If you were talking to someone whose organization is considering Palo Alto Networks Cortex XSOAR, what would you say?
How would you rate it and why? Any other tips or advice?
I would rate Palo Alto a nine out of ten. My advice would be to do the same type of research I did to ensure that it's the appropriate fit for your use case. If it's an organization that has an already existing incident management system, make sure that you can customize it so you can reduce the learning curve for your investigators in order to be able to transition from your old IMS over to the new IMS, which would be XSOAR. That's the reason why I took so much time in order to ensure that the customization was there in order to allow me to mimic what we already had in IMS and transition that over to XSOAR. That way, the investigators had a lot less of a learning curve. The only learning curve they had was, "Here's the investigation tab. There's all the data that you need in order to make your verdict. Make your verdict." But as far as writing all the reports, call-down lists, and all that other stuff, that's all part of our original process that I transitioned over to XSOAR.
Have a very good understanding of what you want to automate. Define the process and make sure the integrations you need are available out of the box. I would also suggest starting simple. Try easy use cases first and until you feel confident before you get into more complex use cases. I would rate Palo Alto Networks Cortex XSOAR a nine out of ten.
I'm not sure which version of the solution we're using at this time. I'd rate the solution at an eight out of ten. We've been quite pleased with its capabilities. The only thing is it is pretty expensive. I'd recommend other users work both with Palo Alto and Fortinet. They are great together. They compliment each other nicely.
I would recommend this solution to those that already have a SOC or a NOC. It will enhance their logs and XSOAR will handle their internet activities. If they are not involved with SOCs or NOCs then I do not think they require this solution. I rate Palo Alto Networks Cortex XSOAR an eight out of ten.
We are a partner for Palo Alto. I have been certified with them. I did certifications around their certificates when they were Demisto, however, right now, we are Palo Alto partners. It's not a SIEM product, however, it's a next-gen automation platform for SIEM SOC services. I'd advise companies considering the solution to assess the existing environment before they go ahead and choose something. This solution is basically built for a vast organization or a medium and big organization. Smaller organizations have other options which are available to them that might be more appropriate. Companies should assess the product before it's brought on, as the cost is high. Businesses need to check their budget around that, and whether it will be flexible or not. It's also important to have a proper engineering and design team to implement that product. I'd rate the solution at a nine out of ten overall.
We have the solution integrated into our QRadar. In the time we've used it, from what I've experienced, I'd rate the product at an eight out of ten. We've had a very positive experience. I would recommend the solution to other companies.
For each SOC and MSS environment, I would recommend using Cortex XSOAR for better productivity, scalability, performance, and efficiency. A lot of manual work is happening right now, and that could be avoided. People can be utilized for more productive work. I would rate Palo Alto Network Cortex XSOAR an eight out of ten.
Demisto is a product that I recommend. I would rate this solution an eight out of ten.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
Let the community know what you think. Share your opinions now!