We performed a comparison between Palo Alto Networks Cortex XSOAR and Trellix Helix based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"It's pretty powerful and its performance is pretty good."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Log aggregation and data connectors are the most valuable features."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"I chose Cortex XSOAR because the client also has Palo Alto firewalls. I can incorporate the data from the Palo Alto firewalls into Cortex and send it into the same data lake to manipulate that data. It lets me manage and monitor the data in one place."
"Palo Alto is easy to use."
"The solution is easy to deploy."
"I have no complaints about Cortex's stability."
"We use the solution to automate our SIEM tools and incidents."
"The solution provides threat intelligence with EDR."
"The automation is excellent."
"I am satisfied with the product overall."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"The most valuable features include predefined use cases and threatening states."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"We'd like also a better ticketing system, which is older."
"We'd like to see more connectors."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"There is room for improvement in terms of the pricing model."
"The solution is complicated to learn."
"It is been decommissioned by Palo Alto."
"With Palo Alto Networks Cortex XSOAR, managing its setup phase can be a complicated task."
"It doesn't offer automatic internet reports out of the box."
"They should provide integration with machine learning platforms."
"There is room for improvement in support. The response time could be faster."
"The configuration of the solution could improve it is difficult."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
"It should have more cloud connectors. It could also be cheaper."
"Integrations could be improved, and the dashboard could be a little better."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while Trellix Helix is ranked 31st in Security Information and Event Management (SIEM) with 7 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while Trellix Helix is rated 8.6. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient, whereas Trellix Helix is most compared with LogRhythm SIEM, Splunk Enterprise Security, Trellix ESM, IBM Security QRadar and Cisco SecureX.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.