Skip to main content
TrustRadius
Palo Alto Networks Cortex XSOAR

Palo Alto Networks Cortex XSOAR
Formerly Demisto

Overview

What is Palo Alto Networks Cortex XSOAR?

Cortex XSOAR, formerly Demisto and now from Palo Alto Networks since it was acquired in March 2019, provides orchestration to enable security teams to ingest alerts across sources and execute standardized, automatable playbooks for accelerated incident response. Its playbooks are…

Read more
Recent Reviews

TrustRadius Insights

Users have found that the product greatly improves incident response efficiency by automating controls in response to detected incidents. …
Continue reading

Very good SOAR solution

8 out of 10
January 09, 2023
Incentivized
●Standardize and scale processes: Demisto playbooks help you codify and enforce a process that’s common across your security team. These …
Continue reading
Read all reviews
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Palo Alto Networks Cortex XSOAR?

Cortex XSOAR, formerly Demisto and now from Palo Alto Networks since it was acquired in March 2019, provides orchestration to enable security teams to ingest alerts across sources and execute standardized, automatable playbooks for accelerated incident response. Its playbooks are powered by…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

21 people also want pricing

Alternatives Pricing

What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Return to navigation

Product Details

What is Palo Alto Networks Cortex XSOAR?

Palo Alto Networks Cortex XSOAR Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(21)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Users have found that the product greatly improves incident response efficiency by automating controls in response to detected incidents. This automation streamlines and expedites the incident response process, allowing analysts to focus on more critical tasks. Additionally, the product is used for documentation and escalation of sensitive cases within the team and the extended information security team, ensuring that all relevant information is properly documented and shared with the appropriate stakeholders.

Analysts have reported significant time savings and improved analysis capabilities thanks to the product's IOC enrichment feature. This feature allows for quick enrichment of indicators of compromise, saving analysts from manually searching for information and aiding in the analysis of cybersecurity incidents. Moreover, the product seamlessly enables SOC teams to triage and investigate malicious traffic, enhancing the organization's overall network security posture.

The playbooks provided by the product have been highly beneficial to security teams as they standardize and scale processes, increasing efficiencies across the board. By leveraging these playbooks, security analysts can automate thousands of actions across various security products, resulting in lower response times to security incidents. Additionally, the product allows for coordination of actions across different security products, providing a process-centric view for incident response.

The IT Security department primarily relies on the product for automation, secops, logging, compliance, and HiTrust certification reporting. By automating these crucial processes, the department can ensure compliance with regulatory requirements while also improving operational efficiency. Users have been using this product successfully for over a year to automate and orchestrate security processes, integrating various tools and systems to gain a complete view of their IT environment.

The automated phishing protection functionality offered by the product has proven highly effective in reducing security incidents via email. By automatically identifying and blocking phishing attempts, organizations can significantly enhance their email security posture. Moreover, the product excels at collecting and analyzing data in one centralized place, saving valuable time for security analysts and enabling comprehensive security analytics.

Integration capabilities are a key strength of the product, allowing users to consolidate cybersecurity incidents from various security products into a single platform. This centralized view simplifies incident management and enables more efficient collaboration between different teams. Finally, the product's IOC enrichment feature continues to be highly appreciated by cybersecurity professionals, as it provides valuable context and insights to aid in the analysis of cybersecurity incidents.

In summary, this product offers a range of valuable use cases for security teams. From automating controls and incident response to enabling documentation and escalation of sensitive cases, this product significantly improves efficiency and streamlines processes. Analysts benefit from the product's automation capabilities, IOC enrichment feature, playbooks for standardized processes, integration capabilities, and automated phishing protection functionality. Moreover, IT Security departments rely on the product for automation, secops, logging, compliance, and HiTrust certification reporting. With its comprehensive functionality and ease of use, this product proves to be an essential tool for enhancing network security posture and maintaining a proactive approach to cybersecurity.

