Try our new research platform with insights from 80,000+ expert users
Cortex XSIAM Logo

Cortex XSIAM Reviews

Vendor: Palo Alto Networks
4.3 out of 5
Leave a review

What is Cortex XSIAM?

Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.

Get the Cortex XSIAM Buyer's Guide and find out what your peers are saying about Cortex XSIAM, CrowdStrike Falcon, Wazuh and more!
Cortex XSIAM is the #5 ranked solution in top Identity Threat Detection and Response (ITDR) solutions, #7 ranked solution in top AI-Powered Cybersecurity Platforms solutions, and #13 ranked solution in top Security Information and Event Management (SIEM) solutions. PeerSpot users give Cortex XSIAM an average rating of 8.6 out of 10. Cortex XSIAM is most commonly compared to CrowdStrike Falcon: Cortex XSIAM vs CrowdStrike Falcon. Cortex XSIAM is popular among the large enterprise segment, accounting for 63% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 12% of all views.
Buyer's Guide
Cortex XSIAM
September 2025
Get the report
Helped 868,759 peers since 2012

Featured Cortex XSIAM reviews

Read more reviews

Cortex XSIAM mindshare

Product category:
Security Information and Event Manage...
As of October 2025, the mindshare of Cortex XSIAM in the Security Information and Event Management (SIEM) category stands at 3.0%, up from 1.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Market Share Distribution
ProductMarket Share (%)
Cortex XSIAM3.0%
Wazuh10.2%
Splunk Enterprise Security9.2%
Other77.6%
Security Information and Event Management (SIEM)

PeerResearch reports based on Cortex XSIAM reviews

TypeTitleDate
CategorySecurity Information and Event Management (SIEM)Oct 3, 2025Download
ProductReviews, tips, and advice from real usersOct 3, 2025Download
ComparisonCortex XSIAM vs Splunk Enterprise SecurityOct 3, 2025Download
ComparisonCortex XSIAM vs WazuhOct 3, 2025Download
ComparisonCortex XSIAM vs Microsoft SentinelOct 3, 2025Download
Suggested products
TitleRatingMindshareRecommending
CrowdStrike Falcon4.34.1%97%135 interviewsAdd to research
Wazuh3.710.2%80%49 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Cortex XSIAM's standout features include robust SOAR capabilities, impressive security intelligence, detection enrichment, machine learning, and integration with third-party tools. It excels in threat detection, holistic analysis, and provides a unified platform for anomaly identification. Its integration capabilities simplify interaction with other vendors. Advanced visualization and automation enhance incident management, while its AI optimizes rule application and reduces alert fatigue. Additionally, Playbooks and sandboxing contribute significantly to its effectiveness.
  • "The way the solution responds to detections and warnings is really impressive."
  • "The product integrates seamlessly with third-party solutions."
  • "The advanced visualization capabilities of the product are important for understanding security trends in an organization."

Room for Improvement

Cortex XSIAM requires enhancements in integration capabilities and user interface intuitiveness. There's room for optimizing the Attack Surface Management module's context depth and improving performance, especially with multiple tabs. Pricing and technical support need attention. Integrating third-party products, improving detection and resolution of vulnerabilities, and offering more standard playbooks and templates could advance its functionality. The licensing process is also less convenient compared to competitors. Data onboarding and AI analytics need refinement.
  • "At the beginning, we experienced some difficulties setting up the product with connectivity and infrastructure, but ultimately it functioned really effectively."
  • "Cortex XSIAM is on the expensive side and requires substantial improvement in pricing."
  • "Cortex XSIAM is on the expensive side and requires substantial improvement in pricing."

ROI

Companies report a significant ROI from Cortex XSIAM, reaching over $500,000 through automation of half of their detection and response processes without needing extra SOC analysts. Some businesses find it hard to determine their ROI after a few months, requiring a full year for accurate assessment. ROI from Cortex XSIAM depends on customer incidents and use cases, typically showing returns within three to four months, while some entities still work on quantifying their return.

Pricing

Enterprise buyers found the Cortex XSIAM pricing competitive yet expensive compared to alternatives like Splunk and Microsoft Sentinel. Licensing costs are similar to Splunk, though additional costs for add-ons like Managed Threat Hunting may arise. Users noted a complex licensing process and extra integration expenses. Despite its higher pricing, some valued it as cost-effective against other options. Other feedback highlighted varying regional pricing, with resource dependency sometimes leading to delays.
  • "The product cost could be considered value for money compared to other solutions in the market, though it is quite high."
  • "Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."
  • "The solution is expensive compared to its competitors."

