers to have different choices."

What is our primary use case?

We are using this solution to have a completely organized SOC from a list of devices in our environment. We are able to manage all of our devices, such as firewalls and endpoint protection solutions.

What is most valuable?

The most valuable features are the orchestration because of the way in which it coordinates the loss from all the devices and it provides us with a high-level overview of the critical log information. Additionally, this solution integrates very well, we have integrated a Palo Alto firewall and everything is working perfectly.

What needs improvement?

There should be an on-premise version available for customers to have different choices.

For how long have I used the solution?

I have been using this solution for approximately one year.

What do I think about the stability of the solution?

The solution is very reliable because it is on the cloud.

What do I think about the scalability of the solution?

The solution is scalable. We have already approximately 200 devices deployed into the cloud and we are planning to increase usage in the future. We have approximately 600 employees using this solution in my organization and the solution has been completely coordinating the logs of all these users well.

How are customer service and technical support?

The technical support is satisfactory. If we need any clarification or faced any issues we have been in contact with the support. However, there is room for improvement.

How was the initial setup?

The solution is easy to deploy and manage.

What's my experience with pricing, setup cost, and licensing?

There is a yearly license required for this solution and it is expensive.

Which other solutions did I evaluate?

We have evaluated other solutions but they do not compare with the number of features this solution provides. There is a wide range of features in this solution.

What other advice do I have?

I would recommend this solution to those that already have a SOC or a NOC. It will enhance their logs and XSOAR will handle their internet activities. 

If they are not involved with SOCs or NOCs then I do not think they require this solution.

I rate Palo Alto Networks Cortex XSOAR an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Shubham Agarwal
Network Security Engineer at a tech services company with 201-500 employees
Real User
Top 20
Very scalable, awesome automation, and awesome technical support

Pros and Cons

  • "The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
  • "For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added."

What is our primary use case?

The use cases basically came from the customers. Most of the time, the major concern is from a security perspective because various kinds of attacks are happening. To restrict or stop those attacks, we are building playbooks. We are also automating repetitive tasks.

We are using on-premise as well as cloud deployments.

What is most valuable?

The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work.

What needs improvement?

For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else.

In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added.

For how long have I used the solution?

I have been working on this solution for the last four months.

What do I think about the stability of the solution?

Its stability is okay.

What do I think about the scalability of the solution?

It is very scalable. It can be easily integrated with other third-party APIs.

How are customer service and technical support?

Their technical support is awesome. It is far better than the technical support of any other company.

How was the initial setup?

The setup is very easy. It is very straightforward. The deployment took around 15 minutes.

What's my experience with pricing, setup cost, and licensing?

From the cost perspective, I have heard that its price is a bit high as compared to other similar products.

What other advice do I have?

For each SOC and MSS environment, I would recommend using Cortex XSOAR for better productivity, scalability, performance, and efficiency. A lot of manual work is happening right now, and that could be avoided. People can be utilized for more productive work.

I would rate Palo Alto Network Cortex XSOAR an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
VS
Director at a tech services company with 11-50 employees
Reseller
Top 5Leaderboard
Simple to use, good documentation, and integrates well into the environment

Pros and Cons

  • "The most valuable features are simplicity and ease of integration."
  • "Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners."

What is our primary use case?

We are a solution provider and this is one of the products that we are selling to our clients.

What is most valuable?

The most valuable features are simplicity and ease of integration.

The documentation is fantastic.

What needs improvement?

Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners.

It has to be richer with respect to IoT. I expect that in future versions, support for a variety of devices will be added.

For how long have I used the solution?

We have about two months of experience with Demisto Enterprise.

What do I think about the stability of the solution?

This is a stable solution.

What do I think about the scalability of the solution?

My impression is that Demisto is scalable and it is capable of working across wide geography at any given point in time. The traffic comes in from everywhere in the world and this solution is able to identify threats ahead of time.

Our clients for this solution are medium-sized and enterprise-level businesses.

How was the initial setup?

The initial setup of this solution is complex. My understanding is that it can be deployed within a few days.

What's my experience with pricing, setup cost, and licensing?

There is a perception that it is priced very high compared to other solutions.

What other advice do I have?

Demisto is a product that I recommend.

I would rate this solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Buyer's Guide
Download our free Security Orchestration Automation and Response (SOAR) Report and find out what your peers are saying about Palo Alto Networks, Splunk, IBM, and more!