Palo Alto Networks Cortex XSOAR Reviews

We are using Palo Alto Networks Cortex XSOAR for automation.

The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case.

Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly.

I have been using Palo Alto Networks Cortex XSOAR for approximately six months.

Palo Alto Networks Cortex XSOAR is a stable solution.

The scalability of Palo Alto Networks Cortex XSOAR is fine for what we are using it for.

We have our SecOps department of user 50 people that are using the solution for alerts. We plan to increase usage in the future.

The support from Palo Alto Networks Cortex XSOAR could improve. However, a lot of the support is poor.

We have three people in the security operations that do the maintenance and support of Palo Alto Networks Cortex XSOAR.

The price of Palo Alto Networks Cortex XSOAR is comparable to other solutions in the market.

I rate Palo Alto Networks Cortex XSOAR a six out of ten.

We primarily use the solution for network inspection.

The solution works well.

It’s easy to install.

It’s stable.

The solution can scale as needed.

The stability could be better.

The integration could be better. Cortex, for example, does not work with iPhone.

I’ve been using the solution for less than one year.

Right now, it’s been stable for us. We may consider something from Microsoft in the future. It’s possible it could be more stable.

The solution is quite scalable. If a company needs to expand it, it can do so.

At the moment, we don’t actually get support from Palo Alto as we’ve never needed any help. I can’t say how helpful or responsive they would be.

We’ve also worked with CrowdStrike. We switched as we weren’t happy with their detection capabilities.

The installation is very easy to set up. It’s not overly complex or difficult.

The deployment took less than a week. I recall we had it up and running within a couple of days.

In our case, we went to a consultant for installation assistance. However, a company might likely be able to handle it on its own.

I can’t speak to the exact cost of the solution.

This is a SaaS product.

I’d rate the solution nine out of ten.

We use Palo Alto Networks Cortex XSOAR for several areas of security automation, such as phishing, investigating, mitigating, the detection of impossible travel, and consolidating threat information for our internal systems.

It reduces manual interactions of security analysts. Before they had to check on three, or four different websites to see if something was good or bad. Now, Cortex does all of that for us.

It is very easy to use.

It has an extensive list of integrations that are available out of the box which makes it easy to start.

I would love to see more flexibility on what we can display and design on the dashboards.

Palo Alto Networks Cortex XSOAR has been active for six months. 

We are always on the latest version.

Palo Alto Networks Cortex XSOAR is pretty stable.

It offers some architecture recommendations to make it really scalable if you choose.

For example, hot standby, bond standby, clustering, and breaking out components in dedicated servers. You can go wild if you want to go wild, but we wanted to keep it easy and stable.

Pretty much network security and SOC are the main users. I believe that we are licensed for 20 users.

We are definitely extensively using this solution. We are currently training many additional teams to be self-sufficient in usage. The usage will increase more and more.

With Palo Alto technical support, if you get to the right people, you get an answer very quickly. 

What I like about the Cortex team is that they have a dedicated select center where you can get service in minutes and that's extremely helpful.

Overall, I am satisfied with the technical support.

We evaluated two or three other vendors. 

We are a very big Palo Alto shop and we needed to have some Palo Alto features, which are implemented now in Cortex. We are pretty much guided in that direction for some of the security features we need for our firewalls.

I would say the initial setup was really straightforward. 

You need to be a little bit aware of Linux unless you buy the hosted version, then you don't need to know anything about it. If you decide you want to run it yourself, you should have some Linux skills because it's a Docker framework on Linux. Knowing a bit about that is handy.

It was up and running in half a day.

It only requires one person to maintain this solution. I do it myself along with many other tasks. In a larger environment, you split into two teams, OS maintenance and application maintenance.

We had help from Palo Alto SE resource for the PoC, but the setup was completed on our own.

We have a concurrent user license. 

The licensing is a pretty high price for a user license per year.

The base product is very cheap, you can even get it for free, but the fee per user is expensive. It is approx $10,000 or $20,000 per year for two user licenses.

It's a great product, although it might become very pricey if you need several user licenses.

They need to automate everything to reduce the number of user licenses needed. If it is an automated workflow, you don't need to be licensed.

If Cortex sends an email asking a user to say yes or no, you don't need a license for that user. You just need a user license if you want to improve what Cortex does in terms of workbooks, cases, and more.

We evaluated Splunk for six months and decided against it three to six months ago.

Have a very good understanding of what you want to automate. Define the process and make sure the integrations you need are available out of the box.

I would also suggest starting simple. Try easy use cases first and until you feel confident before you get into more complex use cases.

I would rate Palo Alto Networks Cortex XSOAR a nine out of ten.

We automate security processes, particularly SOC automation, for our clients using Cortex XSOAR. We implement these processes for major companies in Portugal.

Cortex XSOAR's playbook for incident management and automation is highly valuable. We develop Playbooks automation, centralize incident data, and try to enhance the efficiency of resolving incident cases. The platform's features focus on closing the incident lifecycle more quickly, managing incidents efficiently, and integration capabilities across security infrastructure.

The price of the solution could be lower. Companies utilizing this solution should have a well-developed cybersecurity team to maximize its benefits. It is more suited for large organizations rather than small or medium-sized companies.

We have been using Cortex XSOAR for three years.

The stability is rated eight out of ten, indicating it's quite stable without major issues.

Scalability is rated nine, reflecting its ability to scale effectively.

Our team has more experience with the solution than Palo Alto's technical support. Our experience initially showed that the Palo Alto implementation was not optimal, but this has improved over time.

Neutral

We previously used Fortinet. We have now shifted focus to Palo Alto, specifically relying on the Cortex XDR and Cortex XSOAR solutions.

The initial setup of Cortex XSOAR is simple.

