← SOARPalo Alto XSOAR

StrongStrongStrongStrong

4.5

Vendors › SOAR › Palo Alto XSOAR

Palo Alto XSOAR

Name: Palo Alto XSOAR
Rating: 4.5 (680 reviews)
Author: Palo Alto Networks

Palo Alto Networks

Founded 2005·US·Public

4.5

Combined score

4.4180

Gartner

4.5280

⚠

Security incident on record — CVE-2024-3400 (GlobalProtect zero-day April 2024) — affected PAN-OS not XSOAR

▪ Editorial verdict

Palo Alto Cortex XSOAR has built the most comprehensive SOAR marketplace in the category with 700 plus content packs and integrations, combined with the collaborative war room for joint investigations that is genuinely unique in the SOAR market. The visual playbook editor is consistently praised by SOC analysts for making complex automation workflows accessible without requiring dedicated engineering resources. For organisations already running Palo Alto Cortex XDR and NGFW, the native integration creates a detection-to-response pipeline that third-party SOAR platforms cannot replicate within the Palo Alto ecosystem.

The complex licensing model and some performance concerns in very large concurrent playbook deployments are the most frequently noted limitations.

The verdict: Palo Alto Cortex XSOAR is right for Palo Alto Networks customers wanting native SOAR integrated with Cortex XDR and NGFW with the broadest integration marketplace. Organisations without existing Palo Alto investment should evaluate Swimlane Turbine or Splunk SOAR.

Last reviewed: May 2026

4.4180 reviews

Gartner

4.5280 reviews

PeerSpot

8.6220 reviews

Gartner MQ: Leader (Gartner SOAR MQ 2024)

SOAR assessment

PROTECTIONStrong

Playbook automation

5 / 5

Response action breadth

5 / 5

OPERATIONSStrong

Integration library

5 / 5

Case management

5 / 5

ANALYTICSStrong

SOC metrics & reporting

4 / 5

TRUST & ECOSYSTEMStrong

Enterprise scale & reliability

5 / 5

Strongest: Playbook automation

Watch out for: SOC metrics & reporting

Strengths & limitations

Strengths

●Deepest Cortex XDR and Palo Alto ecosystem integration

●Strong threat intelligence integration via XSOAR Marketplace (900+ integrations)

●Machine learning–assisted investigation reduces analyst investigation time

Watch out for

●Premium pricing — significant investment for SOAR alone

●Complex deployment requiring dedicated SOAR engineers

●Best value only within Palo Alto ecosystem — weaker outside it

Best for

Palo Alto Cortex XDR and NGFW customers wanting unified automated response across the full Palo Alto platform.

Not suitable for: Organisations not invested in Palo Alto ecosystem — other SOAR platforms offer better value outside it.

Compliance coverage

●Essential Eight

●AU Privacy Act

●SOC 2

●HIPAA

●NIST CSF

●PCI-DSS

●CMMC

●GDPR

●NIS2

●DORA

●ISO 27001

●CIS Benchmarks

Switching intelligence

Switching from

Common migration paths based on review data

Manual SOC
IBM Resilient
Demisto (legacy)

Also considering

Vendors typically shortlisted alongside

Also in our database

Palo Alto Networks also appears in:

Cloud Security Posture Management →EDR / XDR →Vulnerability Management →Firewall / UTM / Network Security →ZTNA / Zero Trust Network Access →CASB / Cloud App Security →

← Back to SOAR Compare with other SOAR vendors →

Quick facts

Pricing modelper playbook execution; enterprise custom

Pricing rangeEnterprise custom; typically $50,000-250,000+/year

Free trialNo

Min seatsNo minimum

Deployment time4-8 weeks

Complexity4 / 5

Pricing transparency2 / 5

AU presenceYes

IRAP assessedYes

Open sourceProprietary

Deployment

ModelsSaaS, On-premises, Hybrid

OS supportCloud-native, On-premises

CloudAWS, Azure, GCP

Support24/7 Phone, Email, Dedicated CSM, Professional Services

Data residencyUS, EU, AU

Company

Palo Alto Networks

Founded 2005 · 15,000+ employees · Public

HQ: US

$8B+ revenue FY2024

Certifications

FedRAMP High, SOC 2 Type II, ISO 27001, PCI-DSS, IRAP PROTECTED

Integrations

Cortex XDRNGFWPrisma CloudCrowdStrikeMicrosoft DefenderServiceNowJira900+ marketplace integrations