Palo Alto Networks Cortex XSOAR Reviews

I mainly use Cortex XSOAR to automate cybersecurity and the SOC environment.

To minimize manual tasks and increase level of automation. 

Cortex XSOAR drastically reduces trivial tasks inside the SOC environment, which provides a huge benefit for L1 analysts.

Cortex XSOAR's most valuable features are the playbooks, custom integration, the machine-learning model, and the layout, classifier, and mapper.

Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations. In the next release, Palo Alto should include popup features - for example, if someone is working on an incident, it should pop up and display in front of me once it's clicked.

4 years

Cortex XSOAR is very stable in our environment, and we haven't seen any platform issues with it.

Cortex XSOAR is scalable.

Palo Alto's support services require a lot of improvement.

I used Qradar SOAR . Cortex xsoar support is very good and contain lot of OOTB playbooks but comparatively qradar soar lack in OOTB Playbooks. 

The initial setup is very easy. Also in latest version platform is managed by Palo alto cloud itself and rest of the configuration is done from UI itself. 

So zero load in configuring platform. 

Cortex XSOAR's license price could be lower.

I would give Cortex SOAR a rating of eight out of ten.

As an integrator, I have used Palo Alto Networks Cortex XSOAR in various customer environments for a wide range of purposes. This includes improving IT security, streamlining operations, automating incident response actions, creating playbooks with approvals, and enhancing integrations with different security tools. In essence, Cortex XSOAR serves as a versatile platform that helps address multiple cybersecurity and operational needs in organizations.

What I like most about Palo Alto Networks Cortex XSOAR is how user-friendly it is for development. It is much simpler to work with compared to similar tools I've used. If you can think of it, you can probably do it. However, there are some limitations, but speed isn't one of them.

One limitation I have noticed with Cortex XSOAR is that it doesn't offer automatic threat intel reports out of the box. However, you can achieve this through coding, and we have managed to do it in our own environment using scripts and playbooks. It is not a built-in feature, but it is possible with some coding skills. The good news is that Palo Alto Networks plans to make this process more automated in the future, but it is not available yet.

I have been using Palo Alto Networks Cortex XSOAR for three years.

Cortex XSOAR's stability depends on the right sizing. When sized correctly, it is very stable and I would rate it a strong nine out of ten. But if the sizing is wrong, performance problems can arise. For instance, customers with closed storage systems had issues during heavy workloads. To keep it stable, having at least 3,000 IOPs is advised, especially for customers with high storage needs. So, sizing is key for a successful and stable experience.

Cortex XSOAR is generally scalable and I would rate the scalability an eight out of ten. It is a bit challenging to migrate it from a regular database to a high-availability Elastic database, but it is possible. The ease of migration depends on how well it was planned from the start. Overall, it is a good option for scalability, but careful planning is essential for smooth transitions. The engine, which acts as a broker for connections and integrations in Cortex XSOAR, is highly efficient and reliable.

The initial setup of Cortex XSOAR is generally straightforward, but it can get a bit tricky when dealing with a lot of use cases. If you plan to create large playbooks, it is crucial to size the system correctly from the start. Otherwise, you might run into performance issues. Apart from that, there aren't many problems with the implementation process. The challenge mainly revolves around sizing the system correctly, especially when customers have lots of ideas that could make playbooks complex and resource-intensive. So, it is important to plan carefully in such cases. In the best-case scenario, deploying Cortex XSOAR can be done in about 30 minutes when everything is prepared and ready. However, for full integration into the customer's environment, assuming no restrictions or communication issues, it might take roughly two and a half hours.

Overall, I would rate the solution an eight out of ten. My advice to new users would be to plan ahead before implementing Cortex XSOAR. Understand your use cases well and have a solid strategy because the implementation is an ongoing process that you can always improve. Consider creating an adoption plan for what you will do this year and next year in terms of integration and use cases. Keep it user-friendly and introduce use cases gradually to your team instead of overwhelming them all at once. It's about taking steps to make it effective over time.

The solution is used for security. 

Palo Alto is easy to use. 

The dashboard could be better. 

I have used Palo Alto Network Cortex for six months. 

There are issues with stability as it was giving false positives and has bugs. I rate the stability a seven out of ten. 

It is a scalable solution. There are two hundred users using the solution at present. I rate the scalability an eight out of ten. 

The solution was deployed by analysts. 

I rate the overall solution an eight out of ten. 

I'm currently evaluating XSOAR to see what the solution can do. I'm playing around with the various features. 

The drag-and-drop interface enables analysts with no programming knowledge to create playbooks easily. 

XSOAR could have more integration options. 

I have used XSOAR for two months.

XSOAR is stable. 

Setting up XSOAR is straightforward and takes about 30 minutes. It doesn't require any special technology to implement it in any architecture.  You create a virtual machine, move the file to it, launch the installer, and let it run. It doesn't require any complex tasks. 

I rate Palo Alto Networks Cortex XSOAR nine out of 10. 

We use the solution to create playbooks for all the operational programs.

The solution's integration with non-security solutions will be helpful.

We have been using the solution for almost two years now.

The solution is stable. I rate its stability an eight.

I rate the solution's scalability as an eight. It is complex to scale.

The solution's technical support team takes longer to reply to the queries.

Neutral

The solution's initial setup process is straightforward.

The solution's cost is reasonable. I rate its pricing as a five.

I rate the solution an eight.

We are using Palo Alto Networks Cortex XSOAR for automation.

The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case.

Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly.

I have been using Palo Alto Networks Cortex XSOAR for approximately six months.

Palo Alto Networks Cortex XSOAR is a stable solution.

The scalability of Palo Alto Networks Cortex XSOAR is fine for what we are using it for.

We have our SecOps department of user 50 people that are using the solution for alerts. We plan to increase usage in the future.

The support from Palo Alto Networks Cortex XSOAR could improve. However, a lot of the support is poor.

We have three people in the security operations that do the maintenance and support of Palo Alto Networks Cortex XSOAR.

The price of Palo Alto Networks Cortex XSOAR is comparable to other solutions in the market.

I rate Palo Alto Networks Cortex XSOAR a six out of ten.

We primarily use the solution for network inspection.

The solution works well.

It’s easy to install.

It’s stable.

The solution can scale as needed.

The stability could be better.

The integration could be better. Cortex, for example, does not work with iPhone.

I’ve been using the solution for less than one year.

Right now, it’s been stable for us. We may consider something from Microsoft in the future. It’s possible it could be more stable.

The solution is quite scalable. If a company needs to expand it, it can do so.

At the moment, we don’t actually get support from Palo Alto as we’ve never needed any help. I can’t say how helpful or responsive they would be.

We’ve also worked with CrowdStrike. We switched as we weren’t happy with their detection capabilities.

The installation is very easy to set up. It’s not overly complex or difficult.

The deployment took less than a week. I recall we had it up and running within a couple of days.

In our case, we went to a consultant for installation assistance. However, a company might likely be able to handle it on its own.

I can’t speak to the exact cost of the solution.

This is a SaaS product.

I’d rate the solution nine out of ten.

I'm using Cortex XSOAR to manage our network security.

I've been using Cortex XSOAR for about one year.

I have no complaints about Cortex's stability.

As far as I know, Cortex XSOAR's scalability is okay. I'm just a user, so I don't know.

Setting up Cortex is straightforward. This use case is the easiest to implement. I had help from two or three technicians.

I rate Palo Alto Networks Cortex XSOAR eight out of 10. I would recommend it to others.