Palo Alto Networks Cortex XDR vs. Splunk Enterprise

Palo Alto Networks Cortex XDR

Splunk Enterprise

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
Palo Alto Networks Cortex XDR	Score 8.6 out of 10	N/A	Traps replaces traditional antivirus with multi-method prevention, a proprietary combination of malware and exploit prevention methods that protect users and endpoints from known and unknown threats.	N/A
Splunk Enterprise	Score 8.5 out of 10	N/A	Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.	N/A

Pricing

Palo Alto Networks Cortex XDR

Splunk Enterprise

Editions & Modules

No answers on this topic

Offerings

Pricing Offerings
Palo Alto Networks Cortex XDR	Splunk Enterprise
Free Trial
No	Yes
Free/Freemium Version
No	Yes
Premium Consulting/Integration Services
No	No

Entry-level Setup Fee

No setup fee

Additional Details

—

More Pricing Information

Community Pulse
	Palo Alto Networks Cortex XDR	Splunk Enterprise
Considered Both Products	Palo Alto Networks Cortex XDR No answer on this topic	Splunk Enterprise Verified User Vice-President Chose Splunk Enterprise All the logs from those security devices or systems are pumping to the Splunk Enterprise and being correlated by the Enterprise Security. However, there are some difficulties in tuning the Data Model, which results in a lot of false positive. This could occur due to the lack of … Incentivized Helpful?
Top Pros	Pro Zero day Pro Ransomware protection Pro Mobile devices	Pro Real time Pro Easy to use Pro Set up
Top Cons	Minus Endpoint protection Minus Custom software Minus Machine learning	Minus Learning curve Minus Steep learning curve Minus Ability to create

Features

Palo Alto Networks Cortex XDR

Splunk Enterprise

Security Information and Event Management (SIEM)

Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
	Palo Alto Networks Cortex XDR - Ratings	Splunk Enterprise 7.2 56 Ratings 8% below category average
Centralized event and log data collection	00 Ratings	8.055 Ratings
Correlation	00 Ratings	7.954 Ratings
Event and log normalization/management	00 Ratings	8.255 Ratings
Deployment flexibility	00 Ratings	7.250 Ratings
Integration with Identity and Access Management Tools	00 Ratings	6.651 Ratings
Custom dashboards and workspaces	00 Ratings	7.056 Ratings
Host and network-based intrusion detection	00 Ratings	5.639 Ratings
Data integration/API management	00 Ratings	8.26 Ratings
Behavioral analytics and baselining	00 Ratings	6.66 Ratings
Rules-based and algorithmic detection thresholds	00 Ratings	7.66 Ratings
Response orchestration and automation	00 Ratings	7.05 Ratings
Reporting and compliance management	00 Ratings	6.96 Ratings
Incident indexing/searching	00 Ratings	7.57 Ratings

Best Alternatives
	Palo Alto Networks Cortex XDR	Splunk Enterprise
Small Businesses	Watchguard Endpoint Security Score 9.0 out of 10	AlienVault USM Score 7.1 out of 10
Medium-sized Companies	InsightIDR Score 9.2 out of 10	InsightIDR Score 9.2 out of 10
Enterprises	InsightIDR Score 9.2 out of 10	InsightIDR Score 9.2 out of 10
All Alternatives	View all alternatives	View all alternatives

User Ratings
	Palo Alto Networks Cortex XDR	Splunk Enterprise
Likelihood to Recommend	9.0 (13 ratings)	7.7 (73 ratings)
Likelihood to Renew	- (0 ratings)	10.0 (17 ratings)
Usability	6.4 (2 ratings)	8.3 (6 ratings)
Availability	- (0 ratings)	10.0 (1 ratings)
Support Rating	10.0 (3 ratings)	8.4 (17 ratings)
Online Training	- (0 ratings)	8.0 (1 ratings)
Implementation Rating	- (0 ratings)	9.0 (2 ratings)
Product Scalability	- (0 ratings)	9.1 (1 ratings)

