Palo Alto Networks Cortex XSOAR Room for Improvement

Donald Keeber - PeerSpot reviewer
President at Margate Net

I want to make note that it seems like Palo Alto Networks is moving to a full A La-cart licensing model where just about every feature in the product has a separate key and license to purchase/maintain and monitor. I have had firewalls bricked because it became cost prohibitive to license them. Once licenses expire, the firewall virtually stops operating as anything more than a router.

With Cortex specifically, it's the poor platform based logging. I can generate logs for individual users, but there is little platform data available from either the client or the Dashboard.

Also, having to maintain GP and Cortex on the same machines makes life more complicated as there are two seperate controls that need to be managed, licensed and monitored. I would like to see a day when GP and Cortex are one and the same with feature switches to enable/disable functionality


View full review »
JP
Cybersecurity Cyber Crime Infrastructure Engineer & Investigator at a government with 5,001-10,000 employees

In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening.

From an analyst perspective, it's not that hard to use. From a developer, it takes a little while in order to get to understand exactly how one would go about creating a playbook. The automation part is not that hard. It's relatively easy. It's just creating the flowchart.

View full review »
AS
Works at a educational organization with 10,001+ employees

The platform’s setup procedures could be streamlined compared to Sentinel, which has a much easier setup regarding Single Sign-On and policy management.

View full review »
Buyer's Guide
Palo Alto Networks Cortex XSOAR
March 2024
Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Iskandar Iskak - PeerSpot reviewer
Director Sales for Education Market at Telekom Malaysia

I would like to have a better visualization of the command center. In command and samples, the sample has a product called the command center.

I want the scalability of the product to be improved.

View full review »
Jasmin Surani - PeerSpot reviewer
Senior Cybersecurity Engineer (Security Operations & Engineering) at a manufacturing company with 10,001+ employees

There is room for improvement in support. The response time could be faster.

View full review »
Chetankumar Savalagimath - PeerSpot reviewer
Delivery Manager at a tech services company with 1,001-5,000 employees

Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs. 

For example, creating a pro model alongside a lighter model could be beneficial, like FortiSOAR or others providing a lighter model that focuses on the automation segment, where you could integrate maybe five or ten playbooks and integrations for day-to-day operations. This would make it more accessible to everyone.

Currently, Cortex XSOAR operates on a larger scale, which may not be necessary for all. If there's a minimum budget of around 50k or 80k for SOAR, having a scaled-down version of Cortex XSOAR would be advantageous. This would allow integration with current business operations at a minimal cost, saving money while still leveraging the capabilities of Cortex XSOAR.

And if there's a need to scale up later, moving to a pro model could be an option. That's something that's missing on the business side but could greatly aid incident response, as we're all trying to secure organizations from threats. Having such an option would make it a more socially viable cost and still provide widespread use.

In future releases, I would like to see more differential models could be implemented, instead of having a one-size-fits-all approach.

View full review »
Oleksii Pavlyk - PeerSpot reviewer
Head of the direction of ensuring the security of digital systems, electronic databases and networks at Ukreximbank

Palo Alto Networks Cortex XSOAR lacks to offer SIEM functionalities currently. From an improvement perspective, I would like to see Palo Alto Networks Cortex XSOAR offer SIEM functionalities.

In the future, I would like to see more automation functionalities.

View full review »
ML
Splunker, Networking and E-Mail Security Architect, Engineer and Guru at a healthcare company with 10,001+ employees

I would love to see more flexibility on what we can display and design on the dashboards.

View full review »
Nethra Sk - PeerSpot reviewer
Head of Security Monitoring and Control at Alstom Ferroviaria S.p.A.

Customization and performance can be improved. For example, some formats were incompatible when integrating, and they said we needed to work with the vendor to fix this issue because some logs that AVA logs were not compatible, and it did not readily recognize the format. Most of the time, I heard this as feedback. The formats are not compatible, are readily not available, and are not readable. Then we had to work it and write it manually.

View full review »
DL
Senior Information Technology Support Engineer at TSCNET Services GmbH

The stability could be better.

The integration could be better. Cortex, for example, does not work with iPhone.

View full review »
Chetankumar Savalagimath - PeerSpot reviewer
Delivery Manager at a tech services company with 1,001-5,000 employees

We'd like to be able to add as many integrations as possible. We would like more options for our clients. 

A few times, I have noticed some bugs. That may be due to the fact that they are consistently upgrading the product. With new releases, a few bugs might get through.

The solution is expensive. They should work to make it less costly for the customer.

View full review »
MA
MSS Delivery Lead at Help AG

The tool’s multi-tenancy feature must be improved. The user interface must be made a little bit easier.

View full review »
Waheb Samaraie - PeerSpot reviewer
Network Engineer at Kamps Propane

The price of the solution could be improved.

View full review »
SB
Vice President Global Technology Infrastructure Automation at a financial services firm with 10,001+ employees

The solution is very expensive. They would get more clients if it wasn't so pricey.

