See our SolarStorm response
  • Network Security
  • Cloud Security
  • Security Operations
  • More
  • Get support
  • Sign In
  • Get Started

Security orchestration for the clouds of today and tomorrow

Automate and unify incident response and security operations across cloud and hybrid environments

Get the cloud security brochure Start your 30-day free trial
There’s no rulebook for managing cloud security
Team silos Managing and responding to security incidents involves end users, Cloud Ops teams, the SOC, IT and other stakeholders
No defined process Coordinating across security tools involves shifting context, leading to rework and fragmented documentation
Inefficient threat management Security teams lack the time, flexibility and centralized data to prioritize alerts and track relevant metrics and performance
Cortex XSOAR for cloud security automation


To manage cloud security, you need to meet constantly changing infrastructures and expanded threat surfaces with agility and flexibility. You also have to coordinate with distributed teams across your organization.

Cortex™ XSOAR primes your team for fast, standardized cloud security through multi-source ingestion of cloud data and playbooks that coordinate and automate incident response actions across your product stack. As a result, you get better time to detect (TTD) and faster, more scalable response.


Cloud security orchestration use cases
Use case 1: Incident workflow management

Automate the management and distribution of your cloud alerts to all stakeholders in your organization.
Use case 2: Cloud misconfiguration auto-remediation

Integration with the cloud monitoring and compliance capabilities of Prisma™ Cloud delivers end-to-end auto-remediation for cloud misconfiguration alerts.

Use case 3: Cloud threat alert remediation

Moving on from routine misconfigurations or hygiene issues in your cloud infrastructure, anomalies such as access key compromise or port scans/sweeps need to be remediated as quickly as possible.

In Cortex XSOAR, you can build fully or semi-automated playbooks to gather more context and respond accordingly. For example, in the case of access key compromise, it’s important to find out user information, where the anomaly was triggered from, and exactly how it was triggered.

Use case 4: Combine your cloud and on-premises incident response

Our orchestration platform executes workflows that coordinate across cloud and on-premise security environments.

For example, when a phishing alert comes in, a Cortex XSOAR playbook can automatically extract indicators of compromise (IOCs) and perform reputation checks before pushing those IOCs to block lists across both cloud and on-premises environments.
Cortex XSOAR cloud security ecosystem


We work closely with cloud service providers to provide out-of-the-box integrations that make it easy for you to automate and orchestrate actions across your cloud stack.

Recommended resources

  • All
  • All
Redefining Cloud Security Orchestration
Download Solution Brief
AWS Solution Brief
Download Solution Brief
Google Chronicle Solution Brief
Download Solution Brief
Hosted Cortex XSOAR
Download Solution Brief
Cortex XSOAR Datasheet
Download Datasheet
Microsoft Azure Solution Brief
Download Solution Brief

SOC Transformation:
Get started

Download your toolkit to get curated articles, case studies, demos and reports to help you transform your SOC.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
Subscription Reward

Popular Resources

  • Blog
  • Communities
  • Content Library
  • Cyberpedia
  • Event Center
  • Investors
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Trust Center
  • Terms of Use
  • Documents

Popular Links

  • About Us
  • Careers
  • Contact Us
  • Manage Email Preferences
Report a Vulnerability
  • USA (ENGLISH)
  • AUSTRALIA (ENGLISH)
  • BRAZIL (PORTUGUÉS)
  • CANADA (ENGLISH)
  • CHINA (简体中文)
  • FRANCE (FRANÇAIS)
  • GERMANY (DEUTSCH)
  • INDIA (ENGLISH)
  • ITALY (ITALIANO)
  • JAPAN (日本語)
  • KOREA (한국어)
  • LATIN AMERICA (ESPAÑOL)
  • MEXICO (ESPAÑOL)
  • SINGAPORE (ENGLISH)
  • SPAIN (ESPAÑOL)
  • TAIWAN (繁體中文)
  • UK (ENGLISH)
  • Facebook
  • Linkedin
  • Twitter
  • Youtube
Create an account or login

© 2021 Palo Alto Networks, Inc. All rights reserved.