Sign in
Sign in
or
Create a new account
Agent Mode
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Cortex Internal Developer Portal

Cortex

Reviews from AWS customer

2 AWS reviews

External reviews

5 reviews
from

External reviews are not included in the AWS star rating for the product.

3-star reviews ( Show all reviews )

    SUNNY-KUMAR

Automated incident workflows have reduced manual triage while reporting and playbooks still need refinement

  • December 04, 2025
  • Review from a verified AWS customer

What is our primary use case?

I have used Cortex for more than I worked in Cortex. I have around 2.1 years of experience using Cortex XDR, but currently, I am using Cortex.

My main use case for Cortex is to prepare the chart flow of the main Cortex XDR. In Cortex XDR, we have to alert for our auto-triaging and repetitive tasks, and we use it for triage automatically. We use it for CTI Cyber Threat Intelligence enrichment, such as IP, URL, and IOCs, automatically. It also has reputation checks using VirusTotal, abuse.ch, and others for the purpose of the uses in Cortex XDR. It also includes playbook automation. For example, Cortex has many playbooks for phishing, malware, infection, ransomware, and lateral movement. These playbooks automatically conduct the entire investigation and response. In case management, it stores details, timelines, evidence, and others for easier incident tracking. From the SOC perspective, we have to reduce false positive cases, and it reduces duplicate alerts, allowing our SOC analyst to respond faster. On the other hand, for the use of the EDR, Cortex provides detection behavior, attack prevention, and can always identify file-less and memory-based attacks and UEBA normally.

An additional point I need to add in Cortex XDR is manual commands during the investigation, such as Cortex war room commands, IP reputation checks, hash look analysis, and endpoint isolation. These help us to conduct a faster investigation. Additionally, we need to create and modify playbooks according to the organization and the needs of the organization's use cases, for example, auto-disabling a user in case of a suspicious login, auto-quarantining an endpoint with malware, and an auto-phishing and investigation workflow. We use Cortex for reporting to generate incident summary reports, post-incident reviews, and RCA documentation. We integrate it with tools such as SIEM, EDR, firewall, email security, web, and others for alert correlation.

What is most valuable?

The best features of Cortex are automated incident response, playbook automation, cyber threat intelligence, and management. It includes case and incident management, such as incident details, evidence, timelines, and using the dashboard. There is a war room for investigation and to consume alert correlation rules to reduce noise and false positives. It has over 700 integrations. It works with SIEM, EDR, firewall, email security, the cloud environment, and many others. Additionally, it has endpoint detections, behavior analytic UEBA, and machine learning-based detection using ML modules to detect advanced threats. There's a centralized data lake and customized dashboard reports.

I find automation through the playbook to be the most valuable feature I use day-to-day. Playbooks save analyst time. If used for Cortex, it saves the analyst's time with a reduction in false positives. For IOC enrichment, we utilize MTDR, mean time to respond, to resolve incidents faster.

I notice a positive impact since using Cortex. We experience a faster, quicker response. Regarding positive changes, if we have a short positive, we investigate the IP, URL, VirusTotal, and abuse.ch. We use XDR, and it's fast and reliable with no human error. It automatically works to reduce the workload of the SOC analyst, thus decreasing manual work.

What needs improvement?

There are no other improvements Cortex needs in my opinion.

For how long have I used the solution?

I have around 2.1 years of experience using Cortex XDR, but currently, I am using Cortex.

What do I think about the stability of the solution?

Cortex is stable in my experience.

What do I think about the scalability of the solution?

Cortex has good scalability and can handle growth and increased workloads well.

How are customer service and support?

The customer support from Cortex is very good and very useful.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I did not use a different solution before.

How was the initial setup?

My experience with pricing, setup cost, and licensing is that it is high, but it is better for the SOC environment and for the users.

What was our ROI?

I notice time saving as a return on investment.

What's my experience with pricing, setup cost, and licensing?

My experience with pricing, setup cost, and licensing is that it is high, but it is better for the SOC environment and for the users.

Which other solutions did I evaluate?

Before choosing Cortex, we looked at different platforms for automation and chose one after reviewing which one was performing higher in the market, apart from Cortex.

What other advice do I have?

My advice for others looking into using Cortex is that it is very easy to use and very useful for the customer environment, whether it's a public or private one. It is extremely helpful from a SOC perspective, requiring very little time to manage situations, especially during integration, which is necessary. Cortex is very useful and cost-effective, in addition to being very easy to use.

My company has a business relationship with the Cortex vendor for business purposes.

I would rate this product a 7 out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)

    reviewer2511111

Handled multiple network devices, easy to learn but less flexible than ServiceNow

  • July 05, 2024
  • Review provided by PeerSpot

What is our primary use case?

Cortex is an automation tool, which I have used to make manual processes flow in an automated way. We need to create flows to automate the manual processes.

Cortex orchestration, which I have used to make process automations. That is the Cortex Automation.

What is most valuable?

I liked the flow creation and the way it handled orchestration from a development point of view. However, my opinion has changed a bit since using ServiceNow, which is more flexible compared to Cortex. In order to create the pro-designer and process automation.

It was mainly used for automation. For example, a telecom company needed to handle multiple network devices like Cisco devices. They had to check compliance, functionalities, and expiry dates manually. We automated those technical operations.

What needs improvement?

First of all, it's not very user-friendly. It's quite lagging and not very fast. I believe it's developed in C#, which makes it a bit slow.

There are many hidden structures, so sometimes the flow gets stuck. We have communicated with Cortex community, and they are still working on these issues. System slowness and performance are the main concerns.

For how long have I used the solution?

I used it for one year.

What do I think about the stability of the solution?

I would rate it a six out of ten, with one being low and ten being high because I have only about one and a half years of experience with Cortex. So, I would rate it a six due to its slowness and complexity.

What do I think about the scalability of the solution?

There were around 20 end users.

How are customer service and support?

They sometimes delay in providing answers and often don't give proper answers.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

Recently, I moved to the ServiceNow platform.

To create processes and automate them, ServiceNow offers more flexibility.

How was the initial setup?

Cortex is a single point for automation. For end-to-end deployment, it involves front-end and back-end technologies. We have implemented Logix in Cortex to communicate with network devices. So, we haven't faced any issues during deployment, but after deployment, the slowness of Cortex application or system becomes apparent.

Deployment model:

It's deployed on-premises because I worked for an IT company. They had a relationship with Cortex, and we provided automation services to a telecom client using Cortex.

Integration:

It was easy to integrate Cortex with existing infrastructure and other tech tools. We have done integrations with Amdocs products for the telecom industry using MuleSoft, webMethods, and REST APIs, so it definitely supports these.

What's my experience with pricing, setup cost, and licensing?

It's cheaper. For example, if UiPath costs ten dollars, Cortex might be around three to four dollars. But I'm not part of the pricing team, so this is just my opinion.

What other advice do I have?

It's not difficult for a beginner to learn to use Cortex. I started as a beginner, and it was manageable. It just depends on the learner's interest.

I would rate it a seven out of ten. However, compared to other automation tools, Cortex is not the best, according to current market trends.

I suggest looking at alternatives like UiPath and Automation Anywhere. I don't have experience with them, but they are trending in the market.

Currently, ServiceNow is also popular for automation purposes.

showing 1 - 2