[](https://www.paloaltonetworks.com/cortex?ts=markdown)  [](https://www.paloaltonetworks.com/cortex?ts=markdown) 
* [](https://www.paloaltonetworks.com/cortex?ts=markdown)
* [Industry Validation](https://www.paloaltonetworks.com/cortex/whycortex?ts=markdown)
* Products
 Products
Products
* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)
* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)
* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)
* [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown)
* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)
* [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown)
* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)
* [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown)
* [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)
* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
[
The Forrester Total Economic Impact^™^ of Cortex XSIAM
257% 3-year ROI and \<6-month payback for SOC transformation.
Get the facts](https://start.paloaltonetworks.com/forrester-total-economic-impact-xsiam)
* Solutions
 Solutions
[Threat Prevention, Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown)
* [Cloud Detection and Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
* [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown)
* [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown)
* [Endpoint Detection and Response](https://www.paloaltonetworks.com/cortex/endpoint-detection-and-response?ts=markdown)
* [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown)
* [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
* [Managed Threat Hunting](https://www.paloaltonetworks.com/cortex/managed-threat-hunting?ts=markdown)
* [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown)
* [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown)
[Security Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown)
* [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown)
* [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown)
* [Security Operations Workflow Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown)
* [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown)
* [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown)
* [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown)
[External Attack Surface Protection](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown)
* [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown)
* [Unmanaged Cloud Security](https://www.paloaltonetworks.com/cortex/cortex-xpanse/unmanaged-cloud-asset-management?ts=markdown)
* [Third-Party Security](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management-for-third-party-and-supply-chain-security?ts=markdown)
* [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown)
* [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown)
* [Remote Network Security](https://www.paloaltonetworks.com/cortex/cortex-xpanse/asm-for-remote-workers?ts=markdown)
[Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
[
Tested. Reviewed. Proven
See Industry Validation](https://www.paloaltonetworks.com/cortex/cortex-xdr-industry-validation?ts=markdown)
* [Blog](https://www.paloaltonetworks.com/blog/security-operations/?ts=markdown)
* Resources
 Resources
Resources
* [White Papers](https://www.paloaltonetworks.com/resources?q=cortex&_charset_=UTF-8&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fwhitepaper&ts=markdown)
* [Cortex Partners](https://cortex.marketplace.pan.dev/marketplace/)
* [Customer Stories](https://www.paloaltonetworks.com/cortex/customer-stories?ts=markdown)
* [Cortex vs. The Competition](https://www.paloaltonetworks.com/cortex/cortex-vs-the-competition?ts=markdown)
* [Cortex XSOAR Marketplace](https://xsoar.pan.dev/marketplace)
* [Events](https://www.paloaltonetworks.com/resources/cortex-events?ts=markdown)
* [Datasheets](https://www.paloaltonetworks.com/resources?q=Cortex&_charset_=UTF-8&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fdatasheet&ts=markdown)
* [Research Reports](https://www.paloaltonetworks.com/resources?q=cortex&_charset_=UTF-8&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fresearch&ts=markdown)
* [Videos](https://www.paloaltonetworks.com/resources?q=cortex&_charset_=UTF-8&fq=RC_TYPE_DFACET%3Apan%253Aresource-center%252Frc-type%252Fvideo&ts=markdown)
* [Cortex XDR Resource Center](https://www.paloaltonetworks.com/cortex/cortex-xdr-resource-center?ts=markdown)
[
DIGITAL ASSET
THE CORTEX PLATFORM](https://www.paloaltonetworks.com/resources/infographics/soc-transformation-infographic?ts=markdown)
[
WHITEPAPER
Cortex XSIAM Solution Brief](https://www.paloaltonetworks.com/resources/techbriefs/cortex-xsiam?ts=markdown)
[
REPORT
Unlock customized recommendations for transforming your SecOps.](https://www.paloaltonetworks.com/cortex/secops-readiness-report?ts=markdown)
* Get In Touch
 Get In Touch
Get in Touch
* [Request a Demo](https://www.paloaltonetworks.com/cortex/request-demo?ts=markdown)
* [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Attend a Workshop](https://www.paloaltonetworks.com/cortex/cortex-xdr/hands-on-workshop?ts=markdown)
* [Find a Partner](https://technologypartners.paloaltonetworks.com/English/directory)
* [Join our Community](https://live.paloaltonetworks.com/)
[
SecOps analyst: A day in the life.
