Can anyone advise on which SIEM will work best with Palo Alto Cortex XDR?
I think most of them understand "de-facto standards" very well (including Palo Alto - if that doesn't happen the problem is with PA and not with SIEM). Although the question is "excellent and specific", I would be concerned with a SIEM that works better with EVERYONE asset and less with a specific product/3rd party (because in long-term it will be just another datasource of your correlation ecosystem).
its "quite easy" there are only two option, if you go for the best.
One is Q-Radar, as recommended below the other one is of course splunk.
In terms of easyness of use, quickness of installation, speed of adaptation (dynamic serach) splunk is #1
If you take required manpower in account you should accept Splunk Licence costs (TCO).
On the other hand Q-Radar is a well proven tool.
In my humble opinion everthig else is 2nd Choice.
Palo Alto Networks and IBM have partnered to deliver logging extensions for Palo Alto Networks Cortex XDR for the widely used IBM QRadar SIEM.
Referenece : IBM Security App Exchange - Cortex XDR for QRadar (ibmcloud.com)
I would advise not using LogRhythm. They do not have a log parser for the Cortex.
Splunk works well with it. You do have to setup a log forwarder in Cortex though (that would apply for any SIEM).
I'm researching XDR solutions. Which of these two solutions is better: FortiXDR or Cortex Pro?
Buying a SIEM solution, especially for a large enterprise, is a massive decision.
How long does your organization spend on making this decision? How long does it then take to implement?
What are your considerations before pulling the trigger on a particular solution?
What's your shortlist process like?
How do you do your research?
What are your primary considerations?
How do independent user review sites like IT Central Station, or independent analyst reviews, influence your decision?
Would love to hear your thoughts. Thanks in advance :)