Palo Alto Networks Cortex XSOAR Room for Improvement
I want to make note that it seems like Palo Alto Networks is moving to a full A La-cart licensing model where just about every feature in the product has a separate key and license to purchase/maintain and monitor. I have had firewalls bricked because it became cost prohibitive to license them. Once licenses expire, the firewall virtually stops operating as anything more than a router.
With Cortex specifically, it's the poor platform based logging. I can generate logs for individual users, but there is little platform data available from either the client or the Dashboard.
Also, having to maintain GP and Cortex on the same machines makes life more complicated as there are two seperate controls that need to be managed, licensed and monitored. I would like to see a day when GP and Cortex are one and the same with feature switches to enable/disable functionality
JP
reviewer1714731
Cybersecurity Cyber Crime Infrastructure Engineer & Investigator at a government with 5,001-10,000 employees
In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening.
From an analyst perspective, it's not that hard to use. From a developer, it takes a little while in order to get to understand exactly how one would go about creating a playbook. The automation part is not that hard. It's relatively easy. It's just creating the flowchart.
View full review »AS
Aishik Sanyal
Works at a educational organization with 10,001+ employees
The platform’s setup procedures could be streamlined compared to Sentinel, which has a much easier setup regarding Single Sign-On and policy management.
View full review »Buyer's Guide
Palo Alto Networks Cortex XSOAR
March 2024
Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
I would like to have a better visualization of the command center. In command and samples, the sample has a product called the command center.
I want the scalability of the product to be improved.
There is room for improvement in support. The response time could be faster.
View full review »Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs.
For example, creating a pro model alongside a lighter model could be beneficial, like FortiSOAR or others providing a lighter model that focuses on the automation segment, where you could integrate maybe five or ten playbooks and integrations for day-to-day operations. This would make it more accessible to everyone.
Currently, Cortex XSOAR operates on a larger scale, which may not be necessary for all. If there's a minimum budget of around 50k or 80k for SOAR, having a scaled-down version of Cortex XSOAR would be advantageous. This would allow integration with current business operations at a minimal cost, saving money while still leveraging the capabilities of Cortex XSOAR.
And if there's a need to scale up later, moving to a pro model could be an option. That's something that's missing on the business side but could greatly aid incident response, as we're all trying to secure organizations from threats. Having such an option would make it a more socially viable cost and still provide widespread use.
In future releases, I would like to see more differential models could be implemented, instead of having a one-size-fits-all approach.
View full review »Palo Alto Networks Cortex XSOAR lacks to offer SIEM functionalities currently. From an improvement perspective, I would like to see Palo Alto Networks Cortex XSOAR offer SIEM functionalities.
In the future, I would like to see more automation functionalities.
ML
reviewer1469436
Splunker, Networking and E-Mail Security Architect, Engineer and Guru at a healthcare company with 10,001+ employees
I would love to see more flexibility on what we can display and design on the dashboards.
View full review »Customization and performance can be improved. For example, some formats were incompatible when integrating, and they said we needed to work with the vendor to fix this issue because some logs that AVA logs were not compatible, and it did not readily recognize the format. Most of the time, I heard this as feedback. The formats are not compatible, are readily not available, and are not readable. Then we had to work it and write it manually.
View full review »DL
Diego Lo Dico
Senior Information Technology Support Engineer at TSCNET Services GmbH
The stability could be better.
The integration could be better. Cortex, for example, does not work with iPhone.
View full review »We'd like to be able to add as many integrations as possible. We would like more options for our clients.
A few times, I have noticed some bugs. That may be due to the fact that they are consistently upgrading the product. With new releases, a few bugs might get through.
The solution is expensive. They should work to make it less costly for the customer.
MA
Musammil Azar
MSS Delivery Lead at Help AG
The tool’s multi-tenancy feature must be improved. The user interface must be made a little bit easier.
View full review »The price of the solution could be improved.
SB
reviewer1480533
Vice President Global Technology Infrastructure Automation at a financial services firm with 10,001+ employees
The solution is very expensive. They would get more clients if it wasn't so pricey.
View full review »Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations. In the next release, Palo Alto should include popup features - for example, if someone is working on an incident, it should pop up and display in front of me once it's clicked.
