Solution Logo

Demisto

Demisto

Updated August 20, 2025

Updated August 20, 2025

Demisto enables teams to coordinate and automate incident response workflows through a unified interface. It supports integration with a wide range of security tools and provides case management capabilities.

Demisto enables teams to coordinate and automate incident response workflows through a unified interface. It supports integration with a wide range of security tools and provides case management capabilities.

Security Orchestration Automation and Response

Link copied!

Compare products

Cost considerations

Cost considerations

Functionality

Functionality

Compatibility

Compatibility

User experience

User experience

Customer support

Customer support

Why these ratings?

Cyberse perspective

Cyberse perspective

Solution details

Target industry

Technology

Public sector

Industrials

Healthcare

Retail

Manufacturing

Financial services

Services support

Third party integrators

Managed services

Product features

Security Orchestration Automation and Response (SOAR)

Security operations management

Threat intelligence

Threat detection and response

Pricing

Free trial available

Market segment

Enterprise

Midmarket

Key features

API access

Platform solution

Integrations

Endpoint security

Cloud security

Governance Risk and Compliance

Network security

Deployment

On-premises

Cloud-hosted

Cloud ecosystem partners

Amazon Web Services

Google Cloud Platform

Ratings

Cost considerations

Palo Alto’s price list shows US $250 K–$312 K for a perpetual Cortex XSOAR license with threat-intel sold separately, putting Demisto at the top end of SOAR pricing. Peer feedback reports high user licensing costs plus extra charges for integrations and tenants. These outlays narrow the automation payback window, so ROI is attainable but harder than with mid-priced rivals.

Cost considerations

Palo Alto’s price list shows US $250 K–$312 K for a perpetual Cortex XSOAR license with threat-intel sold separately, putting Demisto at the top end of SOAR pricing. Peer feedback reports high user licensing costs plus extra charges for integrations and tenants. These outlays narrow the automation payback window, so ROI is attainable but harder than with mid-priced rivals.

User count

Functionality

Hundreds of out-of-the-box playbooks can be tailored in a drag-and-drop builder. Bidirectional integrations span cloud, network, and endpoint tools, and war-room case management centralizes investigation workflow. Dashboards and SLA timers provide measurable MTTR and assignment metrics for leadership oversight

Functionality

Hundreds of out-of-the-box playbooks can be tailored in a drag-and-drop builder. Bidirectional integrations span cloud, network, and endpoint tools, and war-room case management centralizes investigation workflow. Dashboards and SLA timers provide measurable MTTR and assignment metrics for leadership oversight

Compatibility

Demisto lists over 900 maintained integrations, including ready-made packs for Splunk, ServiceNow, CrowdStrike, Slack and many others, and exposes a documented REST API and webhooks for extensions. Most common security, IT and collaboration tools connect through these packs without engineers writing custom code.

Compatibility

Demisto lists over 900 maintained integrations, including ready-made packs for Splunk, ServiceNow, CrowdStrike, Slack and many others, and exposes a documented REST API and webhooks for extensions. Most common security, IT and collaboration tools connect through these packs without engineers writing custom code.

User experience

The drag-and-drop playbook builder and configurable dashboards let analysts create and monitor workflows with minimal clicks. User discussions report that most staff are productive after a brief orientation, yet complex deployments still call for targeted training, keeping usability high but not instant

User experience

The drag-and-drop playbook builder and configurable dashboards let analysts create and monitor workflows with minimal clicks. User discussions report that most staff are productive after a brief orientation, yet complex deployments still call for targeted training, keeping usability high but not instant

Customer support

Demisto customers reach Palo Alto Networks engineers 24×7 by phone or email, with a published SLA of under-1-hour for critical cases. A comprehensive online knowledge base and active community forum reduce ticket volume and keep answers readily available. These strengths put support ahead of many rivals that offer business-hours help, but the sub-1-hour target still trails the sub-30-minute elite tier, so the score is 4.

Customer support

Demisto customers reach Palo Alto Networks engineers 24×7 by phone or email, with a published SLA of under-1-hour for critical cases. A comprehensive online knowledge base and active community forum reduce ticket volume and keep answers readily available. These strengths put support ahead of many rivals that offer business-hours help, but the sub-1-hour target still trails the sub-30-minute elite tier, so the score is 4.

Cyberse provides free tools for cybersecurity buyers to assess needs, research solutions, and compare products.

Cyberse provides free tools for cybersecurity buyers to assess needs, research solutions, and compare products.

Subscribe