[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Next-Gen Trust Security](https://www.paloaltonetworks.com/network-security/next-gen-trust-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Security Operations](https://www.paloaltonetworks.com/cyberpedia/security-operations?ts=markdown) 3. [Best AI SOC Tools: Top 10 Platforms for 2026 (Compared)](https://www.paloaltonetworks.com/cyberpedia/ai-soc-tools-comparison?ts=markdown) Table of Contents * [What Are AI SOC Tools and Why Do They Matter](#soc) * [Key AI SOC Trends to Watch in 2026](#trends) * [10 Best AI SOC Tools for 2026](#tool) * [How to Choose the Best AI SOC Tool](#page-anchor) * [AI SOC Tools and Platform FAQs](#page-anchor) # Best AI SOC Tools: Top 10 Platforms for 2026 (Compared) 5 min. read Table of Contents * [What Are AI SOC Tools and Why Do They Matter](#soc) * [Key AI SOC Trends to Watch in 2026](#trends) * [10 Best AI SOC Tools for 2026](#tool) * [How to Choose the Best AI SOC Tool](#page-anchor) * [AI SOC Tools and Platform FAQs](#page-anchor) 1. What Are AI SOC Tools and Why Do They Matter * [1. What Are AI SOC Tools and Why Do They Matter](#soc) * [2. Key AI SOC Trends to Watch in 2026](#trends) * [3. 10 Best AI SOC Tools for 2026](#tool) * [4. How to Choose the Best AI SOC Tool](#page-anchor) * [5. AI SOC Tools and Platform FAQs](#page-anchor) Artificial intelligence transforms security operations from reactive alert triage into proactive autonomous defense. AI SOC tools deploy reasoning-capable agents that investigate threats, correlate evidence, and execute response workflows without predetermined playbooks, addressing the capacity crisis overwhelming modern security teams. Readers will find platform comparisons, implementation frameworks, and strategic evaluation criteria for selecting AI-driven SOC solutions aligned with organizational security maturity, risk tolerance, and operational requirements across enterprise and mid-market environments. ## What Are AI SOC Tools and Why Do They Matter [AI SOC tools](https://www.paloaltonetworks.com/cyberpedia/revolutionizing-soc-operations-with-ai-soc-solutions?ts=markdown) apply autonomous agents to security operations --- executing alert triage, threat investigation, and response coordination without predetermined playbooks. Modern AI-driven SOC platforms deploy reasoning-capable agents that analyze security events the way human analysts do, correlating indicators across endpoints, networks, cloud workloads, and identity systems. AI SOC vendors deliver these capabilities through platforms that combine natural language processing, behavioral analytics, and autonomous decision-making engines, operating at machine speed while maintaining explainability for forensic requirements. ### What AI SOC Actually Does | **Capability** | **What It Means in Practice** | |------------------------------|------------------------------------------------------------------------------------------------------------------------------| | **Autonomous Investigation** | Context-aware agents independently gather evidence, enrich cases, and trace attack progression without human prompts | | **Adaptive Reasoning** | Machine learning models understand threat patterns dynamically rather than executing static correlation rules | | **Alert Consolidation** | Multi-stage attacks are automatically grouped into cohesive incidents, cutting through alert noise | | **Response Orchestration** | Agentic workflows execute containment actions across security tools based on real-time risk assessment and policy guardrails | | **Continuous Learning** | Platforms improve detection accuracy by incorporating analyst feedback and environmental context over time | Many organizations deploying autonomous SOC architectures report significant drops in investigation times per alert. AI SOC platforms process security telemetry across hybrid environments without the integration overhead that slowed down previous-generation automation. Leading solutions now handle tier-one analyst responsibilities end-to-end, freeing security teams to focus on strategic threat hunting and program development rather than repetitive triage. ### AI SOC vs. SIEM vs. SOAR: What's the Difference? These three technologies often get lumped together, but they solve different problems. Here's how they actually compare: | **Category** | **Primary Function** | **How It Works** | **Strength** | **Common Gap** | |--------------|---------------------------------------|---------------------------------------------------------------------------------|------------------------------------------------|--------------------------------------------------------------| | **SIEM** | Log collection and correlation | Detects anomalies through predefined rules and queries | Centralized visibility across your environment | Rule-heavy; high false positive rates; analyst-dependent | | **SOAR** | Response automation | Executes predetermined playbooks triggered by alerts | Speeds up repetitive response workflows | Brittle when threats deviate from expected patterns | | **AI SOC** | Autonomous investigation and response | Reason through incomplete, evolving evidence to reach investigative conclusions | End-to-end autonomy without static logic paths | Requires governance frameworks and maturity to deploy safely | The short version: SIEM tells you something happened. [SOAR](https://www.paloaltonetworks.com/cyberpedia/what-is-soar?ts=markdown) helps you respond to it. AI SOC figures out what it means --- and acts on it. ### What AI SOC Capabilities Deliver for Your Team | **AI SOC Capability** | **SOC Outcome** | |-----------------------------------------|------------------------------------------------| | Autonomous alert triage | Fewer open cases; reduced analyst queue | | Continuous investigation across shifts | Higher consistency; no coverage gaps overnight | | Faster evidence correlation | Shorter Mean Time to Investigate (MTTI) | | Automated containment workflows | Shorter Mean Time to Respond (MTTR) | | Dynamic alert grouping | Reduced alert backlog; cleaner incident queues | | Adaptive learning from analyst feedback | Fewer false positives over time | ## Key AI SOC Trends to Watch in 2026 Security operations have shifted from evaluating whether to adopt AI agents to orchestrating them effectively. Three architectural trends are defining the autonomous SOC landscape as organizations move from experimentation to production deployments. ### Trend 1: Multi-Agent Ecosystems Replace Isolated Automation **Why