Comprehensive Automation: Many users have stated that the product offers comprehensive automation capabilities for necessary operations after a security event. This feature allows users to streamline their operations and improve efficiency by automating repetitive tasks.

Wide Range of Integrations: Several reviewers have mentioned that the product provides a wide range of integrations, allowing for seamless integration with various platforms, including mobiles. This enhances the accessibility of the Management App provided by the product across different platforms.

Threat Detection and Response Enhancement: A significant number of users have praised the product's IOC enrichment feature, which enables them to enrich IP, URL, and File Hashes. By enhancing threat detection effectiveness, this feature aids in proactive threat detection and response.

  • Cluttered Summary Page: Some users have mentioned that the XSOAR bot creates a lot of noise on the summary page of any XSOAR incident, which can clutter the whole scenario and make it difficult to focus on important information.

  • Overwhelming Interface: Several users have found the interface overwhelming, with too much data displayed on a single pane. They expressed a desire for more interactive and easier-to-navigate search areas to improve usability.

  • Stability Issues with SAML Authentication: A number of users have experienced stability issues with SAML authentication, stating that it has caused numerous problems and inconveniences during their usage of the platform.

Attribute Ratings

Reviews

(1-8 of 8)
Companies can't remove reviews or game the system. Here's why
January 09, 2023

Very good SOAR solution

Score 8 out of 10
Vetted Review
Verified User
Incentivized
●Standardize and scale processes: Demisto playbooks help you codify and enforce a process that’s common across your security team. These playbooks can be fully automated, fully manual, or any combination of the two, with each scenario having its own advantages for increased efficiencies.

●Lower response times with automation: Demisto can automate thousands of actions across your security products, handing back time to you for investigation and decision-making. This automation can be for alert ingestion, data gathering, response actions, and updating info back in the point products.

●Coordinate actions across security products: You now have a process-centric view of how to respond to a particular incident that’s not tied to any one security product. All security products have their purpose, but playbooks provide you with an abstract view of the ‘process’ and make it easier to replace one product with another whenever you need to.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Palo Alto Networks helps us a lot. It collects all the data in one place and the security analytics can be performed on that and which will save a lot of time. Some security tasks can be automated and thus productivity of staff is increased. Integration are also available. CyberSecurity incident can be catched in one platform itself. The IOC enrichment features is also helpful.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We have been using the Palo Alto Networks Cortex XSOAR solution for over 1 year with the main mission of automating and seeking the orchestration of our security processes and integrating the other tools and systems that we use in our data network in order to simplify and obtain the complete and faster view of our entire IT environment. Automated phishing protection functionality has dramatically reduced security incidents that occur via email and also creates a data enrichment process to review security incidents and findings from reports.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We currently have several security tools and services in the company and all these tools and services generate records of activities and events handled. With the volume of information generated today, it is impossible for a human being to keep analyzing these records/logs because surely some event will be lost due to analysis fatigue or the difficulty of correlating events from one tool with another. We also needed a technology that would allow automation of controls to be applied in response to any incident detected.
Score 9 out of 10
Vetted Review
Verified User
This product is being used as the SOAR platform for automation. Automating the repetitive security alerts is the main goal currently served by XSOAR. Also for documentation and escalation of sensitive cases within the team and in the extended information security team, we use it on a daily basis. It also helps analysts with required IOC enrichments, which is quite helpful and a time saver.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
It is currently used by our IT Security department only. We use it primarily for its automation but also to a smaller extent for secops, and logging and compliance. We also use it for HiTrust certification in that we can report what we have seen.
Score 6 out of 10
Vetted Review
Verified User
Incentivized
With Palo Alto Networks Cortex XSOAR (formerly Demisto) in our organization, our SOC team is seamlessly able to triage and investigate malicious traffic in our network. This is hence enhancing our network security posture. We have also created playbooks and integrated our firewalls to automate policy creation at time of any attacks are being identified.
Return to navigation