View full review »
ShubhamAgarwal - PeerSpot reviewer
Specialist - Information Security at LPI

Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations. In the next release, Palo Alto should include popup features - for example, if someone is working on an incident, it should pop up and display in front of me once it's clicked.

View full review »
Mostafa-Ahmed - PeerSpot reviewer
Cybersecurity incident response team lead at Information Technology Solutions- ITS

One limitation I have noticed with Cortex XSOAR is that it doesn't offer automatic threat intel reports out of the box. However, you can achieve this through coding, and we have managed to do it in our own environment using scripts and playbooks. It is not a built-in feature, but it is possible with some coding skills. The good news is that Palo Alto Networks plans to make this process more automated in the future, but it is not available yet.

View full review »
EG
Manager at Commercial Bank of Ethiopia

Integrations with other applications are challenging and need to be improved. 

Reports or issues are often duplicated. 

The solution requires DV but does not support open-source DV elastic searches. 

View full review »
AYOUB ECH-CHKAF - PeerSpot reviewer
Security Operations Center Analyst (L2 at Thales

The solution's price could be better. Also, they should provide integration with machine learning and artificial intelligence platforms.

View full review »
SM
Security Project Manager at a retailer with 10,001+ employees

Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly.

View full review »
AM
Intern Cybersecurity at a computer software company with 10,001+ employees

XSOAR could have more integration options. 

View full review »
HendrikDu Plooy - PeerSpot reviewer
Business Development Manager at a tech services company with 11-50 employees

There is room for improvement in terms of the pricing model. 

View full review »
Rodrigo AlexiPizarro - PeerSpot reviewer
IT Operations Deputy Manager at Ultramar Agencia Marítima

Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated.

View full review »
Nick Rama - PeerSpot reviewer
System Engineer at Nexus Technologies,Inc.

With Palo Alto Networks Cortex XSOAR, managing its setup phase can be a complicated task. The aforementioned aspects of the solution can be considered for improvement. In the future, I need the product to provide me with the ability to manage its base.

In the future, I want Palo Alto Networks Cortex XSOAR to provide me with an option that allows me to do an automatic setup process. I also want Palo Alto Networks Cortex XSOAR to plan a way to minimize the need for too many configuration processes in an architecture. I feel that currently, the setup process of the product is really hard.

View full review »
Cemil Altug - PeerSpot reviewer
Hybrid Cyber Security Team Lead at Dndx CyberSecurity

The dashboard could be better. 

View full review »
GJ
Deputy Vice President at a financial services firm with 10,001+ employees

It doesn't have any integrations. It lacks multiple integrations. 

It is been decommissioned by Palo Alto. There's no more trying to support it. There will be no more additional items added.

The initial setup was complex.

View full review »
YP
Business Development Manager at a tech services company with 51-200 employees

The solution's integration with non-security solutions will be helpful.

View full review »
GS
Commercial Director at a security firm with 11-50 employees

The solution’s price and technical support could be improved.

View full review »
DL
Sales engineer at MUK

Nothing needs to be changed. It is a part of Cortex inside Palo Alto Networks. If you want to get all the benefits, you will need the Cortex XDR, then you will need to get Cortex XSOAR. It's like a brother and sister, and they will give you a lot of benefits if you integrate them. 

It's only one cloud right now. It might be helpful for some companies to have an on-premies option. 

View full review »
RK
Network and Information Security at a tech services company with 10,001+ employees

The dashboard performance could be improved.

Another area of improvement is a support team. Moreover, we need to pay for modifying anything with scripting in terms of customization. It can be a challenge if the person isn't 100% good with scripting.

View full review »
VW
Security Professional at a tech services company with 51-200 employees

I think they should increase their collaboration base so that XSOAR can be utilized for any number of automation.

View full review »
RP
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees

Although we haven't used the solution for too long, we haven't come across any issues and haven't noticed any features that are lacking. We're largely satisfied with the offering. 

The user interface could be a bit better. It's the only aspect I've noticed that could possibly be improved. 

Other than that, we've been pretty happy with it.

View full review »
SA
CyberSecurity Consultant at Information Technology Solutions- ITS

The solution's features for reporting and dashboards need improvement. They need more customization options.

View full review »
NN
None at Invecto

The solution should be made a bit cheaper.

View full review »
FA
Cyber Security Analyst at a tech services company with 11-50 employees

We need a little hands-on experience to install the solution. The installation process is technical.

View full review »
DS
Consultant at a tech services company with 501-1,000 employees

There should be an on-premise version available for customers to have different choices.

View full review »
SA
Network Security Engineer at a tech services company with 201-500 employees

For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else.

In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added.

View full review »
it_user1333062 - PeerSpot reviewer
Director at a tech services company with 11-50 employees

Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners.

It has to be richer with respect to IoT. I expect that in future versions, support for a variety of devices will be added.

View full review »
Buyer's Guide
Palo Alto Networks Cortex XSOAR
March 2024
Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.