View full review »One limitation I have noticed with Cortex XSOAR is that it doesn't offer automatic threat intel reports out of the box. However, you can achieve this through coding, and we have managed to do it in our own environment using scripts and playbooks. It is not a built-in feature, but it is possible with some coding skills. The good news is that Palo Alto Networks plans to make this process more automated in the future, but it is not available yet.
EG
Ephrem Gezachew
Manager at Commercial Bank of Ethiopia
Integrations with other applications are challenging and need to be improved.
Reports or issues are often duplicated.
The solution requires DV but does not support open-source DV elastic searches.
View full review »The solution's price could be better. Also, they should provide integration with machine learning and artificial intelligence platforms.
View full review »SM
reviewer1940673
Security Project Manager at a retailer with 10,001+ employees
Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly.
View full review »AM
reviewer2125281
Intern Cybersecurity at a computer software company with 10,001+ employees
XSOAR could have more integration options.
View full review »There is room for improvement in terms of the pricing model.
View full review »Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated.
View full review »With Palo Alto Networks Cortex XSOAR, managing its setup phase can be a complicated task. The aforementioned aspects of the solution can be considered for improvement. In the future, I need the product to provide me with the ability to manage its base.
In the future, I want Palo Alto Networks Cortex XSOAR to provide me with an option that allows me to do an automatic setup process. I also want Palo Alto Networks Cortex XSOAR to plan a way to minimize the need for too many configuration processes in an architecture. I feel that currently, the setup process of the product is really hard.
The dashboard could be better.
View full review »GJ
reviewer1914009
Deputy Vice President at a financial services firm with 10,001+ employees
It doesn't have any integrations. It lacks multiple integrations.
It is been decommissioned by Palo Alto. There's no more trying to support it. There will be no more additional items added.
The initial setup was complex.
View full review »YP
YaminPrabudy
Business Development Manager at a tech services company with 51-200 employees
The solution's integration with non-security solutions will be helpful.
View full review »GS
reviewer1232895
Commercial Director at a security firm with 11-50 employees
The solution’s price and technical support could be improved.
View full review »DL
DenysLahutin
Sales engineer at MUK
Nothing needs to be changed. It is a part of Cortex inside Palo Alto Networks. If you want to get all the benefits, you will need the Cortex XDR, then you will need to get Cortex XSOAR. It's like a brother and sister, and they will give you a lot of benefits if you integrate them.
It's only one cloud right now. It might be helpful for some companies to have an on-premies option.
View full review »RK
reviewer1446645
Network and Information Security at a tech services company with 10,001+ employees
The dashboard performance could be improved.
Another area of improvement is a support team. Moreover, we need to pay for modifying anything with scripting in terms of customization. It can be a challenge if the person isn't 100% good with scripting.
View full review »VW
reviewer1367535
Security Professional at a tech services company with 51-200 employees
I think they should increase their collaboration base so that XSOAR can be utilized for any number of automation.
View full review »RP
reviewer1520922
Regional Director, Customer Success (GTM Solutions & Services) at a tech services company with 51-200 employees
Although we haven't used the solution for too long, we haven't come across any issues and haven't noticed any features that are lacking. We're largely satisfied with the offering.
The user interface could be a bit better. It's the only aspect I've noticed that could possibly be improved.
Other than that, we've been pretty happy with it.
View full review »SA
Samer Amr
CyberSecurity Consultant at Information Technology Solutions- ITS
The solution's features for reporting and dashboards need improvement. They need more customization options.
View full review »NN
Susan Amiri
None at Invecto
The solution should be made a bit cheaper.
View full review »FA
reviewer2208075
Cyber Security Analyst at a tech services company with 11-50 employees
We need a little hands-on experience to install the solution. The installation process is technical.
DS
Darshil Sanghvi
Consultant at a tech services company with 501-1,000 employees
There should be an on-premise version available for customers to have different choices.
View full review »SA
Shubham Agarwal
Network Security Engineer at a tech services company with 201-500 employees
For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else.
In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added.
View full review »Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners.
It has to be richer with respect to IoT. I expect that in future versions, support for a variety of devices will be added.
Buyer's Guide
Palo Alto Networks Cortex XSOAR
March 2024
Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.