Our internal team has been pivotal in implementing and solving issues with the solution.

The price of the solution is high and not justifiable for small or medium-sized companies without a developed cybersecurity team.

We moved from a primary focus on Fortinet to Palo Alto.

I would rate the overall solution eight out of ten as it is considered top-notch in the market. It is highly recommended, however, better suited for organizations with mature cybersecurity teams.

We use the solution to automate our SIEM tools and incidents.

The solution's correlation rules and playbooks should be improved.

I have been using Palo Alto Networks Cortex XSOAR for six to seven months.

I rate the solution seven and a half out of ten for stability.

More than 100 users are using the solution in our organization.

I rate the solution a six out of ten for the scalability of its on-premises version.

I also use the ArcSight solution.

The solution can be deployed within a few minutes.

We are using the latest version of Palo Alto Networks Cortex XSOAR. The solution's on-premises version is not scalable. Around five people are involved with the solution’s maintenance.

Overall, I rate the solution an eight out of ten.

As an integrator, I have used Palo Alto Networks Cortex XSOAR in various customer environments for a wide range of purposes. This includes improving IT security, streamlining operations, automating incident response actions, creating playbooks with approvals, and enhancing integrations with different security tools. In essence, Cortex XSOAR serves as a versatile platform that helps address multiple cybersecurity and operational needs in organizations.

What I like most about Palo Alto Networks Cortex XSOAR is how user-friendly it is for development. It is much simpler to work with compared to similar tools I've used. If you can think of it, you can probably do it. However, there are some limitations, but speed isn't one of them.

One limitation I have noticed with Cortex XSOAR is that it doesn't offer automatic threat intel reports out of the box. However, you can achieve this through coding, and we have managed to do it in our own environment using scripts and playbooks. It is not a built-in feature, but it is possible with some coding skills. The good news is that Palo Alto Networks plans to make this process more automated in the future, but it is not available yet.

I have been using Palo Alto Networks Cortex XSOAR for three years.

Cortex XSOAR's stability depends on the right sizing. When sized correctly, it is very stable and I would rate it a strong nine out of ten. But if the sizing is wrong, performance problems can arise. For instance, customers with closed storage systems had issues during heavy workloads. To keep it stable, having at least 3,000 IOPs is advised, especially for customers with high storage needs. So, sizing is key for a successful and stable experience.

Cortex XSOAR is generally scalable and I would rate the scalability an eight out of ten. It is a bit challenging to migrate it from a regular database to a high-availability Elastic database, but it is possible. The ease of migration depends on how well it was planned from the start. Overall, it is a good option for scalability, but careful planning is essential for smooth transitions. The engine, which acts as a broker for connections and integrations in Cortex XSOAR, is highly efficient and reliable.

The initial setup of Cortex XSOAR is generally straightforward, but it can get a bit tricky when dealing with a lot of use cases. If you plan to create large playbooks, it is crucial to size the system correctly from the start. Otherwise, you might run into performance issues. Apart from that, there aren't many problems with the implementation process. The challenge mainly revolves around sizing the system correctly, especially when customers have lots of ideas that could make playbooks complex and resource-intensive. So, it is important to plan carefully in such cases. In the best-case scenario, deploying Cortex XSOAR can be done in about 30 minutes when everything is prepared and ready. However, for full integration into the customer's environment, assuming no restrictions or communication issues, it might take roughly two and a half hours.

Overall, I would rate the solution an eight out of ten. My advice to new users would be to plan ahead before implementing Cortex XSOAR. Understand your use cases well and have a solid strategy because the implementation is an ongoing process that you can always improve. Consider creating an adoption plan for what you will do this year and next year in terms of integration and use cases. Keep it user-friendly and introduce use cases gradually to your team instead of overwhelming them all at once. It's about taking steps to make it effective over time.

The solution is used for security. 

Palo Alto is easy to use. 

The dashboard could be better. 

I have used Palo Alto Network Cortex for six months. 

There are issues with stability as it was giving false positives and has bugs. I rate the stability a seven out of ten. 

It is a scalable solution. There are two hundred users using the solution at present. I rate the scalability an eight out of ten. 

The solution was deployed by analysts. 

I rate the overall solution an eight out of ten. 

We use Palo Alto as a firewall, a system for detecting and whitelisting certain IP addresses or to block certain IP addresses based on where they're coming from. We then send the logs to another log management tool for more forensics and analysis before we make a decision.

We're basically using Palo Alto for firewalling and sending those logs to another security monitoring tool to make decisions based on analytics that it provides us.

The solution is very reliable. The performance is great.

The scalability of the solution is excellent. 

We find the solution to be very robust. Palo Alto has been in the industry a long time and the solution reflects that.

The initial setup is very straightforward. It's not hard to deploy.

The solution is very expensive. They would get more clients if it wasn't so pricey.

I've been using the solution for about four years at this time. It's been a while. 

The solution is very reliable in terms of performance. It doesn't crash or freeze. There are no bugs or glitches.

The solution is extremely scalable. If a company needs to expand it, it can do so easily.

The technical support has been very good. Palo Alto is top of the line. They've been in the industry a long time and their support team reflects that knowledge. We are very satisfied with their level of support.

I also work with Fortinet. We've used them for around the same amount of time.

We found the initial setup to be quite straightforward. It's not hard to do. A company shouldn't have too much of a problem getting it up and running.

I cannot speak to the exact cost of the solution or how much our organization pays.

However, it is my understanding that the product is extremely expensive.

I'm not sure which version of the solution we're using at this time.

I'd rate the solution at an eight out of ten. We've been quite pleased with its capabilities. The only thing is it is pretty expensive.

I'd recommend other users work both with Palo Alto and Fortinet. They are great together. They compliment each other nicely.