Our primary use case for Cortex XDR is to bridge the gap between a Security Information and Event Management (SIEM) system and an Endpoint Detection and Response (EDR) solution. We use it to fetch data from network devices and endpoints, perform comparisons, and generate alerts. It is useful for detecting impossible travel scenarios where a user's IP address switches rapidly between geographically distant locations, which can indicate VPN use or other anomalies.

The product's most valuable feature is the ability to integrate and correlate data from network and endpoint sources. This comprehensive visibility allows us to quickly identify and respond to threats, such as impossible travel scenarios, with greater accuracy and speed.

The product could be improved in several areas. The complexity and confusion regarding product variants, such as XDR, Forexiant, and Forexon, must be addressed. There is also a need for clearer differentiation between features and capabilities within Cortex's suite, as the overlap between XDR and XIM can be confusing.

Improvements in the user interface and more intuitive KQL query handling could also enhance usability. Additionally, better support for various deployment scenarios and cost management options would be beneficial.

I have been using Cortex for approximately two years.

The solution's stability is generally good.

The solution scales well. It is deployed without major issues across 60,000 endpoints in our organization.

Customer support quality varies depending on the support plan. The premium plan offers excellent support. However, if you opt for a standard plan, the level of support may be less satisfactory.

Positive

The initial setup was relatively straightforward. Modern methods, such as pushing clients over port 443, have made deploying endpoints easier than legacy systems.

Cortex XDR is a costly solution.

Overall, Cortex XDR is good software. Ensure you have the financial resources to support the investment or consider alternative solutions if cost is a significant concern.

I rate it a nine out of ten. 

With Cortex, we can automate the analysis of all the alerts. We use it to automate any kind of activity.

The solution's most valuable feature is writing playbooks. Playbooks are a feature in Cortex that allows us to customize many activities according to an organization's requirements. It's basically a kind of threat-handling feature.

It would be more beneficial to integrate threat intelligence in Cortex.

I have been using Cortex for three years.

Cortex is a stable solution.

Three people use the solution in our organization.

I had a very nice conversation with the solution's technical support team, and it was a very good experience.

The solution’s initial setup is very easy.

Cortex is an expensive solution.

Our company decided to use Cortex because it is very easy to use and deploy in our environment. I would recommend the solution to other users. Cortex is worth the money. It is very easy for a beginner to learn to use Cortex for the first time.

Overall, I rate the solution an eight out of ten.

Cortex is an automation tool, which I have used to make manual processes flow in an automated way. We need to create flows to automate the manual processes.

Cortex orchestration, which I have used to make process automations. That is the Cortex Automation.

I liked the flow creation and the way it handled orchestration from a development point of view. However, my opinion has changed a bit since using ServiceNow, which is more flexible compared to Cortex. In order to create the pro-designer and process automation. 

It was mainly used for automation. For example, a telecom company needed to handle multiple network devices like Cisco devices. They had to check compliance, functionalities, and expiry dates manually. We automated those technical operations.

First of all, it's not very user-friendly. It's quite lagging and not very fast. I believe it's developed in C#, which makes it a bit slow. 

There are many hidden structures, so sometimes the flow gets stuck. We have communicated with Cortex community, and they are still working on these issues. System slowness and performance are the main concerns.

I used it for one year. 

I would rate it a six out of ten, with one being low and ten being high because I have only about one and a half years of experience with Cortex. So, I would rate it a six due to its slowness and complexity.

There were around 20 end users. 

They sometimes delay in providing answers and often don't give proper answers.

Neutral

Recently, I moved to the ServiceNow platform.

To create processes and automate them, ServiceNow offers more flexibility.

Cortex is a single point for automation. For end-to-end deployment, it involves front-end and back-end technologies. We have implemented Logix in Cortex to communicate with network devices. So, we haven't faced any issues during deployment, but after deployment, the slowness of Cortex application or system becomes apparent.

Deployment model:

It's deployed on-premises because I worked for an IT company. They had a relationship with Cortex, and we provided automation services to a telecom client using Cortex.

Integration:

It was easy to integrate Cortex with existing infrastructure and other tech tools. We have done integrations with Amdocs products for the telecom industry using MuleSoft, webMethods, and REST APIs, so it definitely supports these.

It's cheaper. For example, if UiPath costs ten dollars, Cortex might be around three to four dollars. But I'm not part of the pricing team, so this is just my opinion.

It's not difficult for a beginner to learn to use Cortex. I started as a beginner, and it was manageable. It just depends on the learner's interest.

I would rate it a seven out of ten. However, compared to other automation tools, Cortex is not the best, according to current market trends.

I suggest looking at alternatives like UiPath and Automation Anywhere. I don't have experience with them, but they are trending in the market. 

Currently, ServiceNow is also popular for automation purposes.