No more typing reviews! Try our Samantha, our new voice AI agent.
Palo Alto Networks Cortex XSOAR Logo

Palo Alto Networks Cortex XSOAR pros and cons

Vendor: Palo Alto Networks
4.2 out of 5
Badge Leader
Leave a review

Pros & Cons summary

Palo Alto Networks Cortex XSOAR excels in automation and playbook creation, significantly improving SOC response times while seamlessly integrating with other platforms. Its orchestration features enhance data management and monitoring through critical log information. The extensive library of plugins allows easy deployment, boosting MTTR by 80-90%. However, the product's documentation, scalability, EBA functionality, SIEM features, and system performance require enhancement, and its pricing is higher than competitors.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Palo Alto Networks Cortex XSOAR offers excellent automation and playbook creation, significantly improving response times in a SOC environment.
The orchestration features provide a high-level overview of critical log information, aiding in efficient data management and monitoring.
The integration capabilities of Cortex XSOAR with other platforms are seamless, enhancing overall security operations and incident management.
Cortex XSOAR's extensive library of plugins and integrations allows for easy deployment and out-of-the-box functionality with various tools.
The use of Palo Alto Networks Cortex XSOAR has improved mean time to resolution (MTTR) for incidents, enhancing security SOC operations by more than 80% to 90%.

CONS

Documentation for building automation is insufficient and requires improvement.
Palo Alto Networks Cortex XSOAR lacks EBA functionality and SIEM features.
The scalability and flexibility of Palo Alto Networks Cortex XSOAR are limited, impacting usability and integration.
The pricing model for Palo Alto Networks Cortex XSOAR is expensive compared to competitors.
System performance issues arise during high alert influx, leading to a slowdown in information access.
 

Palo Alto Networks Cortex XSOAR Pros review quotes

CC
ChrisCollins
Enterprise Security Architect V at FirstEnergy
May 12, 2025
What I appreciate most about Palo Alto Networks Cortex XSOAR is that it is very open, even more so than Anomali.
Read full review
Sricharan R - PeerSpot reviewer
Sricharan R
Lead Application Security Engineer Iv at a financial services firm with 5,001-10,000 employees
Mar 6, 2026
Palo Alto Networks Cortex XSOAR has had a huge impact on our organization's mean time to resolution for incidents, improving the security SOC operations efficiency tremendously, by more than 80% to 90%.
Read full review
DayaramGoyal - PeerSpot reviewer
DayaramGoyal
Vice President, Technology at Cache Digitech Pvt Ltd.
Aug 18, 2025
Palo Alto Networks Cortex XSOAR is a good product with enhanced and efficient playbooks, as demonstrated during our use case simulations.
Read full review
Buyer's Guide
Palo Alto Networks Cortex XSOAR
April 2026
Free Report: Palo Alto Networks Cortex XSOAR Reviews and More
Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
893,311 professionals have used our research since 2012.
AP
Ankit Pandagre
Assistant Security Architect at Cloudnomics
Mar 2, 2026
Palo Alto Networks Cortex XSOAR has had a positive impact on the mean time to resolution for incidents (MTTR), as it has significantly reduced noise.
Read full review
NikhilSharma2 - PeerSpot reviewer
NikhilSharma2
Manager at Deloitte
Aug 23, 2024
The orchestration in XSOAR is significantly easier compared to other SOAR tools I've used.
Read full review
Engineerinfosec67 - PeerSpot reviewer
Engineerinfosec67
Presale Engineer at Westcon-Comstor
Dec 23, 2024
Each incident collected is orchestrated with automation that selects the security analyst to be involved, or provides complex execution plans for managing security incidents.
Read full review
Shubham Pandharpote - PeerSpot reviewer
Shubham Pandharpote
Cyber Security Analyst at Altisec Technologies Pvt Ltd
Sep 24, 2024
The most valuable features of Cortex XSOAR include its vast library of plugins, which allow us to integrate various tools and solutions seamlessly.
Read full review
Chetankumar Savalagimath - PeerSpot reviewer
Chetankumar Savalagimath
Delivery Manager at a tech services company with 1,001-5,000 employees
Oct 19, 2023
For organizations that are stable with their security operations, like those with around 50 members in their security team running full-phased operations 24/7, Cortex is necessary.
Read full review
Jasmin Surani - PeerSpot reviewer
Jasmin Surani
Senior Cybersecurity Engineer (Security Operations & Engineering) at a manufacturing company with 10,001+ employees
Jan 3, 2024
The most valuable feature is its capability to automate responses and collect information for any security event before you even delve into the details. It's a vast product with an active roadmap, so I'm satisfied with it for now. It's very efficient at data collection and correlation.
Read full review
Iskandar Iskak - PeerSpot reviewer
Iskandar Iskak
Director Sales for Education Market at Telekom Malaysia
May 23, 2023
The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features
Read full review
Show 10 more reviews (out of 50)
 

