No more typing reviews! Try our Samantha, our new voice AI agent.
Cortex XSIAM Logo

Cortex XSIAM Reviews

Vendor: Palo Alto Networks
4.3 out of 5
Leave a review

What is Cortex XSIAM?

Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.

Get the Cortex XSIAM Buyer's Guide and find out what your peers are saying about Cortex XSIAM, CrowdStrike Falcon, Cortex XDR by Palo Alto Networks and more!
Cortex XSIAM is the #7 ranked solution in top Identity Threat Detection and Response (ITDR) solutions, #9 ranked solution in top AI-Powered Cybersecurity Platforms solutions, and #13 ranked solution in top Security Information and Event Management (SIEM) solutions. PeerSpot users give Cortex XSIAM an average rating of 8.6 out of 10. Cortex XSIAM is most commonly compared to CrowdStrike Falcon: Cortex XSIAM vs CrowdStrike Falcon. Cortex XSIAM is popular among the large enterprise segment, accounting for 60% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 11% of all views.
Buyer's Guide
Cortex XSIAM
May 2026
Get the report
Helped 893,221 peers since 2012

Featured Cortex XSIAM reviews

Read more reviews

Cortex XSIAM mindshare

Product category:
Security Information and Event Manage...
As of May 2026, the mindshare of Cortex XSIAM in the Security Information and Event Management (SIEM) category stands at 1.8%, down from 2.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Cortex XSIAM1.8%
Splunk Enterprise Security7.1%
IBM Security QRadar5.2%
Other85.9%
Security Information and Event Management (SIEM)

PeerResearch reports based on Cortex XSIAM reviews

TypeTitleDate
CategorySecurity Information and Event Management (SIEM)May 9, 2026Download
ProductReviews, tips, and advice from real usersMay 9, 2026Download
ComparisonCortex XSIAM vs Splunk Enterprise SecurityMay 9, 2026Download
ComparisonCortex XSIAM vs IBM Security QRadarMay 9, 2026Download
ComparisonCortex XSIAM vs WazuhMay 9, 2026Download
Suggested products
TitleRatingMindshareRecommending
CrowdStrike Falcon4.33.1%97%140 interviewsAdd to research
Cortex XDR by Palo Alto Networks4.2N/A96%110 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Cortex XSIAM excels with its integration capabilities, robust SOAR features, and comprehensive security intelligence. It combines machine learning for threat detection with advanced visualization, reducing unnecessary alerts. Users value its automation via playbooks, AI-driven threat detection, and seamless third-party integrations. Endpoint protection, detection enrichment, and streamlined workflows enhance its appeal. Its solid backend threat intelligence and managed threat hunting capabilities further distinguish it in the cybersecurity space.
  • "The way the solution responds to detections and warnings is really impressive."
  • "The product integrates seamlessly with third-party solutions."
  • "The advanced visualization capabilities of the product are important for understanding security trends in an organization."

Room for Improvement

Cortex XSIAM faces areas for enhancement such as integration capabilities, Attack Surface Management module depth, and user interface intuitiveness. Performance optimization is needed to address slowdowns when multiple tabs are open. Technical support could be faster and the pricing more competitive. Improvements in detection, integration, and incident response automation are necessary to reduce manual intervention. Data onboarding and parsers are also areas for potential advancement. More standard playbooks and templates would be beneficial.
  • "At the beginning, we experienced some difficulties setting up the product with connectivity and infrastructure, but ultimately it functioned really effectively."
  • "Cortex XSIAM is on the expensive side and requires substantial improvement in pricing."
  • "Cortex XSIAM is on the expensive side and requires substantial improvement in pricing."

ROI

Users experienced significant financial gains, saving over five hundred thousand dollars by automating at least fifty percent of detection and response processes with Cortex XSIAM. Some found resource management improved even in understaffed situations. Revenue benefits were shared with accounts teams. While one group cited no financial return, others mentioned the ROI depends on time and specific use cases. Assessment is ongoing for some, as accurate financial impact is clearer in a year.

Pricing

Cortex XSIAM pricing is perceived as expensive, often rated between six to nine out of ten, indicating high costs compared to competitors like Splunk and Microsoft Sentinel. Some users find the licensing process challenging, unlike CrowdStrike's approach. While viewed as value for money by some, the solution includes additional costs for specific add-ons and integrations must be purchased separately, affecting overall expenditure. Pricing aligns with budgets for certain enterprises, though generally considered significant.
  • "The product cost could be considered value for money compared to other solutions in the market, though it is quite high."
  • "Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."
  • "The solution is expensive compared to its competitors."