Start product tour](https://www.paloaltonetworks.com/resources/infographics/xsoar-product-tour?ts=markdown)
*
* [Request a Demo](https://www.paloaltonetworks.com/cortex/request-demo?ts=markdown)
 
[](https://www.paloaltonetworks.com/cortex?ts=markdown)
Search
All
* [Tech Docs]()
Close search modal
*** ** * ** ***
## Palo Alto Networks: \#1 in SOC Automation
#### Cortex XSOAR^®^ ranked Overall Leader in SOAR by KuppingerCole.
* [See the analysis](https://start.paloaltonetworks.com/kuppingercole-soar-report.html)
**inherit****cortex****cortex\*\*\*\*inherit**
WEBINAR SERIES"\>
## *WEBINAR SERIES*
*CORTEX*
*Introducing Cortex AgentiX:
Meet Your AI Agent Workforce*
*Episode 1*
* [Watch now](https://www.paloaltonetworks.com/engage/cortex-forward-webinar-series/introducing-cortex-agentix)
**inherit****cortex****cortex\*\*\*\*inherit**
A day in the life."\>
SecOps analyst:
A day in the life.
---
#### See intelligent automation
at work with Cortex XSOAR^®^.
* [Start product tour](https://www.paloaltonetworks.com/resources/infographics/xsoar-product-tour?ts=markdown)
**inherit****cortex****cortex\*\*\*\*inherit**
above the rest."\>
SOARing
above the rest.
---
#### SANS independent review: Cortex XSOAR^®^ capabilities.
* [Learn more](https://start.paloaltonetworks.com/cortex-xsoar-sans-review)
**inherit****cortex****cortex\*\*\*\*inherit**
PrevNext
{#why} WHY IT MATTERS
## Ticketing needs a makeover
#### Traditional ticketing solutions were not designed for rapid security incident response and war room information sharing and investigations.
*
### Siloed tools
Security teams must coordinate across detection, threat intelligence, enforcement and collaboration tools during incident response.
\*
### Lack of visibility
Multiple teams involved in incident response often don't have the full picture or latest intel.
\*
### Lack of unified metrics
Security teams lack the time, flexibility and centralized data to visualize relevant metrics and track SOC health.
Security Automation for Everyone:
Best-in-Class Automation for Security Teams of Any Size
---
[Learn more](https://www.paloaltonetworks.com/engage/security-orchestration-automation-response)
The CORTEX XSOAR Solution
## Cortex XSOAR centralizes incident case management
Unlike traditional ticketing tools, our case management was designed for security incident responders. Incident views are specific to the incident type, so you get only the data relevant to your investigation. Each incident has its own war room where analysts can collaborate in real time.
* Manage alerts with security-focused case management
* Boost SecOps efficiency with real-time collaboration
* Speed investigation with centralized access to incidents, indicators and threat intel
[Start product tour](https://www.paloaltonetworks.com/resources/infographics/xsoar-product-tour)
* 
Virtual war room
* 
Real-time ChatOps
* 
Built-in ML assistance
* 
Ticket Mirroring
*** ** * ** ***
## Our approach to security-focused case management
### A war room for every incident
Each incident is associated with a war room where analysts can do investigations and collaborate in real time. Significant incident artifacts can also be easily tagged as evidence, and all actions performed by playbooks or analysts are auto-documented.
*
#### Incident-specific layouts
Get incident views and flows specific to incident type, so all relevant data is at your fingertips. Create custom tabs and layouts for any incident type with full role-based access control.
\*
#### Centralized ticket repository
Manage all your security incidents from one location. Full ticket mirroring with tools like ServiceNow, Jira and Slack allow you to automate ticketing tasks and manage your tickets from one location.
