Anomali vs Rapid7 InsightIDR comparison

Anomali and Rapid7 are both solutions in the Security Information and Event Management (SIEM) category. Anomali is ranked #32 with an average rating of 8.5, while Rapid7 is ranked #21 with an average rating of 7.8. Additionally, 80% of Anomali users are willing to recommend the solution, compared to 96% of Rapid7 users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 18, 2026

Anomali and Rapid7 InsightIDR are products competing in the cybersecurity domain, offering solutions in threat management. Rapid7 InsightIDR tends to have the upper hand due to its robust features and better integration abilities.

Features: Anomali offers threat intelligence with credential monitoring, threat modeling capability, and an adaptable API for automation. Rapid7 InsightIDR provides user behavior analytics, integrated threat modeling, and the use of honeypots to monitor suspicious patterns.

Room for Improvement: Anomali could enhance its data set, improve intelligence prioritization, and expand its automation capabilities. Rapid7 InsightIDR might benefit from advanced customization options, more comprehensive endpoint visibility, and enhanced threat intelligence integration.

Ease of Deployment and Customer Service: Anomali provides a streamlined setup process with strong support and seamless adoption integration. Rapid7 InsightIDR offers an easy deployment model with detailed documentation and a responsive service team, giving it an edge in customer engagement.

Pricing and ROI: Anomali presents competitive pricing with significant ROI through intelligence offerings. Rapid7 InsightIDR might require a higher initial investment but promises significant long-term value with its integrated features and high perceived ROI.

To learn more, read our detailed Anomali vs. Rapid7 InsightIDR Report (Updated: March 2026).

Buyer's Guide

Anomali vs. Rapid7 InsightIDR

March 2026

Download the complete report

Helped 884,933 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XDR by Palo Alto Net...

Featured Reviews

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

Gained full visibility and streamlined threat detection through behavior-based insights and AI integration

Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.

Read full review

ChrisCollins

Enterprise Security Architect V at FirstEnergy

Enables automated threat intelligence sorting and enhances proactive threat hunting capabilities

You have to have at least a threat intelligence background or a SOC analyst background to use it, as that's the information you'll dig around with in there. If you don't have that kind of knowledge, it probably can be a little hard to use, but they do provide training. They offer training not only for how to use the platform but also some basic threat intelligence training to explain what these things are and what these terms mean. My company is a customer of Anomali. I would recommend it to other people. I would advise making sure you don't pick it without testing other products and have your use cases well thought out and documented before testing, so you know it will solve the problems you're trying to address. Keep an open mind with it and realize that whatever you can dream of, you can probably do with the platform. Overall, I would rate Anomali an eight out of ten.

Read full review

SohailHyder

Head Of Cyber Security at Super Secure

Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration

If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled. Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Automation and playbooks have helped me significantly, as Cortex Xnor's playbooks predefine the workflow of the automation, such as response processes, alert triggering, and enriching the context, efficiently detecting and blocking malicious attacks with firewalls while eliminating workload and speeding responses for next-generation operations."

"One of the main benefits of the solution is its intelligence to correlate the events into an incident."

"The tool is designed to scale for large enterprises and handle large volumes of data."

"It is an easy-to-use tool."

"The behavior-based detection feature is valuable."

"The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week."

"The most valuable feature is that you can select remote access of any machine for sandboxing."

"If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies."

More Cortex XDR by Palo Alto Networks pros

"The feature I have found most valuable is credential monitoring. This feature is easy and quick."

"I have found Cyber threat intelligence (CTI) very useful and concise. The solution is easy to use."

"We now have a very robust collection of threat intelligence based on the capabilities that Anomali provides."

"The most valuable aspect of Anomali is the threat modeling capability."

"I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."

"Rapid7's reporting is more robust than Tenable's."

"The web interface is great — very useful and user-friendly."

"Integration with threat modeling from the Metasploit and InsightIDR repositories."

