Cortex XSIAM vs ServiceNow Security Operations comparison

The compared Palo Alto Networks and ServiceNow solutions aren't in the same category. Palo Alto Networks is ranked #12 in SIEM , with an average rating of 8.4, and holds a 2.1% mindshare in the category. ServiceNow is ranked #1 in IRP , with an average rating of 8.1, and holds a 7.5% mindshare. Additionally, 100% of Palo Alto Networks users are willing to recommend the solution, compared to 95% of ServiceNow users who would recommend it.

Cortex XSIAM

Read 15 Cortex XSIAM reviews

7,838 Views
3,527 Comparison Views

100% willing to recommend

ServiceNow Security Operations

Read 22 ServiceNow Security Operations reviews

2,477 Views
396 Comparison Views

95% willing to recommend

Cortex XSIAM

ServiceNow Security Operations

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Cortex XSIAM and ServiceNow Security Operations based on real PeerSpot user reviews.

Find out what your peers are saying about Splunk, Wazuh, IBM and others in Security Information and Event Management (SIEM).

To learn more, read our detailed Security Information and Event Management (SIEM) Report (Updated: February 2026).

Buyer's Guide

Security Information and Event Management (SIEM)

February 2026

Download the complete report

Helped 881,733 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XSIAM

Average Rating

8.6

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (12th), Identity Threat Detection and Response (ITDR) (7th), AI-Powered Cybersecurity Platforms (7th)

ServiceNow Security Operations

Average Rating

8.0

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

Security Incident Response (1st), Security Orchestration Automation and Response (SOAR) (9th), Risk-Based Vulnerability Management (11th)

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Cortex XSIAM is designed for Security Information and Event Management (SIEM) and holds a mindshare of 2.1%, down 2.5% compared to last year.
ServiceNow Security Operations, on the other hand, focuses on Security Incident Response, holds 7.5% mindshare, down 19.4% since last year.

Security Information and Event Management (SIEM) Market Share Distribution
Product	Market Share (%)
Cortex XSIAM	2.1%
Splunk Enterprise Security	7.1%
Wazuh	6.4%
Other	84.4%

Security Information and Event Management (SIEM)

Security Incident Response Market Share Distribution
Product	Market Share (%)
ServiceNow Security Operations	7.5%
Proofpoint Threat Response	8.7%
VMware Carbon Black Cloud	7.5%
Other	76.3%

Security Incident Response

Featured Reviews

reviewer2666148

Associate Director at a financial services firm with 5,001-10,000 employees

Integration challenges highlight the need for manual workflows

The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long. The solution would benefit from having more standard playbooks and templates available, as in other partners. Currently, everything must be created from scratch. In terms of incident response automation, it is quite poor due to the lack of integration with all security tools, making manual intervention necessary.

Read full review

Kalyan Kothali

Associate Vice President at Wissen infotech

Effectively manages vulnerabilities and reduces false positives

ServiceNow Security Operations provides significant control over vulnerabilities, allowing users to mark false alarms as false positives and ignore them, which is important because many vulnerabilities are not real but appear as such. There are many aspects that we could handle. For certain vulnerabilities, remediation requires spending extra on hardware or OS upgrades, or purchasing new versions, which implies a cost. For that reason, we can take an exception for a couple of months or days, and once that exception expires, that vulnerability automatically reappears. These features help us ensure that everything is under control, and when we discuss vulnerabilities, we can consolidate them into one central category, which means working on one vulnerability automatically resolves the rest, making it efficient with the features provided.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The product integrates seamlessly with third-party solutions."

"Since implementing Cortex XSIAM, incident response times have been significantly reduced by approximately twenty percent."

"The flexibility for creating manual workflows stands out."

"It does a better job of identifying anomalies that are more likely to be incidents of compromise without as many false positives or false negatives."

"The advanced visualization capabilities of the product are important for understanding security trends in an organization."

"The flexibility for creating manual workflows stands out."

"It is an effective solution in terms of performance and functionalities."

"The most valuable features of Cortex XSIAM are the machine learning used to identify threats, the complexity of the environment of products, and efficiency."

More Cortex XSIAM pros

"The product's most valuable features include the no-code capability for workflows and flow design, which makes it user-friendly, and the ability to perform advanced configurations."

"ServiceNow Security Operations also takes care of GRC, governance, risk and compliance, enabling it to provide risk assessment."

"It has helped optimize security costs by consolidating multiple tools into one platform."

"ServiceNow is a convenient platform to raise tickets, and the respective support team will contact us to resolve any issues."

"The product has a very simple UI."

"It's stable."

"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."

"I will recommend it to others as it is an enterprise application used by large companies for ticketing purposes."

More ServiceNow Security Operations pros

Cons

"Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable compared to CrowdStrike."

"I am not sure if any improvements are needed right now."

"The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long."

"Further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous."

"I would rate the overall stability a six or seven, as we have only used it for a few months and need a year of experience to provide a full assessment."

"The standard integrations are very limited, and the integrations available are not listed in the marketplace."

"Cortex could improve the detection and online resolution of security vulnerabilities."

"The first impression is that XSIAM would be more expensive than others we tried."

More Cortex XSIAM cons

"One area for improvement for the product is the need to tailor and alter some codes for customization, which can cause issues during upgrades. It does not support customized operations."

"Customer awareness and understanding of ServiceNow's SecOps capabilities could be improved."

"Process framework and best practices for ease of integration between IT and security teams via incident, problem, and change."

"Report generation within ServiceNow can take some time. Additionally, there are occasional issues when raising a ticket, which can also consume time."