User Testimonials
	Palo Alto Networks Cortex XDR	Splunk Enterprise
Likelihood to Recommend	Palo Alto Networks Malware that doesn’t leave files behind has become widely available. Anyone who can afford to reverse this trend should purchase technology. Application whitelisting isn’t for everyone, and Palo Alto Networks Traps can help. Enterprises looking for a low-affected, next-generation solution with high protection should consider it. PAN Traps is a great product at a reasonable price, and I highly recommend it. Incentivized Mst Rahima Khatun Marketing Product Management Read full review	Splunk Pros: Splunk is very well suited if you have multiple log sources of related data. All of them can be correlated and tasks can be automated based on the requirement. Other than alerts, Splunk can also run a specific script of your choice, based on some defined conditions. Cons: If you have a few logs but a large number of log sources, Splunk can be very expensive. Incentivized Kuntal Das Security Analyst Read full review
Pros	Palo Alto Networks Direct Access to devices via Live Terminal which provides operations with scripting, triage, and preservation of artifacts. Behavioral Indicators of Compromise which provides alerts on events regarding groups of hosts and their signatures. Querying complex data sets involving a variety of devices for network connections, hashes, DNS, etc. Incentivized Verified User Anonymous Read full review	Splunk Real-time + Scheduled alerts - i-e you can set up alerts which are actively monitoring your logs Pretty good response time for search results. With our key/value logging, Splunk makes it blazing fast to query the data. Dashboards provide insights into historical data Love how Splunk indexes all of the data and provides keys to search on Incentivized Pooja Gada Engineering Tech Lead Read full review
Cons	Palo Alto Networks Traps doesn't seem to function as a traditional A/V very well, so it's better as another layer to your endpoint protection Traps can cause issues with some legacy or custom programs, so exceptions may have to be made Traps falsely identifies things as malicious at times, this is not often though Incentivized Verified User Anonymous Read full review	Splunk At times some queries can run slowly if indices are not on a portion of the query you use. Setup time initially can be difficult if your logs aren't stored in common locations or in a common way to write the log. Ability to ingest logs from different locations without having to change code to put logs in a certain place (pro and con). Searches can be a bit more difficult to look through if your log isn't pulled in a manner that is easy to read through splunk. Incentivized Verified User Anonymous Read full review
Likelihood to Renew	Palo Alto Networks No answers on this topic	Splunk We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks. Verified User Anonymous Read full review
Usability	Palo Alto Networks Cortex XDR does a very good job of blocking suspicious and threatening items. However, as with all software of this nature, it will sometimes block known-good items. The difficulty is in manually whitelisting these known-good items. The interface to whitelist is confusing even for a seasoned IT professional and has been the single most frustrating experience of using Cortex XDR Incentivized Verified User Anonymous Read full review	Splunk You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all. Incentivized Kenneth Taitingfong Splunk Architect / Engineer Read full review
Reliability and Availability	Palo Alto Networks No answers on this topic	Splunk When properly setup and configured, Splunk is extremely reliable. Incentivized Verified User Anonymous Read full review
Support Rating	Palo Alto Networks The support we receive from Palo Alto is one of the best aspects of Traps. It is very easy to recommend their support. It seems much easier to connect directly with someone with a deep understanding of the product rather than other companies where you basically have to make an airtight case that it is some kind of non-standard issue that can't be solved with existing documentation. Palo Alto digs deep and helps with advanced troubleshooting to get things working. Incentivized Verified User Anonymous Read full review	Splunk Splunk maintains a well resourced support system that has been consistent since we purchased the product. They help out in a timely manner and provide expert level information as needed. We typically open cases online and communicate when possible via e-mail and are able to resolve most issues with that method. Incentivized Verified User Anonymous Read full review
Online Training	Palo Alto Networks No answers on this topic	Splunk The online course was simple clear and described the main capabilities of the solution. There is also an initial module that can be done for free so anyone can familiarize themselves with the functionality of this solution. On the other hand, however, there could be more free online courses. Maybe even with a certificate, this would broaden the group of people who are familiar with the platform while increasing familiarity with the solution itself. Verified User Anonymous Read full review
Implementation Rating	Palo Alto Networks No answers on this topic	Splunk Smooth without too many major issues. Incentivized Verified User Anonymous Read full review
Alternatives Considered	Palo Alto Networks Traps is the slickest interface, easy to use and intuitive rule making, and the rest just didn't quite stack up to the performance level of Traps. McAfee and Kaspersky just hog processor and RAM power. I didn't like the interface and functionality of SentinelOne as much as Traps. Palo Alto really put a lot of time into the development of this software, and had some of the founding fathers of IT Security heading the development process. Can't beat that. Incentivized DeForge, Peter Systems Support Analyst Read full review	Splunk I wanted to learn a new language that I can quickly master and implement. Splunk is easy, fun to use and best of all, it can be developed in hours not days or weeks. Splunk is fundamentally a programming language that is minimal but yet powerful enough to collect, analyze and visualize data. Incentivized Verified User Anonymous Read full review
Scalability	Palo Alto Networks No answers on this topic	Splunk Splunk can scale in to the petabyte per day range which of course is awesome Rick Yetter Regional Director Read full review
Return on Investment	Palo Alto Networks After putting Palo Alto Networks Cortex XDR on a user's system, users came back with a positive response that there are no performance issues now. We are able to track and control granular suspicious and malicious activities. Web controls are missing, which if they would have been there would have been very helpful. Incentivized DS Darshil Sanghvi Presales Read full review	Splunk Overall very positive. It has provided visibility to what is going on within our network. One drawback is the time it takes to get up to speed with the application, but this is up to the user, and Splunk education is excellent. In my field, IT Security, there are few other friends to have in your back pocket better than Splunk. They are just that good. Incentivized Verified User Anonymous Read full review
ScreenShots