"We were able to identify criminals attempting to login from China and put a stop on their IP locations."

"The alerting to drive investigations and remediation has been its most valuable feature, plus the ability to quickly search multiple logs makes investigations easier."

"Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log."

"Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."

More Rapid7 InsightIDR pros

Cons

"For Cortex XDR by Palo Alto Networks, if I had to point out improvements, I would say the UI is still somewhat difficult for beginners."

"Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want."

"The server sometimes stops continuously to check things so it would be helpful to receive access updates or technical reasons."

"Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco."

"The encryption is not up to the mark."

"The solution needs better reports. I think they should let the customer go in and customize the reports."

"While using Cortex, I noticed some aspects that could be improved, such as increasing the synchronization speed between XDR and Xnor."

"If Palo Alto reduces the pricing slightly for their products, it would make them more scalable in markets such as India and globally for cybersecurity."

More Cortex XDR by Palo Alto Networks cons

"A lot of tools can give you many features, such as CTI intelligence and a tax service reduction. However, many people are combining different tools together to have more capabilities. It is up to the consumer whether they want to have multiple tools or have one tool that serves the purpose. Anomali Enterprise could improve by combining all the other tools' features into one solution."

"An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsistent, as any company can use any tags for their reporting."

"Support in the past has been top-notch, but recent trends indicate that it has taken a back seat, as we often don't get answers for days."

"Less code in integration would be nice when building blocks."

"They should add more configuration and security features to it."

"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."

"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."

"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."

"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."

"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."

"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."

"Customised alert recipients need to be added to allow better first-line action and quicker response."

More Rapid7 InsightIDR cons

Pricing and Cost Advice

"Very costly product."

"It's about $55 per license on a yearly basis."

"Cortex XDR by Palo Alto Networks is an expensive solution."

"Our license will require renewal in August, after which the maintenance will continue as usual."

"The price is on the higher side, but it's okay."

"The price was fine."

"Cortex XDR's pricing is ok."

"Cortex XDR’s pricing is very reasonable."

More Cortex XDR by Palo Alto Networks pricing and cost advice

"When comparing the price of Anomali Enterprise to other solutions it is in the medium to high range. However, I am satisfied with the price."

"I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive."

"The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help."

"Rapid7 InsightIDR is priced very well and is cost-effective."

"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."

"The pricing is good, and it is not very expensive."

"Rapid7 InsightIDR is a cheaply priced product. On a scale of one to ten, where one is very expensive, and ten is very cheap, I rate the product's price at seven or eight."

"Accurately predict your licensing counts as this is a subscription based product."

"Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."

More Rapid7 InsightIDR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

884,933 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

Manufacturing Company

Financial Services Firm

Comms Service Provider

Financial Services Firm

16%

Computer Software Company

Manufacturing Company

Educational Organization

Computer Software Company

10%

Financial Services Firm

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	44
Midsize Enterprise	20
Large Enterprise	47

By reviewers
Company Size	Count
Small Business	2
Midsize Enterprise	1
Large Enterprise	5

By reviewers
Company Size	Count
Small Business	20
Midsize Enterprise	5
Large Enterprise	6

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One

Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...

See all answers

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)

Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...

See all answers

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...

See all answers

What needs improvement with Anomali ThreatStream?

An area for improvement is the intelligence sharing within the Anomali community. The tagging system can be inconsist...

See all answers

What is your primary use case for Anomali ThreatStream?

I use Anomali ( /products/anomali-reviews ) for threat hunting, threat collection, operationalization of intelligence...

See all answers

What advice do you have for others considering Anomali ThreatStream?

For new users, I recommend taking the training provided by Anomali as it is very well articulated. I advise reading t...

See all answers

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...

See all answers

What do you like most about Rapid7 InsightIDR?

During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, ...

See all answers

What is your experience regarding pricing and costs for Rapid7 InsightIDR?

The product pricing is very cheap.