Popular Use Cases

Organizations utilize Cortex XSIAM primarily for Security Information and Event Management, automating SOC processes, and integrating third-party logs. It enhances endpoint protection, manages incidents, and streamlines operations through automation. It efficiently integrates with various security controls, facilitating comprehensive threat detection and response. Companies leverage its capabilities for malware detection, ransomware protection, and SOC monitoring. Cortex XSIAM is also valued for its ability to consolidate security incidents and automate incident response.

Service and Support

Customer service and support for Cortex XSIAM receive mixed feedback. Users find technical support challenging due to inexperienced team members yet acknowledge their helpfulness when resolving issues. Different support levels, including premium support, vary in quality. Some experience slow and ineffective responses, yet others rate support as excellent. Satisfaction ranges, with some rating it eight out of ten, while others rate it four. Direct handling by core experts is preferred over distributors like Redington or Tech Data.

Deployment

Many found Cortex XSIAM's initial setup intuitive and uncomplicated, typically completed within a week, though some required longer. Deployment involved straightforward steps like broker installation. Documentation needed improvement, with most implementations cloud-based. Integration with XDR Cortex required fine-tuning. Users found it easier than QRadar and less complex than Splunk, despite challenges in manual playbook configuration. Ratings varied from seven to eight out of ten for ease.

Scalability

Cortex XSIAM shows excellent scalability and flexibility, accommodating varying organization sizes and enhancing performance. Its cloud-based nature facilitates seamless integration and easy expansion. While some emphasize its dependency on integration for effective scalability, others find it highly reliable, implementing it across diverse departmental uses. Despite mixed ratings, it integrates well within enterprise environments, aiding numerous users. The possibility of future on-premises deployment could enhance its adaptability further.

Stability

Cortex XSIAM demonstrates strong stability, with most users experiencing minimal downtime and consistently reliable performance due to its cloud-based system. Some users rated it a perfect ten. Occasionally, stability issues arise after updates, yet they are usually resolved quickly. Stability ratings vary, with one user giving it a six or seven due to limited experience. Users find installation and setup easy, with Cortex XSIAM performing well.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Cortex XSIAM Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business9
Midsize Enterprise2
Large Enterprise4
By reviewers
By visitors reading reviews
Company SizeCount
Small Business360
Midsize Enterprise233
Large Enterprise999
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
12%
Manufacturing Company
10%
Financial Services Firm
10%
Government
7%
Comms Service Provider
5%
Retailer
5%
Energy/Utilities Company
4%
Insurance Company
4%
Healthcare Company
4%
Media Company
4%
University
4%
Outsourcing Company
3%
Construction Company
3%
Educational Organization
3%
Real Estate/Law Firm
2%
Transportation Company
2%
Legal Firm
2%
Performing Arts
2%
Hospitality Company
1%
Wholesaler/Distributor
1%
Recreational Facilities/Services Company
1%
Non Profit
1%
Engineering Company
1%
Pharma/Biotech Company
1%
Consumer Goods Company
1%
Marketing Services Firm
1%
Recruiting/Hr Firm
1%
Security Firm
1%
Logistics Company
1%

Compare Cortex XSIAM with alternative products

Go!

Learn more about Cortex XSIAM

Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.

What are Cortex XSIAM's key features?

  • Security Orchestration: Streamlines processes across security operations.
  • Automation and Response: Efficient incident response management.
  • Detection Enrichment: Enhances identification of threats.
  • Centralized Endpoint Security: Comprehensive protection and monitoring of endpoints.
  • Forensic Investigation: Automated investigation to expedite threat analysis.

What benefits are evident in Cortex XSIAM reviews?

  • Cost-Effectiveness: Provides economical options compared to other market players.
  • Comprehensive Integration: Seamlessly integrates with multiple data sources and vendors.
  • Reduced Management Effort: Simplifies the administration of security operations.
  • Enhanced Threat Detection: Strengthens identification and remediation processes.

Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.