Popular Use Cases

Organizations utilize Cortex XSIAM primarily for Security Information and Event Management (SIEM), integrating Endpoint Detection and Response (EDR) and automation. It aids in security operations centers for SOC monitoring, incident detection, and response, while offering endpoint protection and ransomware defense. Companies leverage its automation for task handling and integration with various security tools, managing third-party logs, and implementing diverse security policies. It streamlines operations and enhances threat detection with its comprehensive approach.

Service and Support

Cortex XSIAM's customer service is generally helpful, though user experiences vary. While premium support is highly rated and efficient, other levels may be inconsistent. Technical support sometimes involves delays or less knowledgeable staff, who require time to learn. Some users find support teams responsive and effective in addressing issues, while others face slow resolution times. Certain users rate the support highly, appreciating clear guidance, whereas others find it challenging, particularly with non-premium support.

Deployment

Cortex XSIAM's initial setup is intuitive and uncomplicated. Deploying the broker connects integrations automatically. Users find it easier to deploy than Splunk or QRadar, typically requiring one to two weeks, though some reported delays due to documentation and configuration challenges. Connectivity and infrastructure issues arose initially but resolved over time. The setup involves integrating with the XDR Cortex platform, correlating information, and creating analytics rules. Users rated setup ease between seven and eight out of ten.

Scalability

Cortex XSIAM shows remarkable scalability, being cloud-based and easily adaptable for enterprises of various sizes. Users appreciate its seamless integration and functionality, making it straightforward to scale for security operations and system administration. Despite some hesitation about on-premises deployment, many rate scalability highly, noting no issues when applied across different teams. Concerns about scalability generally revolve around integration, but many users still consider it highly scalable with effective implementation.

Stability

Cortex XSIAM is highly stable, with most users rating its stability ten out of ten. Few users mentioned occasional issues, usually after updates, but these are promptly addressed. Its cloud-based nature ensures consistent reliability, requiring minimal maintenance. Some users reported initial setup challenges, but functionality improved after configuration. A minority rated stability lower due to limited usage time. Frequent issues like crashes were mentioned by some, though Cortex XSIAM generally performs efficiently.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Cortex XSIAM Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business9
Midsize Enterprise2
Large Enterprise4
By reviewers
By visitors reading reviews
Company SizeCount
Small Business324
Midsize Enterprise197
Large Enterprise767
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
11%
Financial Services Firm
10%
Manufacturing Company
9%
Government
6%
University
5%
Retailer
5%
Comms Service Provider
5%
Energy/Utilities Company
5%
Healthcare Company
5%
Media Company
4%
Insurance Company
4%
Outsourcing Company
3%
Construction Company
3%
Transportation Company
3%
Wholesaler/Distributor
2%
Real Estate/Law Firm
2%
Legal Firm
2%
Educational Organization
2%
Performing Arts
2%
Non Profit
2%
Marketing Services Firm
1%
Hospitality Company
1%
Engineering Company
1%
Consumer Goods Company
1%
Recreational Facilities/Services Company
1%
Recruiting/Hr Firm
1%
Leisure / Travel Company
1%
Pharma/Biotech Company
1%
Logistics Company
1%
Aerospace/Defense Firm
1%

Compare Cortex XSIAM with alternative products

Go!

Learn more about Cortex XSIAM

Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.

What are Cortex XSIAM's key features?

  • Security Orchestration: Streamlines processes across security operations.
  • Automation and Response: Efficient incident response management.
  • Detection Enrichment: Enhances identification of threats.
  • Centralized Endpoint Security: Comprehensive protection and monitoring of endpoints.
  • Forensic Investigation: Automated investigation to expedite threat analysis.

What benefits are evident in Cortex XSIAM reviews?

  • Cost-Effectiveness: Provides economical options compared to other market players.
  • Comprehensive Integration: Seamlessly integrates with multiple data sources and vendors.
  • Reduced Management Effort: Simplifies the administration of security operations.
  • Enhanced Threat Detection: Strengthens identification and remediation processes.

Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.