See all answers

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Compared 9% of the time

SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks

Compared 6% of the time

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Cortex XSIAM vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

More Cortex XDR by Palo Alto Networks Competitors

Recorded Future vs Anomali

Compared 6% of the time

ThreatConnect Threat Intelligence Platform (TIP) vs Anomali

Compared 6% of the time

Splunk Enterprise Security vs Anomali

Compared 4% of the time

IBM Security QRadar vs Anomali

Compared 3% of the time

TrendAI Vision One – Network Security vs Anomali

Compared 3% of the time

More Anomali Competitors

Microsoft Sentinel vs Rapid7 InsightIDR

Compared 5% of the time

Splunk Enterprise Security vs Rapid7 InsightIDR

Compared 5% of the time

Rapid7 InsightVM vs Rapid7 InsightIDR

Compared 4% of the time

CrowdStrike Falcon vs Rapid7 InsightIDR

Compared 4% of the time

Darktrace vs Rapid7 InsightIDR

Compared 3% of the time

More Rapid7 InsightIDR Competitors

Product Reports

Buyer's Guide

Cortex XDR by Palo Alto Networks

March 2026

Download Cortex XDR by Palo Alto Networks product report

Buyer's Guide

Threat Intelligence Platforms (TIP)

March 2026

Download Anomali product report

Buyer's Guide

Rapid7 InsightIDR

March 2026

Download Rapid7 InsightIDR product report

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics

InsightIDR

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?

Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
Multi-layered Security: Combines various security measures for comprehensive protection.
Endpoint Protection: Safeguards against malware and exploits.
Behavioral Analysis: Monitors suspicious activity for early detection.
Automatic Threat Response: Automates responses to neutralize threats.

What benefits should users expect?

Ease of Use: Simplifies security management with intuitive design.
Resource Efficiency: Minimizes impact on system resources.
Integration Capabilities: Works well with existing security setups.
Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

Anomali delivers advanced threat intelligence solutions designed to enhance security operations by providing comprehensive visibility into threats and enabling real-time threat detection and management.

Anomali stands out in threat intelligence, offering an innovative platform that integrates data to identify and analyze threats effectively. It enables teams to streamline threat detection processes and respond to incidents with increased agility. With a focus on accuracy and efficiency, Anomali supports cybersecurity professionals in making informed decisions to safeguard their networks consistently.

What are Anomali's core features?

ThreatStream: A platform that aggregates threat intelligence feeds to enhance threat assessment.
Match: An automated detection feature that matches internal log data against threat intelligence insights.
Link: Provides graphical visualization for threat analysis, helping to understand threat vectors better.
STAXX: A lightweight tool for collecting and analyzing open-source threat intelligence.

What are the key benefits and ROI of using Anomali?

Improved Threat Detection: Streamlined processes lead to faster identification and response to threats.
Resource Efficiency: Automation reduces manual tasks, allowing security teams to focus on strategic activities.
Better Decision Making: Provides actionable insights that enable more informed security strategies.

In industries like finance and healthcare, Anomali is implemented to address specific challenges like compliance and data protection. By using this platform, organizations gain the ability to adapt to evolving threats, ensuring robust and adaptable security postures tailored to industry demands.

Anomali

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Rapid7

Sample Customers

CBI Health Group, University Honda, VakifBank

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network

Liberty Wines, Pioneer Telephone, Visier

Buyer's Guide

Anomali vs. Rapid7 InsightIDR

March 2026

Free Report: Anomali vs. Rapid7 InsightIDR

Find out what your peers are saying about Anomali vs. Rapid7 InsightIDR and other solutions. Updated: March 2026.

DOWNLOAD NOW

884,933 professionals have used our research since 2012.

See our Anomali vs. Rapid7 InsightIDR report.

See our list of best Security Information and Event Management (SIEM) vendors, best User Entity Behavior Analytics (UEBA) vendors, and best Extended Detection and Response (XDR) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.