Demisto
Demisto
Demisto enables teams to coordinate and automate incident response workflows through a unified interface. It supports integration with a wide range of security tools and provides case management capabilities.
Demisto enables teams to coordinate and automate incident response workflows through a unified interface. It supports integration with a wide range of security tools and provides case management capabilities.
Cost considerations
Cost considerations
Functionality
Functionality
Compatibility
Compatibility
User experience
User experience
Customer support
Customer support
Why these ratings?
Cyberse perspective
Cyberse perspective
Solution details
Integrations
Endpoint security
Vulnerability management
Identity security
Cloud security
Governance Risk and Compliance
Network security
Data security
Third party risk management
Cloud ecosystem partners
Amazon Web Services
Microsoft Azure Cloud
Google Cloud Platform
Subcategory
Security Orchestration Automation and Response
Pricing
Free trial available
Product features
Security Orchestration Automation and Response (SOAR)
Deployment
On-premises
Cloud-hosted
Key features
API access
Platform solution
Services support
In-house services
Third party integrators
Managed services
Target industry
Technology
Public sector
Industrials
Healthcare
Retail
Manufacturing
Financial services
Market segment
Enterprise
We use the following criteria to evaluate this product:
We use the following criteria to evaluate this product:
Cost considerations
Palo Alto’s price list shows US $250 K–$312 K for a perpetual Cortex XSOAR license with threat-intel sold separately, putting Demisto at the top end of SOAR pricing. Peer feedback reports high user licensing costs plus extra charges for integrations and tenants. These outlays narrow the automation payback window, so ROI is attainable but harder than with mid-priced rivals.
Cost considerations
Palo Alto’s price list shows US $250 K–$312 K for a perpetual Cortex XSOAR license with threat-intel sold separately, putting Demisto at the top end of SOAR pricing. Peer feedback reports high user licensing costs plus extra charges for integrations and tenants. These outlays narrow the automation payback window, so ROI is attainable but harder than with mid-priced rivals.
Functionality
Hundreds of out-of-the-box playbooks can be tailored in a drag-and-drop builder. Bidirectional integrations span cloud, network, and endpoint tools, and war-room case management centralizes investigation workflow. Dashboards and SLA timers provide measurable MTTR and assignment metrics for leadership oversight
Functionality
Hundreds of out-of-the-box playbooks can be tailored in a drag-and-drop builder. Bidirectional integrations span cloud, network, and endpoint tools, and war-room case management centralizes investigation workflow. Dashboards and SLA timers provide measurable MTTR and assignment metrics for leadership oversight
Compatibility
Demisto lists over 900 maintained integrations, including ready-made packs for Splunk, ServiceNow, CrowdStrike, Slack and many others, and exposes a documented REST API and webhooks for extensions. Most common security, IT and collaboration tools connect through these packs without engineers writing custom code.
Compatibility
Demisto lists over 900 maintained integrations, including ready-made packs for Splunk, ServiceNow, CrowdStrike, Slack and many others, and exposes a documented REST API and webhooks for extensions. Most common security, IT and collaboration tools connect through these packs without engineers writing custom code.
User experience
The drag-and-drop playbook builder and configurable dashboards let analysts create and monitor workflows with minimal clicks. User discussions report that most staff are productive after a brief orientation, yet complex deployments still call for targeted training, keeping usability high but not instant
User experience
The drag-and-drop playbook builder and configurable dashboards let analysts create and monitor workflows with minimal clicks. User discussions report that most staff are productive after a brief orientation, yet complex deployments still call for targeted training, keeping usability high but not instant
Customer support
Demisto customers reach Palo Alto Networks engineers 24×7 by phone or email, with a published SLA of under-1-hour for critical cases. A comprehensive online knowledge base and active community forum reduce ticket volume and keep answers readily available. These strengths put support ahead of many rivals that offer business-hours help, but the sub-1-hour target still trails the sub-30-minute elite tier, so the score is 4.
Customer support
Demisto customers reach Palo Alto Networks engineers 24×7 by phone or email, with a published SLA of under-1-hour for critical cases. A comprehensive online knowledge base and active community forum reduce ticket volume and keep answers readily available. These strengths put support ahead of many rivals that offer business-hours help, but the sub-1-hour target still trails the sub-30-minute elite tier, so the score is 4.
Continue exploring
Continue exploring