Find out what your peers are saying about Splunk, Wazuh, IBM and others in Security Information and Event Management (SIEM).
Since we started working with Torq, I am handling much fewer alerts. It is becoming really easy for me to handle an alert.
By the time we officially bought Torq, we already had two workflows that were very helpful to us.
It pretty much took until we got to our first renewal where we said that this is the value we see, this is the things we want more, but that is the first place where we said we are happy enough that we want to renew.
With premium support, core Palo Alto technical experts handle issues directly.
It is ineffective in terms of responding to basic queries and addressing future requirements.
The Palo Alto support team is fully responsive and helpful.
The speed and quality of their answers have been pretty good, as I usually get a response within 24 hours, and they follow up well.
We can always get an answer, and the support team are experts in their own system.
Nine out of ten times, they give me a solution even if it is not the solution I wanted, and I still can get to the result.
Without proper integration, scaling up with more servers is meaningless.
Cortex XSIAM is highly scalable.
Our case management is super scalable.
In terms of scalability, you can do as long as you can build it, and they can support it.
Regarding the ability of the solution to grow in your work environment, if it is scalable, if it fits your business requirements, and if there is room to scale up, the answer is yes, for sure.
The product was easy to install and set up and worked right.
Overall, Cortex XSIAM is stable.
It works really nice and performs really efficiently after configuration.
Most of the time, the system is stable as long as the components that they integrate with are stable.
Regarding stability, I have noticed some lagging, crashing, and downtime, which is one of my largest gripes.
I would rate Torq's product stability at eight, acknowledging that there are bugs, glitches, and downtimes.
Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long.
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.
Cortex XSIAM is on the expensive side and requires substantial improvement in pricing.
It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet.
From an engineering perspective, I think more error messages and error handling information for our engineering team would be very helpful.
If a step is failing, the system could try to autocorrect it with AI or open a ticket from the workflow itself.
The first impression is that XSIAM would be more expensive than others we tried.
The product is very expensive.
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable.
When they bring more and more value into the platform, it makes more sense to pay that price, but still, it is expensive.
Before deciding to implement Torq, I considered that compared to our old case management platform, Torq was a much better price and had a lot better value for what you get out of the platform, which was a key consideration for the company.
It is an expensive solution, not an inexpensive solution, but we get through the flexibility.
The advanced visualization capabilities of the product are important for understanding security trends in an organization.
One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities.
The flexibility for creating manual workflows stands out.
Torq's unified platform approach to AI SOC automation and case management has significantly benefited us by integrating the case management platform with the automation, which saves time compared to managing multiple point solutions across our security stack.
The fact that I can build whatever I want within my own imagination and skills without relying on code is the best thing about Torq.
You can copy and paste a cURL command. If you have documentation or APIs, you usually have an example on the side. You basically have all the information on how the API call should be. You can just copy that and paste it into a step, and it will just build the step for you.
| Product | Mindshare (%) |
|---|---|
| Cortex XSIAM | 2.0% |
| Splunk Enterprise Security | 7.2% |
| Wazuh | 5.8% |
| Other | 85.0% |
| Product | Mindshare (%) |
|---|---|
| Torq | 31.5% |
| Tines | 32.7% |
| Blink Ops | 12.5% |
| Other | 23.299999999999997% |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 2 |
| Large Enterprise | 4 |
| Company Size | Count |
|---|---|
| Midsize Enterprise | 3 |
| Large Enterprise | 4 |
Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.
Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.
What are Cortex XSIAM's key features?
What benefits are evident in Cortex XSIAM reviews?
Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.
Torq is the enterprise AI SOC solution that effectively combines adaptive insights and automation to handle critical threats efficiently. It manages threat lifecycles, swiftly moving from triage to response, ensuring effective risk management.
Torq is designed to streamline security operations by aggregating telemetry across your security stack. It investigates significant risks and manages threats from triage to containment and remediation. This AI-driven tool enhances the capabilities of your SecOps team, allowing them to achieve more impactful results without introducing complicated processes.
What are the key features of Torq?In industries like finance and healthcare, Torq shows effectiveness by adapting to specific risk scenarios often encountered in these fields. Its integration with existing infrastructures makes it a valuable asset for maintaining stringent security standards, essential for protecting critical data and operations in diverse high-stakes environments.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
