* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/)
* Redefining Security Orche...

# Redefining Security Orchestration and Automation with Cortex XSOAR

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2020%2F02%2Fcortex-xsoar%2F)  
[](https://twitter.com/share?text=Redefining+Security+Orchestration+and+Automation+with+Cortex+XSOAR&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2020%2F02%2Fcortex-xsoar%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2020%2F02%2Fcortex-xsoar%2F&title=Redefining+Security+Orchestration+and+Automation+with+Cortex+XSOAR&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2020/02/cortex-xsoar/&ts=markdown)  
\[\](mailto:?subject=Redefining Security Orchestration and Automation with Cortex XSOAR)  
Link copied  
By [Scott Simkin](https://www.paloaltonetworks.com/blog/author/scott-simkin/?ts=markdown "Posts by Scott Simkin")  
Feb 24, 2020  
4 minutes  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)  
[Automation](https://www.paloaltonetworks.com/blog/tag/automation/?ts=markdown)  
[Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown)  
[Demisto](https://www.paloaltonetworks.com/blog/tag/demisto/?ts=markdown)  
[security orchestration](https://www.paloaltonetworks.com/blog/tag/security-orchestration/?ts=markdown)

![This conceptual image shows the new imagery for Cortex XSOAR, an evolution of Demisto.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/02/Cortex_XSOAR_blog_illustration_blog_2.png)We are proud to introduce Cortex XSOAR, an evolution of Demisto, that continues our tradition of raising the bar for the security orchestration, automation and response (SOAR) category.

Since Palo Alto Networks acquired Demisto almost a year ago, we have worked tirelessly to scale Demisto's strong offering to every security team in need of automation, while driving the next stage of innovation within the SOAR category.

#### Take a look at a couple highlights:

* Our platform has more than 270 out-of-the-box playbooks to automate and orchestrate any security use case.
* Our commitment to an open ecosystem couldn't be stronger; we have over 350 third-party integrations and have added 105 in the last 11 months (read about our [newest partner integrations](https://www.paloaltonetworks.com/blog/2020/02/cortex-xsoar-ecosystem?ts=markdown)).

At the same time, analysts have expanded their outlook on the future of SOAR. According to Gartner's [Market Guide for Security Orchestration, Automation and Response Solutions](https://start.paloaltonetworks.com/the-hitchhikers-guide-to-soar), "A large number of security controls on the market today benefit from threat intelligence. SOAR tools allow for the centralized collection, aggregation, deduplication, enrichment of existing data with threat intelligence and, importantly, conversion of intelligence into action."

If threat intelligence and SOAR were meant to be together, who are we to stop that from happening? Today, we are excited to premiere the first extension of the platform with the addition of native threat intel management\*\*.\*\* Now, security leaders can take advantage of a new approach to threat intelligence management that uses the power of playbook-driven automation to drive the right response across their entire enterprise.

We expect Cortex XSOAR to be generally available in March 2020. Join us on April 7 for our virtual grand unveiling, where [we'll share all the details about Cortex XSOAR and its new Threat Intel Management capabilities](https://register.paloaltonetworks.com/introducingcortexsoar), including a live demo showing how you can use it to automate challenging security workflows.

#### Why SOAR and Threat Intel Management?

Threat intelligence platforms (TIPs) emerged to help security teams make sense of the overwhelming volume of Indicators of Compromise (IoCs) generated from threat feeds, allowing analysts to manually apply those insights to improve the security of their environment. Good idea, wrong platform. Since TIPs premiered, SOAR has entered the scene, providing the means to bridge external threat intelligence with internal incidents and use playbook-driven automation to take quick, confident action across the enterprise. Tools, processes and teams must be able to collaborate and ultimately act on intel together.

#### What Our Customers Have to Say:

"We have a treasure trove of data from our threat intelligence feeds," says Lakhsmi Kaliyaperumal, SVP and Head of Internal Security Operations at Infosys. "If we could map this data to incidents we see in our environment, we can quickly identify and fix the critical ones. The reality is that a good portion of the threat data we get ends up uninvestigated and underutilized. Cortex XSOAR would help teams like ours consume and act on our intel data in an automated and more scalable way."

## **Here's a Sneak Peek at the Extended Cortex XSOAR Offering with Native Threat Intel Management:**

**Take complete control of your threat intelligence feeds** by eliminating manual tasks with automated playbooks to aggregate, parse, de-duplicate, score and manage millions of daily indicators across dozens of supported sources.

![This screenshot shows Cortex XSOAR's threat intelligence feeds.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/02/XSOAR3.png)

**Make smarter incident response decisions by enriching every tool and process** . Cortex XSOAR accomplishes this by layering third-party threat intel with internal incidents to prioritize alerts and make smarter response decisions. Teams can gain confidence in their actions by enriching any detection, monitoring or response tool with context from curated threat intelligence.

![This screenshot shows how Cortex XSOAR layers third-party threat intel with internal incidents.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/02/XSOAR2.png)

**Close the loop between intelligence and action with playbook-driven automation** to shut down threats across your enterprise based on proven SOAR capabilities.

![This screenshot shows how Cortex XSOAR allows for playbook-driven automation.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/02/XSOAR1.png)

Cortex XSOAR is expected to be generally available in March 2020. We can't wait to share more, so don't miss our live virtual event, "[Introducing Cortex XSOAR](https://register.paloaltonetworks.com/introducingcortexsoar)."

*1* *Gartner, Market Guide for Security Orchestration, Automation and Response Solutions by Claudio Neiva, Craig Lawson, Toby Bussa, Gorka Sadowski, June 27, 2019.*

*Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.*

*** ** * ** ***

## Related Blogs

### [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Security Teams Are Having an Automation Awakening](https://www.paloaltonetworks.com/blog/2019/08/state-soar-report-2019-security-teams-automation-awakening/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Playbook of the week: Uncover Your RDP Secrets](https://www.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-uncover-your-rdp-secrets/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Playbook of the Week: Cloud Token Theft Response](https://www.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-cloud-token-theft-response/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Playbook Of The Week - Fending Off Living Off the Land Attacks](https://www.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-fending-off-living-off-the-land-attacks/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Playbook Of The Week - New Features for Better Response to Phishing Campaigns](https://www.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-new-features-for-better-response-to-phishing-campaigns/)  
[#### Playbook of the Week: Microsoft Office and Windows HTML RCE CVE-2023-36884 Rapid Response](https://www.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-microsoft-office-and-windows-html-rce-cve-2023-36884-rapid-response/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language