Demisto
Demisto
Updated August 20, 2025
Updated August 20, 2025
Demisto enables teams to coordinate and automate incident response workflows through a unified interface. It supports integration with a wide range of security tools and provides case management capabilities.
Demisto enables teams to coordinate and automate incident response workflows through a unified interface. It supports integration with a wide range of security tools and provides case management capabilities.
Security Orchestration Automation and Response
Compare products
Cost considerations
Cost considerations
Functionality
Functionality
Compatibility
Compatibility
User experience
User experience
Customer support
Customer support
Why these ratings?
Cyberse perspective
Cyberse perspective
Solution details
Target industry
Technology
Public sector
Industrials
Healthcare
Retail
Manufacturing
Financial services
Services support
Third party integrators
Managed services
Product features
Security Orchestration Automation and Response (SOAR)
Security operations management
Threat intelligence
Threat detection and response
Pricing
Free trial available
Market segment
Enterprise
Midmarket
Key features
API access
Platform solution
Integrations
Endpoint security
Cloud security
Governance Risk and Compliance
Network security
Deployment
On-premises
Cloud-hosted
Cloud ecosystem partners
Amazon Web Services
Google Cloud Platform
Ratings
Cost considerations
Palo Alto’s price list shows US $250 K–$312 K for a perpetual Cortex XSOAR license with threat-intel sold separately, putting Demisto at the top end of SOAR pricing. Peer feedback reports high user licensing costs plus extra charges for integrations and tenants. These outlays narrow the automation payback window, so ROI is attainable but harder than with mid-priced rivals.
Cost considerations
Palo Alto’s price list shows US $250 K–$312 K for a perpetual Cortex XSOAR license with threat-intel sold separately, putting Demisto at the top end of SOAR pricing. Peer feedback reports high user licensing costs plus extra charges for integrations and tenants. These outlays narrow the automation payback window, so ROI is attainable but harder than with mid-priced rivals.
User count
Functionality
Hundreds of out-of-the-box playbooks can be tailored in a drag-and-drop builder. Bidirectional integrations span cloud, network, and endpoint tools, and war-room case management centralizes investigation workflow. Dashboards and SLA timers provide measurable MTTR and assignment metrics for leadership oversight
Functionality
Hundreds of out-of-the-box playbooks can be tailored in a drag-and-drop builder. Bidirectional integrations span cloud, network, and endpoint tools, and war-room case management centralizes investigation workflow. Dashboards and SLA timers provide measurable MTTR and assignment metrics for leadership oversight
Compatibility
Demisto lists over 900 maintained integrations, including ready-made packs for Splunk, ServiceNow, CrowdStrike, Slack and many others, and exposes a documented REST API and webhooks for extensions. Most common security, IT and collaboration tools connect through these packs without engineers writing custom code.
Compatibility
Demisto lists over 900 maintained integrations, including ready-made packs for Splunk, ServiceNow, CrowdStrike, Slack and many others, and exposes a documented REST API and webhooks for extensions. Most common security, IT and collaboration tools connect through these packs without engineers writing custom code.
User experience
The drag-and-drop playbook builder and configurable dashboards let analysts create and monitor workflows with minimal clicks. User discussions report that most staff are productive after a brief orientation, yet complex deployments still call for targeted training, keeping usability high but not instant
User experience
The drag-and-drop playbook builder and configurable dashboards let analysts create and monitor workflows with minimal clicks. User discussions report that most staff are productive after a brief orientation, yet complex deployments still call for targeted training, keeping usability high but not instant
Customer support
Demisto customers reach Palo Alto Networks engineers 24×7 by phone or email, with a published SLA of under-1-hour for critical cases. A comprehensive online knowledge base and active community forum reduce ticket volume and keep answers readily available. These strengths put support ahead of many rivals that offer business-hours help, but the sub-1-hour target still trails the sub-30-minute elite tier, so the score is 4.
Customer support
Demisto customers reach Palo Alto Networks engineers 24×7 by phone or email, with a published SLA of under-1-hour for critical cases. A comprehensive online knowledge base and active community forum reduce ticket volume and keep answers readily available. These strengths put support ahead of many rivals that offer business-hours help, but the sub-1-hour target still trails the sub-30-minute elite tier, so the score is 4.
Explore similar solutions
Explore similar solutions
Explore other categories
Explore other categories
Cyberse provides free tools for cybersecurity buyers to assess needs, research solutions, and compare products.
Cyberse provides free tools for cybersecurity buyers to assess needs, research solutions, and compare products.
Subscribe