"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."

"The dashboard and playbook creation will need to improve"

"Visibility and transitions between teams present significant challenges in the SecOps space, indicating that substantial training and hand-holding are required to improve usability, which is one observation I have had."

"It doesn't interact with things very well."

More ServiceNow Security Operations cons

Pricing and Cost Advice

"The solution comes at a significant cost."

"The product cost could be considered value for money compared to other solutions in the market, though it is quite high."

"The solution is expensive compared to its competitors."

"Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."

"In terms of pricing, we found Cortex XSIAM to offer a very reasonable and competitive rate."

"The product is more expensive than other solutions."

"Compared to competitor tools, ServiceNow Security Operations is more affordable"

"This product is a good value for the money."

"The solution is more expensive than BMC Remedy, the other ITSM tool available in the market."

"It is an expensive product."

"If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that."

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

881,733 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

11%

Financial Services Firm

10%

Manufacturing Company

Government

Financial Services Firm

17%

Manufacturing Company

13%

Computer Software Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	9
Midsize Enterprise	2
Large Enterprise	4

By reviewers
Company Size	Count
Small Business	6
Midsize Enterprise	2
Large Enterprise	15

Questions from the Community

What is your experience regarding pricing and costs for Cortex XSIAM?

I did not participate in pricing discussions for Cortex XSIAM solutions, so I cannot provide a review regarding prices for this solution.

See all answers

What needs improvement with Cortex XSIAM?

Cortex XSIAM is on the expensive side and requires substantial improvement in pricing. There are other features that could be improved, including integration with vendors such as CyberArk. I would ...

See all answers

What is your primary use case for Cortex XSIAM?

With Cortex XSIAM, we installed an agent on Active Directory on-premise. We connected our Firewalls to the Data Lake and the Active Directory, and protected the Firewalls with another authenticatio...

See all answers

What is your experience regarding pricing and costs for ServiceNow Security Operations?

It is relatively expensive but manageable.

See all answers

What needs improvement with ServiceNow Security Operations?

ServiceNow Security Operations is not specifically a vulnerability management or incident tool, but rather a data aggregator. It would be beneficial if, similar to the Discovery module which assess...

See all answers

What advice do you have for others considering ServiceNow Security Operations?

Initially, acquire basic knowledge about the system and understand how ServiceNow Security Operations operates with other tools. This understanding is essential before starting the implementation p...

See all answers

Comparisons

Palo Alto Networks Cortex XSOAR vs Cortex XSIAM

Compared 22% of the time

Microsoft Sentinel vs Cortex XSIAM

Compared 11% of the time

Cortex XDR by Palo Alto Networks vs Cortex XSIAM

Compared 8% of the time

CrowdStrike Falcon vs Cortex XSIAM

Compared 6% of the time

IBM Security QRadar vs Cortex XSIAM

Compared 6% of the time

More Cortex XSIAM Competitors

Splunk SOAR vs ServiceNow Security Operations

Compared 15% of the time

Palo Alto Networks Cortex XSOAR vs ServiceNow Security Operations

Compared 14% of the time

Tines vs ServiceNow Security Operations

Compared 7% of the time

Microsoft Sentinel vs ServiceNow Security Operations

Compared 5% of the time

NetWitness NDR vs ServiceNow Security Operations

Compared 5% of the time

More ServiceNow Security Operations Competitors

Product Reports

Buyer's Guide

Cortex XSIAM

February 2026

Download Cortex XSIAM product report

Buyer's Guide

ServiceNow Security Operations

January 2026

Download ServiceNow Security Operations product report

Overview

Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.

Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.

What are Cortex XSIAM's key features?

Security Orchestration: Streamlines processes across security operations.
Automation and Response: Efficient incident response management.
Detection Enrichment: Enhances identification of threats.
Centralized Endpoint Security: Comprehensive protection and monitoring of endpoints.
Forensic Investigation: Automated investigation to expedite threat analysis.

What benefits are evident in Cortex XSIAM reviews?

Cost-Effectiveness: Provides economical options compared to other market players.
Comprehensive Integration: Seamlessly integrates with multiple data sources and vendors.
Reduced Management Effort: Simplifies the administration of security operations.
Enhanced Threat Detection: Strengthens identification and remediation processes.

Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.

Palo Alto Networks

ServiceNow Security Operations is a cutting-edge security solution designed to elevate organizations' security incident response (SIR) processes through automation and orchestration. Going beyond traditional SOAR, this comprehensive Security Operations Suite integrates seamlessly with other ServiceNow products and offers a wide array of features. Its components include Security Incident Response (SIR), which automates incident workflows and offers pre-built playbooks; Security Configuration Compliance (SCC), continuously scanning and automating compliance tasks; Vulnerability Response (VR), prioritizing and remediating vulnerabilities; Threat Intelligence (TI), aggregating threat data for proactive threat hunting; and additional features like IT Service Management integration, Machine Learning and AI, reporting, and a mobile app. The benefits span improved incident response speed, reduced mean time to resolution, increased security posture, enhanced compliance, collaborative synergy between security and IT teams, and operational cost reductions.

ServiceNow

Sample Customers

Information Not Available

DXC Technology, Freedom Security Alliance, Prime Therapeutics, Seton Hall University, York Risk Services

Buyer's Guide

Security Information and Event Management (SIEM)

February 2026

Download Free Report

Find out what your peers are saying about Splunk, Wazuh, IBM and others in Security Information and Event Management (SIEM). Updated: February 2026.

DOWNLOAD NOW

881,733 professionals have used our research since 2012.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.