it matters**: Rather than relying on a single monolithic analysis engine, AI SOC platforms now deploy networks of specialized agents, each handling a distinct part of the investigation: raw telemetry interpretation, threat intelligence cross-referencing, behavioral context evaluation, and containment orchestration. The result is distributed, parallel processing that dramatically outpaces what sequential, single-engine architectures can deliver. Interoperability is what makes this work at scale. Emerging standards like MCP (see definition box below) allow agents from different vendors to share context and coordinate actions without requiring a unified platform, giving security teams the flexibility to build best-of-breed environments rather than forcing consolidation. #### What is MCP --- and why does it matter for AI SOC? [Model Context Protocol](https://www.paloaltonetworks.com/blog/cloud-security/model-context-protocol-mcp-a-security-overview/) **(MCP)** is an open interoperability standard that lets AI agents share context and coordinate actions across vendor boundaries. In an AI SOC environment, MCP means a triage agent from one vendor can hand off enriched context to a response agent from another, without custom integrations or data replication. Platforms that support MCP are better positioned to operate in heterogeneous security stacks and future-proof against vendor lock-in. **What to require in platforms**: Look for native MCP support or documented agent-to-agent communication protocols. Platforms that rely solely on proprietary integration models will create bottlenecks as your security stack evolves. ### Trend 2: Human-Agent Teaming Transforms Analyst Responsibilities **Why it matters** : [Autonomous SOC](https://www.paloaltonetworks.com/company/press/2022/palo-alto-networks-ushers-in-the-next-generation-security-operations-center-with-general-availability-of-cortex-xsiam---the-autonomous-security-operations-platform)doesn't eliminate analysts; it changes what they do. As AI agents take over tier-one triage end-to-end, security teams shift from tactical responders to strategic orchestrators: designing agent workflows, setting decision boundaries, and supervising investigation processes rather than manually collecting evidence. This shift has measurable SOC outcomes. Organizations deploying AI-driven SOC capabilities report reduced alert backlogs, fewer open cases per analyst, and more consistent investigation quality across shifts, including overnight coverage that previously created gaps. Entry-level roles are evolving as well, with proficiency in prompt engineering, agent supervision, and workflow design becoming more valuable than console navigation or query-language expertise. **What to require in platforms**: Platforms should support configurable human-in-the-loop gates so analysts retain oversight on high-impact decisions, while automation handles the volume. Look for clear role-based controls that let you define exactly where human judgment is required versus where agents can act autonomously. ### Trend 3: Governance and Auditability Define Enterprise Adoption **Why it matters**: As autonomous agents take on high-stakes security decisions, the question isn't just whether it can act; it's whether you can explain and audit every action it takes. Regulatory frameworks are evolving to address autonomous decision-making in security contexts, and platforms that can't deliver full decision transparency will hit compliance walls fast. Leading AI SOC vendors are responding with bounded autonomy architectures: explicit escalation paths, comprehensive audit trails, and configurable approval gates for containment workflows touching production systems. Organizations are also building formal risk management programs that weigh the business value of faster response times against the potential consequences of automated actions gone wrong. **What to require in platforms**: Audit trails should be real-time and complete, every agent action, data access, and containment decision needs to be both observable as it happens and traceable after the fact. Explainability isn't optional; it's a compliance requirement. ### 2026 AI SOC Platform Requirements Checklist Before committing to a platform, validate it against these non-negotiables: * **Bounded autonomy**. Configurable agent authority limits that prevent unauthorized actions * **Human-in-the-loop (HITL) gates**: Approval workflows for high-impact containment decisions * **Complete audit trails**: Real-time visibility and post-incident traceability for every agent action * **Evidence traceability**: Every autonomous decision backed by a human-readable reasoning path * **Integration breadth**: Pre-built connectors for your SIEM, EDR, cloud, identity, and threat intel stack * **MCP or open interoperability support**. Agent coordination across vendor boundaries without proprietary lock-in * **Multi-agent orchestration**: Specialized agents operating in parallel, not sequentially * **Safe tool execution**: Guardrails preventing agents from accessing restricted data or escalating privileges * **Roadmap maturity**: Documented release timelines for capabilities currently in alpha or beta * [Security governance](https://www.paloaltonetworks.com) **framework alignment**: Platform controls that satisfy your compliance and regulatory obligations ## 10 Best AI SOC Tools for 2026 Leading AI SOC platforms deliver autonomous investigation capabilities through specialized agent architectures that execute triage, enrichment, correlation, and response workflows without predetermined playbooks. Best AI SOC vendors distinguish themselves through depth of investigation, transparency in decision-making, and operational maturity across hybrid security stacks. |------------------------------------------|----------------------------------------------------------------------------------------------|----------------------------------------------|--------------------------------------------------------------------|-------------------------------------------------------------|-------------------------------------------------------------|---------------------------------------------------------------------------------------------------| | **Platform** | **Standout Capability** | **Autonomy Model** | **Investigation Depth** | **Governance** | **Integration Posture** | **Best For** | | **#1 Palo Alto Networks Cortex AgentiX** | Enterprise-grade governance framework trained on over a billion playbook executions | Full autonomy with HITL approval gates | Full chain. Triage through response | RBAC, HITL gates, complete audit logs | Native Cortex ecosystem (XSIAM, XDR, Cloud) | Enterprises requiring governed autonomous operations across a consolidated Cortex stack | | **#2 SentinelOne Purple AI** | Autonomous triage, investigation, and remediation across normalized OCSF data | Semi-autonomous with streaming analytics | Full chain. Ttriage through remediation | Audit logging; analyst review checkpoints | Vendor-agnostic via OCSF normalization | Organizations requiring cross-vendor data integration without schema translation overhead | | **#3 CrowdStrike Charlotte AI** | No-code AgentWorks platform for custom agent creation trained on Falcon Complete MDR data | Supervised autonomy via Agentic SOAR | Full chain. Triage through orchestrated response | RBAC; workflow approval controls | Native Falcon ecosystem; limited third-party depth | Falcon platform customers wanting extensible, customizable agent fleets | | **#4 Splunk AI SOC** | Embedded Triage Agent and AI Assistant within Enterprise Security Premier | Assisted automation with analyst oversight | Triage-focused; SOAR handles response execution | Native SPL audit trails; RBAC controls | Native Splunk data lake; federated search support | Existing Splunk ES deployments adding AI without platform migration | | **#5 Stellar Cyber Open XDR** | Multi-layer AI auto-grouping alerts into incidents across a broad connector ecosystem | Fully autonomous with guardrails | Full chain. Detection through response | Audit logs; configurable guardrails | Vendor-agnostic; 400+ prebuilt connectors | Mid-market teams consolidating SIEM, XDR, and SOAR under a single license | | **#6 Prompt Security** | Governance layer protecting autonomous agents from prompt injection and tool misuse | Agent security oversight (not investigation) | Governance-only. No independent investigation | Real-time agent activity monitoring and policy enforcement | Cross-vendor; works across heterogeneous agent environments | Organizations managing multiple AI SOC tools requiring centralized risk and compliance oversight | | **#7 Prophet Security** | Purpose-built autonomous analyst handling every alert from triage through disposition | Fully autonomous investigation | Full chain. Triage through final disposition | Human-readable decision reasoning; audit trails | Vendor-agnostic; integrates with existing tool stack | Security teams maximizing alert coverage without replacing existing tooling | | **#8 Intezer** | Forensic AI combining code analysis, sandboxing, and reverse engineering with LLM reasoning | Hybrid autonomous-deterministic | Full chain with forensic-grade depth | Explainable evidence chains; compliance-ready documentation | Integrates with existing alert pipelines; air-gap support | Enterprises and MSSPs requiring forensic accuracy and regulatory-grade documentation | | **#9 Dropzone AI** | Multi-agent mesh distributing investigation tasks across coordinated, parallel AI units | Decentralized multi-agent autonomy | Full chain with parallel execution across related events | Shared context across agent units; coordination logs | Vendor-agnostic; scales across multi-cloud environments | Organizations handling high alert volumes requiring distributed, horizontally scalable processing | | **#10 Legion Security** | Identity-focused investigation correlating user behavior across SaaS, cloud, and on-premises | Fully autonomous, identity-centric | Full chain for identity threats; limited coverage outside identity | Behavioral audit trails; automated containment logging | Integrates with IdPs, PAM systems, and SaaS platforms | Enterprises prioritizing insider threat and account compromise detection | **Quick take**: Fully autonomous models accelerate response times but require mature governance frameworks to deploy safely. Supervised and semi-autonomous approaches preserve analyst oversight while automating repetitive workflows. Match the autonomy level to your risk tolerance, compliance obligations, and team maturity. Maximum automation isn't always the right target. ### How We Evaluated These Platforms **What we assessed**: Platforms were evaluated across five criteria: autonomy architecture, investigation depth (triage-only vs. full chain), governance controls (RBAC, HITL gates, audit trails), integration posture (native stack vs. vendor-agnostic), and operational fit for target deployment scenarios. **Data sources**: The evaluation drew on publicly available product documentation, vendor briefings, analyst coverage, and customer-reported outcomes, where available. **What wasn't tested**: We did not conduct hands-on POC testing or benchmark platforms against live environments. Performance figures (detection accuracy, false positive rates, response times) reflect vendor-reported or customer-reported data and will vary based on your environment, data volume, and configuration. Independent POC testing against your own alert samples is strongly recommended before committing to any platform. ### 1. Palo Alto Networks Cortex AgentiX [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) evolves SOAR automation into agentic workflows where specialized agents plan, reason, and execute security operations across threat intelligence, email investigation, endpoint forensics, network security, and cloud protection, with enterprise-grade auditability built in. ![cortex](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/ai-soc-tools-comparison/cortex.png) | **Best for** | **Enterprises standardized on the Cortex ecosystem, requiring governed autonomous operations** | |-------------------------|------------------------------------------------------------------------------------------------| | **Standout capability** | Governance framework trained on a large foundation of real-world playbook executions | | **Key controls** | RBAC, HITL approval gates, and complete audit logs | | **Integrates with** | Cortex XSIAM, XDR, Cloud Security; native ecosystem depth | | **POC focus** | Licensing alignment, integration depth for non-Palo Alto tools, HITL gate configuration | **Pros** * Deep native integration across the Cortex stack reduces deployment complexity for existing customers * Governance architecture supports configurable autonomy boundaries, making it viable for risk-conscious enterprise environments **Watch-outs** * Organizations running heterogeneous security stacks should validate integration depth and workflow portability