Palo Alto Networks Cortex XSOAR Cons review quotes

CC
ChrisCollins
Enterprise Security Architect V at FirstEnergy
May 12, 2025
One of the significant issues we encounter is system slowdown when we receive an influx of alerts, which inhibits how quickly we can access the information needed for investigation.
Read full review
Sricharan R - PeerSpot reviewer
Sricharan R
Lead Application Security Engineer Iv at a financial services firm with 5,001-10,000 employees
Mar 6, 2026
I think the areas of Palo Alto Networks Cortex XSOAR that could be improved are mainly in UX.
Read full review
DayaramGoyal - PeerSpot reviewer
DayaramGoyal
Vice President, Technology at Cache Digitech Pvt Ltd.
Aug 18, 2025
It was expensive, making it essential for the customer to evaluate whether ROI is coming from the business model, as they are also acting as a SOC provider.
Read full review
Buyer's Guide
Palo Alto Networks Cortex XSOAR
April 2026
Free Report: Palo Alto Networks Cortex XSOAR Reviews and More
Learn what your peers think about Palo Alto Networks Cortex XSOAR. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
893,311 professionals have used our research since 2012.
AP
Ankit Pandagre
Assistant Security Architect at Cloudnomics
Mar 2, 2026
While I personally appreciate this approach, I have observed that junior analysts on my team find it difficult to build playbooks.
Read full review
NikhilSharma2 - PeerSpot reviewer
NikhilSharma2
Manager at Deloitte
Aug 23, 2024
The user interface (UI) is quite heavy and takes time to load, which is a major drawback.
Read full review
Engineerinfosec67 - PeerSpot reviewer
Engineerinfosec67
Presale Engineer at Westcon-Comstor
Dec 23, 2024
The product can be tailored for each deployment to respond to specific customer needs, and this complexity may be seen as a downside.
Read full review
Shubham Pandharpote - PeerSpot reviewer
Shubham Pandharpote
Cyber Security Analyst at Altisec Technologies Pvt Ltd
Sep 24, 2024
Creating complex playbooks using coding languages, such as Python, could be easier.
Read full review
Chetankumar Savalagimath - PeerSpot reviewer
Chetankumar Savalagimath
Delivery Manager at a tech services company with 1,001-5,000 employees
Oct 19, 2023
Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs.
Read full review
Jasmin Surani - PeerSpot reviewer
Jasmin Surani
Senior Cybersecurity Engineer (Security Operations & Engineering) at a manufacturing company with 10,001+ employees
Jan 3, 2024
There is room for improvement in support. The response time could be faster.
Read full review
Iskandar Iskak - PeerSpot reviewer
Iskandar Iskak
Director Sales for Education Market at Telekom Malaysia
May 23, 2023
It is not a very scalable solution.
Read full review
Show 10 more reviews (out of 50)

Product Categories

Product Categories
Security Orchestration Automation and Response (SOAR)
SOC as a Service

Popular Comparisons

Popular Comparisons
IBM Security QRadar vs Palo Alto Networks Cortex XSOAR Logo
IBM Security QRadar vs Palo Alto Networks Cortex XSOAR
Microsoft Sentinel vs Palo Alto Networks Cortex XSOAR Logo
Microsoft Sentinel vs Palo Alto Networks Cortex XSOAR
Elastic Security vs Palo Alto Networks Cortex XSOAR Logo
Elastic Security vs Palo Alto Networks Cortex XSOAR
AWS Security Hub vs Palo Alto Networks Cortex XSOAR Logo
AWS Security Hub vs Palo Alto Networks Cortex XSOAR
Torq vs Palo Alto Networks Cortex XSOAR Logo
Torq vs Palo Alto Networks Cortex XSOAR
Exabeam vs Palo Alto Networks Cortex XSOAR Logo
Exabeam vs Palo Alto Networks Cortex XSOAR
Arctic Wolf Managed Detection and Response vs Palo Alto Networks Cortex XSOAR Logo
Arctic Wolf Managed Detection and Response vs Palo Alto Networks Cortex XSOAR
Stellar Cyber Open XDR vs Palo Alto Networks Cortex XSOAR Logo
Stellar Cyber Open XDR vs Palo Alto Networks Cortex XSOAR
Splunk SOAR vs Palo Alto Networks Cortex XSOAR Logo
Splunk SOAR vs Palo Alto Networks Cortex XSOAR
NetWitness NDR vs Palo Alto Networks Cortex XSOAR Logo
NetWitness NDR vs Palo Alto Networks Cortex XSOAR
Sumo Logic Security vs Palo Alto Networks Cortex XSOAR Logo
Sumo Logic Security vs Palo Alto Networks Cortex XSOAR
Tines vs Palo Alto Networks Cortex XSOAR Logo
Tines vs Palo Alto Networks Cortex XSOAR
Google Security Operations vs Palo Alto Networks Cortex XSOAR Logo
Google Security Operations vs Palo Alto Networks Cortex XSOAR
ThreatConnect Threat Intelligence Platform (TIP) vs Palo Alto Networks Cortex XSOAR Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Palo Alto Networks Cortex XSOAR
ServiceNow Security Operations vs Palo Alto Networks Cortex XSOAR Logo
ServiceNow Security Operations vs Palo Alto Networks Cortex XSOAR
See all alternatives

