Palo Alto Networks Cortex XSOAR Reviews

I mainly use Cortex XSOAR to automate cybersecurity and the SOC environment.

To minimize manual tasks and increase level of automation. 

Cortex XSOAR drastically reduces trivial tasks inside the SOC environment, which provides a huge benefit for L1 analysts.

Cortex XSOAR's most valuable features are the playbooks, custom integration, the machine-learning model, and the layout, classifier, and mapper.

Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations. In the next release, Palo Alto should include popup features - for example, if someone is working on an incident, it should pop up and display in front of me once it's clicked.

4 years

Cortex XSOAR is very stable in our environment, and we haven't seen any platform issues with it.

Cortex XSOAR is scalable.

Palo Alto's support services require a lot of improvement.

I used Qradar SOAR . Cortex xsoar support is very good and contain lot of OOTB playbooks but comparatively qradar soar lack in OOTB Playbooks. 

The initial setup is very easy. Also in latest version platform is managed by Palo alto cloud itself and rest of the configuration is done from UI itself. 

So zero load in configuring platform. 

Cortex XSOAR's license price could be lower.

I would give Cortex SOAR a rating of eight out of ten.

As an integrator, I have used Palo Alto Networks Cortex XSOAR in various customer environments for a wide range of purposes. This includes improving IT security, streamlining operations, automating incident response actions, creating playbooks with approvals, and enhancing integrations with different security tools. In essence, Cortex XSOAR serves as a versatile platform that helps address multiple cybersecurity and operational needs in organizations.

What I like most about Palo Alto Networks Cortex XSOAR is how user-friendly it is for development. It is much simpler to work with compared to similar tools I've used. If you can think of it, you can probably do it. However, there are some limitations, but speed isn't one of them.

One limitation I have noticed with Cortex XSOAR is that it doesn't offer automatic threat intel reports out of the box. However, you can achieve this through coding, and we have managed to do it in our own environment using scripts and playbooks. It is not a built-in feature, but it is possible with some coding skills. The good news is that Palo Alto Networks plans to make this process more automated in the future, but it is not available yet.

I have been using Palo Alto Networks Cortex XSOAR for three years.

Cortex XSOAR's stability depends on the right sizing. When sized correctly, it is very stable and I would rate it a strong nine out of ten. But if the sizing is wrong, performance problems can arise. For instance, customers with closed storage systems had issues during heavy workloads. To keep it stable, having at least 3,000 IOPs is advised, especially for customers with high storage needs. So, sizing is key for a successful and stable experience.

Cortex XSOAR is generally scalable and I would rate the scalability an eight out of ten. It is a bit challenging to migrate it from a regular database to a high-availability Elastic database, but it is possible. The ease of migration depends on how well it was planned from the start. Overall, it is a good option for scalability, but careful planning is essential for smooth transitions. The engine, which acts as a broker for connections and integrations in Cortex XSOAR, is highly efficient and reliable.

The initial setup of Cortex XSOAR is generally straightforward, but it can get a bit tricky when dealing with a lot of use cases. If you plan to create large playbooks, it is crucial to size the system correctly from the start. Otherwise, you might run into performance issues. Apart from that, there aren't many problems with the implementation process. The challenge mainly revolves around sizing the system correctly, especially when customers have lots of ideas that could make playbooks complex and resource-intensive. So, it is important to plan carefully in such cases. In the best-case scenario, deploying Cortex XSOAR can be done in about 30 minutes when everything is prepared and ready. However, for full integration into the customer's environment, assuming no restrictions or communication issues, it might take roughly two and a half hours.

Overall, I would rate the solution an eight out of ten. My advice to new users would be to plan ahead before implementing Cortex XSOAR. Understand your use cases well and have a solid strategy because the implementation is an ongoing process that you can always improve. Consider creating an adoption plan for what you will do this year and next year in terms of integration and use cases. Keep it user-friendly and introduce use cases gradually to your team instead of overwhelming them all at once. It's about taking steps to make it effective over time.

Our company uses the solution for security management and threat response. 

Many different playbooks are available and can be customized. 

Integrations with other applications are challenging and need to be improved. 

Reports or issues are often duplicated. 

The solution requires DV but does not support open-source DV elastic searches. 

I have been using the solution for seven months. 

The solution has stability issues from the performance side and often duplicates reports or issues.

The solution is not a Palo Alto product so technical support is inadequate. 