for non-Cortex tools before committing * Licensing model should be assessed carefully against consumption-based alternatives depending on deployment scale **What to validate in your POC** * Does the platform's licensing structure align with your budget expectations compared to consumption-based AI SOC vendors? * How does investigation quality hold up when operating alongside non-Palo Alto tools in your existing stack? * Are HITL gates configurable at a granular enough level to match your internal approval workflows for high-impact containment decisions? ### 2. SentinelOne Purple AI SentinelOne Purple AI transforms security operations through autonomous triage, investigation, and remediation powered by deep security reasoning across normalized Open Cybersecurity Schema Framework (OCSF) data, ingested from both native and third-party sources. ![sentinelone](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/ai-soc-tools-comparison/sentinelone.png "sentinelone") | **Best for** | Organizations requiring vendor-agnostic data integration with autonomous investigation across endpoints, cloud, network, and identity | |-------------------------|---------------------------------------------------------------------------------------------------------------------------------------| | **Standout capability** | OCSF normalization eliminates schema translation overhead across diverse data sources | | **Key controls** | Audit logging; analyst review checkpoints | | **Integrates with** | Native SentinelOne sources plus third-party telemetry via OCSF normalization | | **POC focus** | Auto-triage accuracy, false positive handling, workflow customization depth | **Pros** * OCSF normalization allows the platform to ingest and correlate data across vendors without custom schema work, a meaningful advantage in mixed environments * Streaming analytics enable real-time correlation and response without data replication delays **Watch-outs** * Auto-triage accuracy in environments with custom detection logic or non-standard alert patterns should be tested before production deployment * Workflow customization depth may be limited for organizations requiring investigation procedures that go beyond pre-built agent capabilities **What to validate in your POC** * How does auto-triage perform against alert samples from your environment, particularly where custom detection logic is in play? * What workflow customizations are available when pre-built agent capabilities don't meet your investigation requirements? * How does the platform handle false positives in non-standard infrastructure configurations? ### 3. CrowdStrike Charlotte AI ![crowdstrike](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/ai-soc-tools-comparison/crowdstrike.png "crowdstrike") CrowdStrike Charlotte AI delivers agentic security operations through specialized agents trained on Falcon Complete MDR expertise, with AgentWorks providing no-code agent development and Charlotte Agentic SOAR orchestrating workflows across the Falcon platform. | **Best for** | Falcon platform customers seeking extensible agent fleets with natural language development capabilities | |-------------------------|----------------------------------------------------------------------------------------------------------| | **Standout capability** | No-code AgentWorks platform for custom agent creation, backed by Falcon Complete MDR training data | | **Key controls** | RBAC; workflow approval controls | | **Integrates with** | Native Falcon ecosystem; limited depth for third-party tools | | **POC focus** | Third-party integration quality, agent performance outside Falcon, licensing at scale | **Pros** * The Detection Triage agent is trained on a large volume of real MDR triage decisions, providing a strong baseline for alert assessment accuracy * No-code agent development lowers the barrier for security teams wanting to build custom workflows without engineering resources **Watch-outs** * Agent performance and integration quality outside the Falcon ecosystem should be carefully validated for organizations with mixed security stacks * Licensing costs can increase meaningfully as agent deployments scale across multiple workflow categories **What to validate in your POC** * How do agents perform when operating alongside third-party security tools not native to the Falcon platform? * What does the licensing structure look like as you scale agent deployments across different workflow categories? * How does the no-code agent development experience hold up for complex, multi-step investigation workflows? ### 4. Splunk AI SOC ![splunk](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/ai-soc-tools-comparison/splunk.jpg "splunk") Splunk embeds agentic AI capabilities within Enterprise Security Premier through Triage Agent, AI Assistant, and Malware Threat Reversing Agent, maintaining unified SIEM, SOAR, and UEBA workflows in familiar Splunk Processing Language environments. | **Best for** | Existing Splunk Enterprise Security deployments adding AI without platform migration or data replication | |-------------------------|----------------------------------------------------------------------------------------------------------| | **Standout capability** | Native SPL support enabling AI SOC operations directly on existing Splunk data lakes | | **Key controls** | Native SPL audit trails; RBAC controls | | **Integrates with** | Native Splunk data lake; federated search support | | **POC focus** | Total cost of ownership, agent roadmap maturity, investigation depth beyond triage | **Pros** * Preserves existing analyst expertise, detection content, and Splunk investments without requiring a migration * Federated search lets AI agents operate across distributed data sources without centralizing everything first **Watch-outs** * Total cost of ownership should be modeled carefully, adding an AI agent layer on top of existing Splunk infrastructure and licensing can add up quickly * Several AI capabilities are still in active development; roadmap maturity and release timelines should be verified before making deployment commitments **What to validate in your POC** * What does the full cost picture look like when layering AI agent capabilities onto your existing Splunk infrastructure and licensing? * Which capabilities are currently in alpha or beta, and what are the committed release timelines? * How far does investigation depth extend beyond triage, and does SOAR handle response execution in a way that fits your workflow? ### 