Related questions

  • 185
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 166
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 142
What are the main differences between Nessus and Arcsight?
  • 162
What's The Best Way to Trial SIEM Solutions?
  • 162
Which is the best SIEM solution for a government organization?
  • 480
What is the difference between IT event correlation and aggregation?
  • 136
What Is SIEM Used For?
  • 120
RSA-EMC vs. other SIEM products?
  • 228
What Questions Should I Ask Before Buying SIEM?
  • 147
What are the pros and cons of internal SOC vs SOC-as-a-Service?

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Identity Threat Detection and Response (ITDR)
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Cortex XSIAM Logo
CrowdStrike Falcon vs Cortex XSIAM
Cortex XDR by Palo Alto Networks vs Cortex XSIAM Logo
Cortex XDR by Palo Alto Networks vs Cortex XSIAM
Wazuh vs Cortex XSIAM Logo
Wazuh vs Cortex XSIAM
Splunk Enterprise Security vs Cortex XSIAM Logo
Splunk Enterprise Security vs Cortex XSIAM
SentinelOne Singularity Endpoint vs Cortex XSIAM Logo
SentinelOne Singularity Endpoint vs Cortex XSIAM
Darktrace vs Cortex XSIAM Logo
Darktrace vs Cortex XSIAM
IBM Security QRadar vs Cortex XSIAM Logo
IBM Security QRadar vs Cortex XSIAM
Microsoft Sentinel vs Cortex XSIAM Logo
Microsoft Sentinel vs Cortex XSIAM
Varonis Platform vs Cortex XSIAM Logo
Varonis Platform vs Cortex XSIAM
Elastic Security vs Cortex XSIAM Logo
Elastic Security vs Cortex XSIAM
Cribl vs Cortex XSIAM Logo
Cribl vs Cortex XSIAM
TrendAI Vision One vs Cortex XSIAM Logo
TrendAI Vision One vs Cortex XSIAM
Rapid7 InsightIDR vs Cortex XSIAM Logo
Rapid7 InsightIDR vs Cortex XSIAM
Vectra AI vs Cortex XSIAM Logo
Vectra AI vs Cortex XSIAM
Fortinet FortiSIEM vs Cortex XSIAM Logo
Fortinet FortiSIEM vs Cortex XSIAM
See all alternatives
 
Cortex XSIAM Reviews Summary
Author infoRatingReview Summary
Solutions Architect at ostec4.5I find Cortex XSIAM efficient, with good integration and advanced visualization, making my SOC productive. However, it's expensive, and I'd like to see improved pricing and more vendor integrations, like CyberArk, in the future.
IT COMMUNICATIONS AND NETWORKS at Américas BPS5.0I found Cortex XSIAM effective for threat detection with AI and playbooks, despite initial setup challenges. Its response to detections is impressive, and support was excellent. I rate this scalable solution highly.
Associate Director at a financial services firm with 5,001-10,000 employees2.5I find the solution offers flexible manual workflows and good ticketing, but integrations are limited and slow, customer support is poor, and scalability is an issue. It's expensive, lacks ROI, and I rate it 5/10, suitable only for highly regulated organizations.
SOC Analyst at OVELOSEC4.0We use Cortex XSIAM for SOC monitoring, which cut incident response times by twenty percent. While scalable, it needs improvements in data onboarding, parsers, and third-party integrations. Its AI analytics require fine-tuning, and licensing is expensive.
Owner at Xelere4.0We find Cortex XSIAM's AI for vulnerability detection valuable, and it's easy to set up and stable, with good support. However, I believe it could improve detection resolution and seems more expensive. I rate it eight out of ten.
Team Lead, Security at seamlessinfotech.com4.0I find Cortex XSIAM effective for SIEM/SOAR, filtering critical security alerts, and enabling automation. Its deployment is straightforward, and incident management is strong. While UI intuitiveness could improve, I recommend it for its efficiency, despite competitive alternatives like Splunk.
Senior Vice President at Chi Networks4.0I use Cortex XSIAM for endpoint protection, appreciating its robust detection, API-driven automation, and good scalability. While I believe the GUI needs improvement, I require more time to fully assess its stability and ROI.
Senior Manager - Security Operations at First Advantage Corporation4.5I believe Cortex XSIAM is a top SIEM solution, centralizing our security operations and enabling significant automation for my lean team. It delivered over $500k ROI, though I wish for more integrations and ASM context.