Related articles

Julia Miller - PeerSpot reviewer
Top SIEM Solutions & Success Stories: Strengthening Cybersecurity in Diverse Industries
Read more

Related questions

  • 158
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 60
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 87
What are the main differences between Nessus and Arcsight?
  • 43
What's The Best Way to Trial SIEM Solutions?
  • 135
Which is the best SIEM solution for a government organization?
  • 720
What is the difference between IT event correlation and aggregation?
  • 57
What Is SIEM Used For?
  • 46
RSA-EMC vs. other SIEM products?
  • 326
What Questions Should I Ask Before Buying SIEM?
  • 100
What are the pros and cons of internal SOC vs SOC-as-a-Service?

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Identity Threat Detection and Response (ITDR)
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Cortex XSIAM Logo
CrowdStrike Falcon vs Cortex XSIAM
Wazuh vs Cortex XSIAM Logo
Wazuh vs Cortex XSIAM
Microsoft Sentinel vs Cortex XSIAM Logo
Microsoft Sentinel vs Cortex XSIAM
Splunk Enterprise Security vs Cortex XSIAM Logo
Splunk Enterprise Security vs Cortex XSIAM
Darktrace vs Cortex XSIAM Logo
Darktrace vs Cortex XSIAM
IBM Security QRadar vs Cortex XSIAM Logo
IBM Security QRadar vs Cortex XSIAM
Cortex XDR by Palo Alto Networks vs Cortex XSIAM Logo
Cortex XDR by Palo Alto Networks vs Cortex XSIAM
Elastic Security vs Cortex XSIAM Logo
Elastic Security vs Cortex XSIAM
Varonis Platform vs Cortex XSIAM Logo
Varonis Platform vs Cortex XSIAM
Trend Vision One vs Cortex XSIAM Logo
Trend Vision One vs Cortex XSIAM
Vectra AI vs Cortex XSIAM Logo
Vectra AI vs Cortex XSIAM
Microsoft Defender for Identity vs Cortex XSIAM Logo
Microsoft Defender for Identity vs Cortex XSIAM
Rapid7 InsightIDR vs Cortex XSIAM Logo
Rapid7 InsightIDR vs Cortex XSIAM
Fortinet FortiSIEM vs Cortex XSIAM Logo
Fortinet FortiSIEM vs Cortex XSIAM
Cribl vs Cortex XSIAM Logo
Cribl vs Cortex XSIAM
See all alternatives
 
Cortex XSIAM Reviews Summary
Author infoRatingReview Summary
Associate Director at a financial services firm with 10,001+ employees2.5I am evaluating Cortex XSIAM in my new organization, having used its older version before. The solution offers flexibility in manual workflows and effective ticketing. However, it lacks integrations and playbooks, hindering automation and incident response efficiency. ROI remains absent.
SOC Analyst at OVELOSEC4.0In our organization, we use Cortex XSIAM for SOC monitoring, onboarding devices, and integrating log parsers. While it's effective, improvements are needed in data onboarding and AI analytics. We previously used Splunk User Behavior Analytics before switching.
Solutions Architect at ostec4.5I've used Cortex XSIAM for two years and find its automation, integration, and behavior analytics valuable, though it's expensive and could improve vendor integration and identity management; overall, it's stable, scalable, and greatly enhances incident response efficiency.
Senior Vice President at Chi Networks4.0We use Cortex XSIAM for endpoint protection, applying policies, and automating processes through API integration. Its signature-less detection enhances security, though dashboard improvements are needed. Previously using ESET, we chose XSIAM for its automation and customization features.
Owner at a retailer with 51-200 employees4.0We partner and train users on Cortex XSIAM, valuing its AI for detecting vulnerabilities. While we appreciate its ease of setup and rule optimization, improvements in detection and resolution are desired. Compared to IBM QRadar, Cortex justifies its cost.
Team Lead, Security at seamlessinfotech.com4.0I've used Cortex XSIAM for four years and find it effective for incident correlation, automation, and reducing unnecessary alerts. While its interface could be more intuitive, deployment is smooth and the ROI is typically realized in a few months.
Senior Manager - Security Operations at First Advantage Corporation4.5In our organization, Cortex XSIAM serves as our primary SIEM solution, excelling in security orchestration, intelligence, and detection enrichment. We achieved over $500k ROI without expanding our team, unlike Sentinel or Splunk, which need more staffing.
IT COMMUNICATIONS AND NETWORKS at Américas BPS5.0With Cortex XSIAM, setup was initially challenging but the solution proved stable, scalable, and effective. I appreciated its AI-driven threat detection, playbooks, and Managed Threat Hunting features, and found support generally helpful throughout the deployment process.