5. Stellar Cyber Open XDR ![stellar](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/ai-soc-tools-comparison/stellar.png "stellar") Stellar Cyber deploys a multi-layer AI architecture that combines SIEM, XDR, NDR, and UEBA into unified autonomous SOC operations --- with automatic alert grouping, incident correlation, and response orchestration across diverse security tool ecosystems. | **Best for** | Mid-market organizations consolidating SIEM, XDR, and SOAR under a single license without vendor lock-in | |-------------------------|----------------------------------------------------------------------------------------------------------| | **Standout capability** | Multi-layer AI auto-grouping alerts into incidents across a broad prebuilt connector ecosystem | | **Key controls** | Audit logs; configurable guardrails | | **Integrates with** | Vendor-agnostic; extensive library of prebuilt connectors | | **POC focus** | AI investigation depth, enterprise scalability, multi-tenant architecture | **Pros** * Single-license model simplifies procurement and reduces tool sprawl, particularly attractive for mid-market teams managing multiple point solutions * Broad prebuilt connector library enables AI-driven operations across heterogeneous environments without heavy integration work **Watch-outs** * AI investigation depth and agent sophistication should be benchmarked against purpose-built autonomous SOC platforms before committing * Organizations planning significant growth or MSSP operations should validate enterprise scalability and multi-tenant architecture capabilities **What to validate in your POC** * How does AI investigation depth compare to purpose-built autonomous SOC platforms when handling complex, multi-stage attacks? * How does the platform perform at scale in multi-tenant or MSSP environments? * What are the guardrail configuration options for organizations with strict containment approval requirements? ### 6. Prompt Security ![prompt](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/ai-soc-tools-comparison/prompt.png "prompt") Prompt Security provides a governance and protection layer for AI SOC platforms, defending autonomous agents against prompt injection attacks, jailbreaking attempts, tool misuse, and unauthorized privilege escalation across security operations workflows. | **Best for** | Organizations running multiple AI SOC tools that need centralized oversight, risk management, and compliance validation | |-------------------------|-------------------------------------------------------------------------------------------------------------------------| | **Standout capability** | Real-time agent activity monitoring and policy enforcement across heterogeneous AI environments | | **Key controls** | Real-time monitoring; policy enforcement; activity logging | | **Integrates with** | Cross-vendor; designed to work across heterogeneous agent environments | | **POC focus** | Coverage breadth across vendors, governance latency impact, and policy customization | **Pros** * Fills a genuine gap for organizations managing multiple AI SOC tools that lack a unified oversight layer * Real-time policy enforcement prevents unauthorized containment actions before they cause downstream impact **Watch-outs** * Coverage breadth across different AI SOC vendors and agent architectures should be validated, not all agent types may be supported equally * Governance layer latency during high-velocity incident response should be tested to ensure it doesn't slow time-critical containment workflows **What to validate in your POC** * Which AI SOC vendors and agent architectures are fully supported, and are there coverage gaps relevant to your stack? * What latency does the governance layer introduce during high-velocity incident response, and is that acceptable for your response time requirements? * How granular is policy customization for defining acceptable agent behaviors across different investigation and containment scenarios? ### 7. Prophet Security ![prophet](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/ai-soc-tools-comparison/prophet.png "prophet") Prophet Security delivers purpose-built autonomous analysts that investigate every alert from initial triage through final disposition, with transparent reasoning and evidence synthesis across endpoints, cloud, identity, and email security systems. | **Best for** | Security teams maximizing alert coverage and investigation consistency without replacing existing tooling | |-------------------------|------------------------------------------------------------------------------------------------------------------------------| | **Standout capability** | Autonomous investigation engine handling enrichment, context gathering, and decision-making with human-readable explanations | | **Key controls** | Human-readable decision reasoning; audit trails | | **Integrates with** | Vendor-agnostic; designed to layer onto existing tool stacks | | **POC focus** | Investigation accuracy, false positive rates, and containment approval workflows | **Pros** * Vendor-agnostic architecture means deployment doesn't require replacing existing tools or committing to a new platform stack * Human-readable reasoning paths make autonomous decisions auditable and usable for forensic documentation **Watch-outs** * Investigation accuracy in environments with complex custom applications or non-standard infrastructure should be tested with representative alert samples * Containment approval workflows and human oversight gates should be validated against your organization's requirements before production deployment **What to validate in your POC** * How does investigation accuracy hold up against alert samples from your specific environment, including custom application and non-standard infrastructure alerts? * What do containment approval workflows look like, and how much control do analysts retain before automated actions execute? * How does the platform handle edge cases where evidence is incomplete or ambiguous? ### 8. Intezer ![intezer](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/ai-soc-tools-comparison/intezer.jpg "intezer") Intezer Forensic AI SOC combines deterministic code analysis, sandboxing, and reverse engineering with large language model reasoning to investigate malware threats with forensic accuracy --- and process complete alert volumes autonomously. | **Best for** | Enterprises and MSSPs requiring forensic-grade investigation depth and explainable evidence chains