Demisto
Demisto
Demisto enables teams to coordinate and automate incident response workflows through a unified interface. It supports integration with a wide range of security tools and provides case management capabilities.
Demisto enables teams to coordinate and automate incident response workflows through a unified interface. It supports integration with a wide range of security tools and provides case management capabilities.
Cost considerations
Functionality
Compatibility
User experience
Customer support
Why these ratings?
Cyberse perspective
Solution details
Integrations
Cloud ecosystem partners
Subcategory
Pricing
Product features
Deployment
Key features
Services support
Target industry
Market segment
We use the following criteria to evaluate this product:
Cost considerations
Palo Alto’s price list shows US $250 K–$312 K for a perpetual Cortex XSOAR license with threat-intel sold separately, putting Demisto at the top end of SOAR pricing. Peer feedback reports high user licensing costs plus extra charges for integrations and tenants. These outlays narrow the automation payback window, so ROI is attainable but harder than with mid-priced rivals.
Cost considerations
Palo Alto’s price list shows US $250 K–$312 K for a perpetual Cortex XSOAR license with threat-intel sold separately, putting Demisto at the top end of SOAR pricing. Peer feedback reports high user licensing costs plus extra charges for integrations and tenants. These outlays narrow the automation payback window, so ROI is attainable but harder than with mid-priced rivals.
Functionality
Hundreds of out-of-the-box playbooks can be tailored in a drag-and-drop builder. Bidirectional integrations span cloud, network, and endpoint tools, and war-room case management centralizes investigation workflow. Dashboards and SLA timers provide measurable MTTR and assignment metrics for leadership oversight
Functionality
Hundreds of out-of-the-box playbooks can be tailored in a drag-and-drop builder. Bidirectional integrations span cloud, network, and endpoint tools, and war-room case management centralizes investigation workflow. Dashboards and SLA timers provide measurable MTTR and assignment metrics for leadership oversight
Compatibility
Demisto lists over 900 maintained integrations, including ready-made packs for Splunk, ServiceNow, CrowdStrike, Slack and many others, and exposes a documented REST API and webhooks for extensions. Most common security, IT and collaboration tools connect through these packs without engineers writing custom code.
Compatibility
Demisto lists over 900 maintained integrations, including ready-made packs for Splunk, ServiceNow, CrowdStrike, Slack and many others, and exposes a documented REST API and webhooks for extensions. Most common security, IT and collaboration tools connect through these packs without engineers writing custom code.
User experience
The drag-and-drop playbook builder and configurable dashboards let analysts create and monitor workflows with minimal clicks. User discussions report that most staff are productive after a brief orientation, yet complex deployments still call for targeted training, keeping usability high but not instant
User experience
The drag-and-drop playbook builder and configurable dashboards let analysts create and monitor workflows with minimal clicks. User discussions report that most staff are productive after a brief orientation, yet complex deployments still call for targeted training, keeping usability high but not instant
Customer support
Demisto customers reach Palo Alto Networks engineers 24×7 by phone or email, with a published SLA of under-1-hour for critical cases. A comprehensive online knowledge base and active community forum reduce ticket volume and keep answers readily available. These strengths put support ahead of many rivals that offer business-hours help, but the sub-1-hour target still trails the sub-30-minute elite tier, so the score is 4.
Customer support
Demisto customers reach Palo Alto Networks engineers 24×7 by phone or email, with a published SLA of under-1-hour for critical cases. A comprehensive online knowledge base and active community forum reduce ticket volume and keep answers readily available. These strengths put support ahead of many rivals that offer business-hours help, but the sub-1-hour target still trails the sub-30-minute elite tier, so the score is 4.