[Browse integrations](https://xsoar.pan.dev/marketplace)
[](#prismastickyimagecom_prisma-custom-background_prismacustombackgrou_1130711440_cleanParsys_incident-case-management_cortex_en_US_pan_content_)
*** ** * ** ***
### Take the tedium out of reporting
Gain unparalleled visibility into SecOps metrics with fully customizable dashboards and reports. Use both out-of-the-box and user-created widgets to visualize any cross section of incident, indicator and analyst data.
*
#### Widget-driven dashboards and reports
Flexible, widget-driven dashboards and reports can be fully customized to your operational needs.
\*
#### Eliminate manual reporting
Auto-documentation and playbooks take the tedium out of manual post-investigation rollups. Reports can be auto-generated and scheduled for delivery to stakeholders.
[](#prismastickyimagecom_414334980_prisma-custom-background_prismacustombackgrou_1130711440_cleanParsys_incident-case-management_cortex_en_US_pan_content_)
*** ** * ** ***
### Integrated threat intelligence
Take control of your threat data. Aggregate disparate sources, customize and score feeds, match indicators against incidents in your environment and leverage playbook automation to drive instant action.
*
#### Automate your threat intel
Automate a wide range of threat intel management tasks such as exclusion list administration, indicator prioritization and automated threat hunting.
\*
#### Rich context for your incidents
Gain confidence in identifying enterprise-relevant attacks. Run automated workflows against external intel data and internal alerts to surface critical threats.
[Learn more](https://start.paloaltonetworks.com/xsoar-threat-intel.html)
[](#prismastickyimagecom_2038177655_prisma-custom-background_prismacustombackgrou_1130711440_cleanParsys_incident-case-management_cortex_en_US_pan_content_)
*** ** * ** ***
## Use Case Example: Cloud Security Case Management
Automate the management of your cloud alerts, including distribution to all stakeholders in your organization.
*** ** * ** ***
## Shift Management for Incident Responders
You can define multiple shifts within Cortex XSOAR. Each shift is assigned a user role so that you can assign one or more analysts across shifts throughout the day or week. Incidents can be routed to analysts based on shifts, workload and machine learning recommendations. This ensures full staff coverage for incoming incidents.
*** ** * ** ***
## Featured Resources
[See all documents](https://www.paloaltonetworks.com/resources?q=soar&_charset_=UTF-8&ts=markdown)
Report
### Palo Alto Networks: \#1 in SOC Automation
[See the analysis](https://start.paloaltonetworks.com/kuppingercole-soar-report.html)
WHITE PAPER
### KuppingerCole 2020 Leadership Compass for SOAR
[Download](https://start.paloaltonetworks.com/kuppingercole-soar-report.html)
DATASHEET
### Cortex XSOAR Case Management
[Download](https://www.paloaltonetworks.com/resources/datasheets/cortex-xsoar-case-management-datasheet?ts=markdown)
VIDEO
### Automated Shift Management
[Watch](https://www.paloaltonetworks.com/resources/videos/cortex-xsoar-remote-soc-shift-management?ts=markdown)
VIDEO
### Cortex XSOAR in 5 Minutes
[Watch](https://www.youtube.com/watch?v=DYJX9KFnJNo)
VIDEO
### Threat Intel Management
[Watch](https://www.youtube.com/watch?v=k73zRbCGEZc)
PrevNext
[See all documents](https://www.paloaltonetworks.com/resources?q=soar&_charset_=UTF-8&ts=markdown)
{#footer}
## Products and Services
* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)
* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)
* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)
* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)
* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)
* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)
* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)
* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)
* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)
* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)
* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)
* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)
* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)
* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)
* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)
* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)
* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)
* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)
* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)
* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)
* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)
* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)
* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)
* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)
* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)
* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)
* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)
* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)
* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)
* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)
* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)
* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)
* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)
* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)
* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)
* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)
* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)
* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)
## Company
* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)
## Popular Links
* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)
Copyright © 2025 Palo Alto Networks. All Rights Reserved
* [](https://www.youtube.com/user/paloaltonetworks)
* [](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [](https://www.facebook.com/PaloAltoNetworks/)
* [](https://www.linkedin.com/company/palo-alto-networks)
* [](https://twitter.com/PaloAltoNtwks)
* EN
Select your language