How a Government SOC Team Replaced Palo Alto XSOAR When Its On-Prem Roadmap Stalled

A European government IT services provider managing security operations across multiple German federal states needed to replace Palo Alto XSOAR after the vendor shifted new capabilities primarily to its cloud offering. With citizen data that cannot touch a commercial cloud by law, the SOC team evaluated five alternatives — purpose-built SOARs included — and selected Kestra. They built 100+ security workflows on top of it, covering the full alert lifecycle with no cloud dependencies.

100+

SOC workflows in production

going live May 2026

German federal states served

public sector IT and security ops

SOAR platform replaced

Palo Alto XSOAR

cloud dependencies

fully self-hosted, air-gapped SOC

"The support that came with Kestra Enterprise Edition was great. Any questions we had were solved really quickly."
System Architect · SOC Development Team, Government IT Provider

Experience Kestra Today

What would change if your security operations ran on a platform built to stay on-prem — actively developed, open source at its core, and fully under your control?

Book a Demo