There is not a big focus on support for the solution so it takes a lot of time to receive responses for issues. 

The setup might not be easy because it requires official customers. 

Our company received technical support during installation.

The solution is based on an annual licensing model that is expensive. 

The solution is a good product that would be even better if technical support is improved and prices are discounted. 

Support is very important because there is a lot of follow up after implementations to properly manage changes and issues. 

I rate the solution a six out of ten. 

We use the solution for incident orchestration.

The solution helps us with incident analysis.

The solution has the best processing and incident analysis features.

The solution's price could be better. Also, they should provide integration with machine learning and artificial intelligence platforms.

We have been using the solution for seven months.

I rate the solution's stability an eight out of ten.

I rate the solution's scalability a ten out of ten.

The solution's technical support team is good.

Positive

The solution's initial setup process is easy. We implement it on the cloud and premises.

The solution generates a good return on investment.

The solution's pricing needs improvement.

I recommend the solution to others and rate it a ten out of ten.

We are using Palo Alto Networks Cortex XSOAR for automation.

The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case.

Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly.

I have been using Palo Alto Networks Cortex XSOAR for approximately six months.

Palo Alto Networks Cortex XSOAR is a stable solution.

The scalability of Palo Alto Networks Cortex XSOAR is fine for what we are using it for.

We have our SecOps department of user 50 people that are using the solution for alerts. We plan to increase usage in the future.

The support from Palo Alto Networks Cortex XSOAR could improve. However, a lot of the support is poor.

We have three people in the security operations that do the maintenance and support of Palo Alto Networks Cortex XSOAR.

The price of Palo Alto Networks Cortex XSOAR is comparable to other solutions in the market.

I rate Palo Alto Networks Cortex XSOAR a six out of ten.

I'm currently evaluating XSOAR to see what the solution can do. I'm playing around with the various features. 

The drag-and-drop interface enables analysts with no programming knowledge to create playbooks easily. 

XSOAR could have more integration options. 

I have used XSOAR for two months.

XSOAR is stable. 

Setting up XSOAR is straightforward and takes about 30 minutes. It doesn't require any special technology to implement it in any architecture.  You create a virtual machine, move the file to it, launch the installer, and let it run. It doesn't require any complex tasks. 

I rate Palo Alto Networks Cortex XSOAR nine out of 10. 

Our clients use it in our managed service platform, in our cloud. We also provide solutions to our clients on Service Cloud and XDR.

The advanced security capabilities and the automation available with the solution are the most valuable solution. Moreover, the scalability and ease of management are additional benefits.

There is room for improvement in terms of the pricing model. 

We've been selling and working with it for eight years.

It is a stable solution. I would rate stability a ten out of ten. 

It is a scalable solution. I would rate scalability a ten out of ten. Our clients are enterprise businesses. 

The customer support is good. 

Positive

Since we handled the installation ourselves in our environment, it's really easy for us to install.

It may not be the easiest installation, especially when configuring agents with specific functionalities. But the initial setup is relatively easy. Maintenance is ongoing. It's always required to ensure the system runs smoothly.

The deployment process really depends on the client. It varies based on the complexity of the deployment. Each time is different. It could take anywhere from a few days to a week.

We probably have around six people involved in the process. When it comes to setup, it's all about proper planning and understanding the client's specific needs and requirements for the service.

I would rate pricing a seven out of ten, where one is a low price, and ten is a high price. We use the annual subscription. There are no additional costs.

I would advise them to explore the extensive features it offers in terms of organization and remediation. It's important to consider its seamless integration with other platforms and the wide range of services and products provided by the company.

Overall, I would rate the solution a nine out of ten because the product offers a comprehensive network and cloud solution. We can provide clients with a complete end-to-end solution through a single vendor.

We use the solution to automate our SIEM tools and incidents.

The solution's correlation rules and playbooks should be improved.

I have been using Palo Alto Networks Cortex XSOAR for six to seven months.

I rate the solution seven and a half out of ten for stability.

More than 100 users are using the solution in our organization.

I rate the solution a six out of ten for the scalability of its on-premises version.

I also use the ArcSight solution.

The solution can be deployed within a few minutes.

We are using the latest version of Palo Alto Networks Cortex XSOAR. The solution's on-premises version is not scalable. Around five people are involved with the solution’s maintenance.

Overall, I rate the solution an eight out of ten.