See our response to COVID-19
Too many alerts, not enough time
High alert volumes Inefficient prevention and an expanded threat surface have led to a growth in both the volume and sophistication of security alerts.
Disjointed processes Security teams must coordinate across a variety of detection, enrichment, response, and non-security tools while dealing with incidents.
Manual, repetitive tasks Security operations and incident response often involve tasks that, while important, are repetitive, laborious and don’t require nuanced human oversight.
Introducing Cortex™ XSOAR
Redefining Security Orchestration, Automation and Response
Learn more
Security orchestration and automation with Cortex™ XSOAR

Visual playbook editor

Easily build playbooks through a visual drag-and-drop interface that features thousands of automatable actions across security products, conditional paths, manual tasks and human approval for sensitive automations.

Live playbook review

Track progress with a real-time, task-by-task visualization of playbooks for each incident. This “Work Plan” view provides security teams with a seamless way to validate processes and troubleshoot when needed.

Open, extensible product integrations

Use hundreds of built-in product integrations for automated alert ingestion, data transfer and enforcement across third-party solutions. A powerful internal SDK and PyCharm® plugin let you build your own custom integrations.

Codeless playbook creation

Use UI-based filters and transformers during playbook creation to manipulate incident data and implement complex automatable tasks without requiring any coding expertise.

Regular content updates

Realize compounding value from your Cortex XSOAR deployment with twice-monthly content updates that expand on out-of-the-box integrations, playbooks and automation scripts.

Automate stakeholder engagement

Standardize and automate engagement with security peers, other teams and end users through playbook tasks that send emails and collect data for incident context.

Easily build playbooks through a visual drag-and-drop interface that features thousands of automatable actions across security products, conditional paths, manual tasks and human approval for sensitive automations.
Track progress with a real-time, task-by-task visualization of playbooks for each incident. This “Work Plan” view provides security teams with a seamless way to validate processes and troubleshoot when needed.
Use hundreds of built-in product integrations for automated alert ingestion, data transfer and enforcement across third-party solutions. A powerful internal SDK and PyCharm® plugin let you build your own custom integrations.
Use UI-based filters and transformers during playbook creation to manipulate incident data and implement complex automatable tasks without requiring any coding expertise.
Realize compounding value from your Cortex XSOAR deployment with twice-monthly content updates that expand on out-of-the-box integrations, playbooks and automation scripts.
Standardize and automate engagement with security peers, other teams and end users through playbook tasks that send emails and collect data for incident context.
Get the free edition

Recommended resources

Quick links
Get the free Community Edition
Get the free Community Edition
Request a Demo
Request a Demo
Cortex XSOAR Partner Integrations
Cortex XSOAR Partner Integrations
Build an Integration on Cortex XSOAR
Build an Integration on Cortex XSOAR
Join our DFIR Community
Join our DFIR Community
Check out our Playbooks on GitHub
Check out our Playbooks on GitHub

Popular Resources

Legal Notices

Account

© 2020 Palo Alto Networks, Inc. All rights reserved.