for regulatory compliance | |-------------------------|------------------------------------------------------------------------------------------------------------------------------| | **Standout capability** | Hybrid autonomous-deterministic architecture fusing AI-driven correlation with binary analysis and memory forensics | | **Key controls** | Explainable evidence chains; compliance-ready documentation | | **Integrates with** | Existing alert pipelines; air-gap environment support | | **POC focus** | Forensic throughput, air-gap compatibility, and data residency requirements | **Pros** * Hybrid architecture delivers verifiable investigation conclusions that go beyond heuristic pattern matching, particularly valuable for regulated industries * Air-gap support makes it viable for environments with strict data residency or network isolation requirements **Watch-outs** * Processing throughput and latency for forensic analysis workflows during high-volume events or coordinated attack campaigns should be stress-tested * Integration architecture and data flow requirements for air-gapped environments add deployment complexity that should be scoped early **What to validate in your POC** * How does forensic analysis throughput hold up during high-volume security events or simultaneous attack campaigns? * What are the specific integration and data flow requirements for air-gapped or data residency-constrained environments? * How does the platform document investigation conclusions for regulatory reporting and incident response requirements? ### 9. Dropzone AI ![dropzoneAI](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/ai-soc-tools-comparison/dropzoneAI.jpg "dropzoneAI") Dropzone AI implements a multi-agent mesh architecture, distributing investigation tasks across specialized autonomous units that collaborate through shared context while executing parallel workflows to process high-velocity alerts. | **Best for** | Organizations managing high alert volumes across complex multi-cloud environments requiring distributed, horizontally scalable processing | |-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------| | **Standout capability** | Parallel execution model processing multiple investigations simultaneously while maintaining correlation context across related events | | **Key controls** | Shared context across agent units; coordination logs | | **Integrates with** | Vendor-agnostic; designed to scale across multi-cloud environments | | **POC focus** | Agent coordination reliability, operational complexity, resource requirements | **Pros** * Parallel execution model processes multiple investigations simultaneously, a meaningful advantage for organizations dealing with sustained high alert volumes * Vendor-agnostic design avoids forcing infrastructure changes or platform consolidation **Watch-outs** * Agent coordination reliability when handling interdependent investigation steps that require synchronized decision-making should be validated under load * Operational complexity and resource requirements may be challenging for organizations without a dedicated AI SOC platform engineering capacity **What to validate in your POC** * How reliably do agents coordinate when investigation steps are interdependent and require synchronized evidence sharing? * What are the operational and engineering resource requirements to run and maintain the platform at your alert volumes? * How does performance hold up during sustained high-velocity attack campaigns compared to normal operating conditions? ### 10. Legion Security ![legion](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/ai-soc-tools-comparison/legion.png "legion") Legion Security focuses its autonomous investigation capabilities on identity-centric threats, correlating user behavior across SaaS applications, cloud infrastructure, and on-premises systems, and automating containment for account-compromise scenarios. | **Best for** | Enterprises prioritizing insider threat detection, privilege abuse identification, and identity-based attack pattern recognition | |-------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------| | **Standout capability** | Identity-focused investigation engine recognizing behavioral deviations and credential misuse patterns that evade traditional correlation rules | | **Key controls** | Behavioral audit trails; automated containment logging | | **Integrates with** | Identity providers (IdPs), PAM systems, and SaaS platforms | | **POC focus** | Coverage outside identity, IdP and PAM integration depth, legacy authentication support | **Pros** * Identity-focused investigation engine picks up subtle behavioral deviations and credential misuse patterns that threshold-based SIEM detection routinely misses * Native integrations with IdPs and PAM systems enable automated containment for account compromise scenarios without manual intervention **Watch-outs** * Coverage for non-identity threat vectors, malware, network intrusions, infrastructure attacks, is limited; organizations with broader SOC requirements should validate scope carefully * Integration with legacy authentication infrastructure should be confirmed early, as support can vary significantly depending on the system **What to validate in your POC** * How does the platform handle threat vectors outside the identity domain, and is that coverage gap acceptable given your broader SOC requirements? * What does integration look like with your specific identity providers, PAM systems, and any legacy authentication infrastructure? * How does automated containment for account compromise scenarios work in practice, and what approval gates exist before accounts are suspended or access is revoked? ## How to Choose the Best AI SOC Tool Selecting an AI SOC platform requires rigorous evaluation across investigation capabilities, autonomy architecture, integration requirements, and operational fit --- not vendor marketing claims or feature checklists. The table below is designed to be used as a working POC checklist: bring it into your evaluation, test each requirement against your own environment, and use the pass criteria to make a defensible decision. ### Investigation Depth and Accuracy | **Requirement** | **Why It Matters** | **How to Test** | **Pass Criteria** | |-------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------| | Autonomous investigation replicates human analyst workflows | Enrichment lookups aren't enough. The platform needs to gather evidence, correlate context, and reach