Product Categories

Product Categories
Security Orchestration Automation and Response (SOAR)
SOC as a Service

Popular Comparisons

Popular Comparisons
IBM Security QRadar vs Palo Alto Networks Cortex XSOAR Logo
IBM Security QRadar vs Palo Alto Networks Cortex XSOAR
Microsoft Sentinel vs Palo Alto Networks Cortex XSOAR Logo
Microsoft Sentinel vs Palo Alto Networks Cortex XSOAR
Elastic Security vs Palo Alto Networks Cortex XSOAR Logo
Elastic Security vs Palo Alto Networks Cortex XSOAR
AWS Security Hub vs Palo Alto Networks Cortex XSOAR Logo
AWS Security Hub vs Palo Alto Networks Cortex XSOAR
Torq vs Palo Alto Networks Cortex XSOAR Logo
Torq vs Palo Alto Networks Cortex XSOAR
Exabeam vs Palo Alto Networks Cortex XSOAR Logo
Exabeam vs Palo Alto Networks Cortex XSOAR
Arctic Wolf Managed Detection and Response vs Palo Alto Networks Cortex XSOAR Logo
Arctic Wolf Managed Detection and Response vs Palo Alto Networks Cortex XSOAR
Stellar Cyber Open XDR vs Palo Alto Networks Cortex XSOAR Logo
Stellar Cyber Open XDR vs Palo Alto Networks Cortex XSOAR
Splunk SOAR vs Palo Alto Networks Cortex XSOAR Logo
Splunk SOAR vs Palo Alto Networks Cortex XSOAR
NetWitness NDR vs Palo Alto Networks Cortex XSOAR Logo
NetWitness NDR vs Palo Alto Networks Cortex XSOAR
Sumo Logic Security vs Palo Alto Networks Cortex XSOAR Logo
Sumo Logic Security vs Palo Alto Networks Cortex XSOAR
Tines vs Palo Alto Networks Cortex XSOAR Logo
Tines vs Palo Alto Networks Cortex XSOAR
Google Security Operations vs Palo Alto Networks Cortex XSOAR Logo
Google Security Operations vs Palo Alto Networks Cortex XSOAR
ThreatConnect Threat Intelligence Platform (TIP) vs Palo Alto Networks Cortex XSOAR Logo
ThreatConnect Threat Intelligence Platform (TIP) vs Palo Alto Networks Cortex XSOAR
ServiceNow Security Operations vs Palo Alto Networks Cortex XSOAR Logo
ServiceNow Security Operations vs Palo Alto Networks Cortex XSOAR
See all alternatives
Related questions
  • 46
Which Do You Recommend, Phantom or Demisto?
  • 208
Which solution do you prefer: Microsoft Sentinel or Palo Alto Networks Cortex XSOAR?
  • 23
Which SOAR product has the better value: Palo Alto Networks Cortex XSOAR or Swimlane? Why?
  • 243
What are the Top 5 cybersecurity trends in 2022?
  • 196
What is the difference between SIEM and SOAR platforms?
  • 95
What is an incident response playbook and how is it used in SOAR?
  • 69
What are the latest trends in Security Operations Center (SOC)?
  • 162
What tools and solutions do you use for automated incident response in an enterprise in 2022?
  • 69
How to evaluate SIEM detection rules?
  • 66
Why a Security Operations Center (SOC) is important?