Palo Alto Networks Cortex XSOAR Questions

Rony_Sklar
IT Central Station

Users researching SOAR tools often compare these two solutions. In your experience, which is better?

Julia Frohwein
Content and Social Media Manager
IT Central Station
Mar 29 2021

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

reviewer1333062There is a perception that it is priced very high compared to other solutions.
Trish JosephI think Swimlane is a better cost. It's small and doesn't focus on only… more »
Miriam Tover
Content Specialist
IT Central Station
Jul 02 2021

Hi Everyone,

What do you like most about Palo Alto Networks Cortex XSOAR?

Thanks for sharing your thoughts with the community!

Julia Frohwein
Content and Social Media Manager
IT Central Station
Jul 02 2021

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

Miriam Tover
Content Specialist
IT Central Station
Jul 02 2021

Please share with the community what you think needs improvement with Palo Alto Networks Cortex XSOAR.

What are its weaknesses? What would you like to see changed in a future version?

Julia Frohwein
Content and Social Media Manager
IT Central Station
Jul 02 2021

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

Miriam Tover
Content Specialist
IT Central Station
Jul 02 2021

If you were talking to someone whose organization is considering Palo Alto Networks Cortex XSOAR, what would you say?

How would you rate it and why? Any other tips or advice?

Security Orchestration Automation and Response (SOAR) Questions
William Milton
User at VAE-MARMARA8
Apr 16 2021

Hi, I'm looking for a technical comparison between Splunk Phantom SOAR and FireEye SOAR solutions.

Can anyone help with insights?

Rony_Sklar
IT Central Station
Mar 15 2021

Can you explain what an incident response playbook is and the role it plays in SOAR? How do you build an incident response playbook? Do SOAR solutions come with a pre-defined playbook as a starting point?

Maged MagdyHi, what an incident response playbook?  Incident Response Playbook is the… more »
Rony_Sklar
IT Central Station

When evaluating SOAR tools, what features are most important to look out for? 

Rony_Sklar
IT Central Station

SIEM and SOAR have a lot of components in common. How do they differ in the role they play in Cyber Security?

If you've been working in cybersecurity, you've likely come across SOAR and SIEM technologies. There are differences between their capabilities, although they have a fair amount of commonalities. They both collect data, but the quantity of data, type of data, and type of response is where they differ. As threats have advanced, security professionals may be in need of both.

That's where SOAR and SIEM come to the rescue, although there has been some confusion as to the difference between the two. The two technologies have different competencies, but can be combined to increase a security team's or SOC's effectiveness.

We've evaluated the differences of the best SIEM tools and top SOAR tools to clear up the differences between each.

SIEM vs SOAR

In short, SIEM aggregates and correlates data from multiple security systems to generate alerts while SOAR acts as the remediation and response engine to those alerts.

SIEM is the collection and aggregation of security data sourced from integrated platforms logging event-related data - firewalls, network appliances, intrusion detection and prevention systems, etc. - then correlates data across devices, categorizes, and analyzes incidents before issuing alerts. The alerts are identified by using sophisticated analytical techniques and machine learning, which require fine tuning. This leaves a lot of alerts for a security team or SOC to prioritize and remediate; a difficult, time-consuming process.

SOAR, on the other hand, is designed to help security teams automate the response process by gathering alerts, managing cases, and responding to the endless alerts generated by SIEM. With SOAR, security teams can integrate with security alerts and create adaptive, automated incident response workflows. This gives SecOps the ability to prioritize threats and deliver faster results.

Marcus GaitherWhat is SIEM? Firewalls, network appliances, and intrusion detection systems… more »
Denis LTLDR: SIEM: Security information management: Long-term storage as well as… more »
Shastri SooknananSIEM is the log file collection of IT assets and various intel feeds that… more »
Ariel Lindenfeld
Sr. Director of Community
IT Central Station