root cause conclusions independently | Run bring-your-own alert samples through the platform without analyst assistance; review the investigation output end-to-end | Platform produces investigation conclusions with traceable reasoning, not just enriched alerts | | Measurable reduction in MTTI and false positive rates | Vendor claims need to hold up in your environment, not a reference customer's | Request production references from organizations with similar stack complexity; ask for baseline vs. post-deployment MTTI and false positive data | References can demonstrate quantified improvements in environments comparable to yours | | Explainable decision-making for every autonomous action | Forensic requirements and compliance audits require traceable reasoning, not black-box outputs | Review investigation reports produced during POC testing; verify each decision includes a human-readable evidence path | Every autonomous action includes a documented reasoning chain reviewable by analysts and auditors | | Continuous learning from analyst feedback | Detection accuracy should improve over time as the platform ingests environmental context | Ask the vendor to demonstrate how analyst corrections feed back into the model; validate whether improvements are environment-specific or generic | Platform shows documented accuracy improvements tied to analyst feedback in customer deployments | | Quality and breadth of underlying security data | Detection accuracy depends directly on the fidelity, volume, and diversity of telemetry the platform ingests | Assess which data sources the platform natively ingests; test correlation quality when operating across endpoints, cloud, identity, and network telemetry simultaneously | Platform produces high-fidelity incidents from multi-source telemetry without requiring manual schema work | ### Autonomy Architecture and Governance | **Requirement** | **Why It Matters** | **How to Test** | **Pass Criteria** | |------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------| | Autonomy model aligns with your risk tolerance | Fully autonomous, semi-autonomous, and supervised models carry different risk profiles --- the right fit depends on your compliance obligations and team maturity | Map your internal risk tolerance and compliance requirements against the platform's configurable autonomy settings | Platform supports the autonomy level your organization requires without forcing a binary choice | | Guardrails prevent unauthorized actions | Autonomous agents need explicit boundaries --- without them, legitimate response workflows can cause unintended downstream impact | Attempt to trigger out-of-scope containment actions during POC testing; verify guardrails block unauthorized privilege escalation or data access | Platform blocks unauthorized actions consistently without requiring manual intervention | | Multi-agent coordination quality | Distributed agent architectures require synchronized decision-making --- poor coordination creates investigation gaps | Design red team scenarios requiring handoffs between multiple agent types; evaluate whether context is preserved accurately across handoffs | Agents maintain investigation context across handoffs without evidence loss or contradictory conclusions | | Complete and real-time audit trails | Regulatory reporting and post-incident review require every agent action to be both observable as it happens and traceable after the fact | Request a live demonstration of audit trail completeness during a simulated incident; verify that logs capture every data access and containment decision | Audit logs are real-time, complete, and exportable in formats compatible with your compliance reporting requirements | | Human-in-the-loop escalation paths trigger correctly | High-impact decisions affecting production systems require human approval. Escalation paths that miss edge cases create operational risk | Simulate high-impact containment scenarios during POC testing; verify HITL gates trigger at the right decision points and route approvals correctly | HITL gates activate consistently for high-impact decisions; approval workflows route to the correct roles without manual configuration each time | ### Integration and Deployment | **Requirement** | **Why It Matters** | **How to Test** | **Pass Criteria** | |-------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------| | MCP or open interoperability support | Proprietary integration models create bottlenecks as your security stack evolves. Open standards future-proof agent coordination across vendor boundaries | Request documentation of MCP support or agent-to-agent communication protocols; test cross-vendor context sharing during POC | The platform demonstrates agent coordination across at least two vendor boundaries without custom integration work | | Pre-built connector coverage for your stack | Integration gaps mean manual data handling. Every missing connector adds analyst overhead and slows investigation workflows | Inventory your SIEM, EDR, cloud security, identity, and threat intel stack; verify native connector availability and test data ingestion quality for each | All critical data sources are ingested without schema translation, and correlation quality holds across the full stack | | Data normalization approach | Schema translation overhead adds latency and creates data quality risks. Platforms that operate natively on existing telemetry formats are faster to deploy and easier to maintain | Test data ingestion from your highest-volume sources; measure normalization latency and verify alert fidelity post-ingestion | Platform ingests and correlates data from your existing sources without requiring custom schema work or introducing latency that affects response times | | Deployment model alignment with data residency requirements | SaaS, on-premises, and hybrid deployment models carry different data sovereignty and compliance implications | Confirm supported deployment architectures against your data residency and network isolation requirements before POC | The platform supports your required deployment model with documented data handling that satisfies your compliance obligations | | Agent training methodology | Generic models underperform in specialized environments. Platforms trained on industry-specific or organizationally customized data deliver better baseline accuracy | Ask the vendor to distinguish between generic pre-training and environment-specific customization; request examples of accuracy