Palo Alto Networks Cortex XSOAR vs. Splunk SOAR

XSOAR is well suited for phishing detection and response. Phishing alerts are as much of a
problem today as they were decades ago. This is because: ●Attackers Can leverage automation to launch high-quantity phishing attacks with the click
of a button.
●Spear Phishing attacks are sophisticated and sometimes indistinguishable from real
emails, resulting in compromise through human error.
●Security Teams aren’t able to follow set processes while responding to phishing alerts.
They must coordinate across email inboxes, threat intel, NGFW, ticketing, and
other tools. Each tool has different consoles, data conventions, and contexts,
making it difficult for security teams to fill in the gaps while minimizing
errors. XSOAR is less suited for analyzing traffic.

Incentivized

Our company has very complex and dynamic security operations because of the large number of security tools and systems that we need to manage and coordinate. Moreover, it helps us to meet many regulatory and compliance requirements because it helps us to automate and document our security operations. We also use it to streamline our security operations and improve our response to potential threats.

Incentivized

• Automation with immediate security responses.
• Comprehensive phishing protection and increased email protection.
• Analysis and reporting feature.
• Intuitive and easy-to-view panels.
• Alerts by email and sms of incidents for the administration.
• Centralized monitoring.

Incentivized

• Its security orchestration and integration capability that supports multiple tools.
• Easy coding that automates our security actions.
• Enables us to easily collaborate and respond to security issues faster.
• Splunk SOAR is a flexible product that is easy to deploy.
• Efficient tracking and monitoring capability.
• Excellent real-time reporting functionality.

Incentivized

• The XSOAR bot creates a lot of noise on the summary page of any XSOAR incident. Although the filter is available to reduce the view, by default this should not be visible cluttering the whole scenario.
• The interface has too much data on a single pane. I would love to have many buttons to just click and do stuff.
• Also, I would love to have search areas more interactive and easier to navigate.

• A lack of instruction It can be difficult to contact the support staff. Limited experience from current users.
• It takes some effort to set up and learn new technology at first. More assistance is required from the support staff. The product's price needs to go down.
• Cost of the larger version.

Incentivized

It has proven to be far to valuable and effective to consider getting rid of it. Until something better comes along, this is staying in our product stack.

Incentivized

As we already have a lot of clients being catered with Splunk SOAR and because Splunk SOAR is robust and efficient, we are already using it, and we have understood the product to a certain extent, I feel we are personally more enticed to use and scale it to a lot of business.

Incentivized

Not immediate: it always requires a training.

Incentivized

We are able to automate almost every one of our use cases, even our threat-hunting, and threat intel procedures. We have 20+ playbooks and cover almost everything, even searching logs into Splunk, looking into TIP and external systems, enrichment, and collecting evidence for analysts; it can perform concurrent playbooks running.

Incentivized

Splunk Support is always great! In addition the Community is very efficient and active.

Incentivized

I never followed an in-person training, I gave my evaluation based on the online training

Incentivized

I followed training for Phantom admins and it opened a world for me

Incentivized

It was much easier than we all anticipated.

Incentivized

I already said that the main key insight is the knowledge of Phantom, so a detailed training for all the people involeved.

Incentivized

The quantity of integrations with security solutions is highest in Palo Alto Solution. The capacity to identify anomalous events is much better in Palo Alto Networks Cortex XSOAR. The flexibility of increased storage area is better as well. The dashboard is very intuitive about showing the most important incidents and how to resolve them.

Incentivized

Splunk Phantom integrates well with Splunk ES and has many integrations. One thing that I liked about XSOAR as compared to Phantom is that it has an "app-store" where you can download not only app integrations (similar to Phantom) but Playbooks and dashboards as well.

Incentivized

me and the customers I encountered found it flexible and scalable

Incentivized

• Demisto has Eased malware analysis and threat hunting
• With Demisto, it is simple to create playbooks and scripts
• This is helped automate policy configurations on our PA firewalls through Panorama

Incentivized

• The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable
• Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task

Incentivized