differences across deployment contexts | The vendor can demonstrate measurable accuracy differences between generic and customized agent configurations in comparable environments | ### Operational Fit and Total Cost | **Requirement** | **Why It Matters** | **How to Test** | **Pass Criteria** | |------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------| | Total cost of ownership across projected growth | Licensing models based on users, data volumes, or automation actions can scale unpredictably. TCO needs to be modeled before you commit | Model licensing costs across your current environment and projected 12--24 month growth; compare against consumption-based alternatives | TCO projection is within budget at the current scale and remains predictable as data volumes and agent deployments grow | | Onboarding timeline and professional services requirements | Slow deployments delay ROI and strain internal resources. Onboarding complexity should match your team's capacity | Request customer references at a similar organizational size and security maturity; ask specifically about time-to-value and professional services hours required | References confirm deployment timelines and professional services requirements align with your internal capacity and budget | | Skill requirements for platform operation | Platforms requiring specialized engineering resources to operate create dependency risk, especially for teams without dedicated AI SOC capacity | Assess day-to-day operational requirements during POC; determine whether the platform can be managed within existing team capabilities | The platform can be operated and maintained by your existing security team without requiring dedicated AI engineering resources | | Managed detection and response service availability | Organizations requiring 24/7 coverage without expanding headcount need MDR options backed by the platform vendor | Evaluate MDR service scope, SLAs, and escalation paths if 24/7 coverage is a requirement | MDR service covers your environment with documented SLAs and escalation procedures that meet your response time requirements | | POC performance against baseline metrics | Vendor demos aren't proof. Actual performance in your environment against your alert samples is the only reliable signal | Run a structured POC against a representative sample of your alert volume; measure MTTI, false positive rate, and containment accuracy against your current baseline | POC demonstrates measurable improvement against your baseline metrics before any contract commitment is made | ## AI SOC Tools and Platform FAQs ### How do AI SOC tools support SOC teams' workflow? AI SOC tools automate the full investigation cycle - alert triage, evidence gathering, context enrichment, and response coordination - without requiring analyst intervention at each step. This reduces mean time to investigate, cuts open case backlogs, and delivers consistent analysis quality across shifts. Analysts shift from repetitive triage to higher-value work: threat hunting, workflow design, and supervising agent decision-making. ### What is the difference between an AI SOC tool and a SOC copilot? A SOC copilot assists analysts by answering questions, summarizing alerts, and suggesting next steps, but a human still drives the investigation. An AI SOC tool acts autonomously: it gathers evidence, correlates indicators, reaches conclusions, and executes response workflows without waiting for analyst prompts. The key distinction is agency - copilots augment human work, AI SOC tools replace the repetitive parts of it entirely. ### What autonomy model is safest for regulated industries? Supervised or semi-autonomous models are the safest starting point for regulated industries. These preserve human approval gates for high-impact containment decisions while automating evidence gathering and correlation. Full autonomy is viable in regulated environments, but only with bounded autonomy architecture, configurable agent authority limits, HITL escalation paths, real-time audit trails, and explainable reasoning chains that satisfy compliance documentation requirements. ### What data sources are required for AI SOC to work well? AI SOC platforms perform best when ingesting telemetry across four domains: endpoint (EDR), network (NDR/firewall logs), identity (IdP, PAM, directory services), and cloud workloads (CSPM, cloud-native logs). Threat intelligence feeds improve correlation accuracy. The broader and higher-fidelity the telemetry, the better the platform's ability to reconstruct attack chains and reduce false positives. Gaps in coverage create blind spots that autonomous agents can't investigate around. ### What does "good explainability" look like in an AI SOC investigation? Good explainability means every autonomous decision is backed by a human-readable reasoning chain, not just a verdict. A well-explained investigation shows which evidence was gathered, why each indicator was weighted, how the platform connected disparate events into a cohesive attack narrative, and what triggered the containment decision. Analysts and auditors should be able to reconstruct the full investigation from the audit trail without querying the platform separately. Related Content [Cortex XSIAM Discover how Extended Security Intelligence and Automation Management boosts threat detection, response, and automation.](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) [Precision AI Precision AI is Palo Alto Networks' proprietary AI system that combines machine learning, deep learning, and generative AI to automatically stop cyber threats in real time.](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) [How Cyberattackers Are Innovating With AI Adversaries use AI to create their cyberattacks. Take a closer look at their methods so you can defend yourself with even better AI.](https://www.paloaltonetworks.com/resources/infographics/how-cyberattackers-are-innovating-with-ai?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=Best%20AI%20SOC%20Tools%3A%20Top%2010%20Platforms%20for%202026%20%28Compared%29&body=Compare%2010%20AI%20SOC%20platforms%20for%202026.%20Evaluate%20autonomy%20models%2C%20investigation%20depth%2C%20auditability%2C%20integrations%20%28SIEM%2FXDR%2FSOAR%29%2C%20and%20a%20POC%20checklist%20with%20FAQs.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/ai-soc-tools-comparison) Back to Top {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/ai-security?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language