[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Threats](https://www.paloaltonetworks.com/cyberpedia/threat?ts=markdown) 3. [Incident Response](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown) 4. [What is Cyber Incident Reporting?](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting?ts=markdown) Table of Contents * [What Is Incident Response?](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown) * [Why Is Incident Response Important?](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response#why?ts=markdown) * [Types of Cybersecurity Incidents](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response#types?ts=markdown) * [What Is the Incident Response Lifecycle?](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response#ir-lifecycle?ts=markdown) * [What Is an Incident Response Plan?](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response#ir-plan?ts=markdown) * [What Is Digital Forensics and Incident Response?](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response#forensics?ts=markdown) * [Incident Response Frameworks and Phases](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response#ir-phases?ts=markdown) * [Incident Response Teams](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response#ir-team?ts=markdown) * [Incident Response Tools and Technology](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response#ir-tools?ts=markdown) * [Incident Response Services](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response#ir-services?ts=markdown) * [Incident Response FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response#faq?ts=markdown) * What is Cyber Incident Reporting? * [An Overview of Cybersecurity Incident Management](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#an?ts=markdown) * [Key Components of Cyber Incident Reporting](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#key?ts=markdown) * [Steps to Establish a Cyber Incident Reporting Process](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#steps?ts=markdown) * [The CISA Rule for Cyber Incident Reporting](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#reporting?ts=markdown) * [Cyber Security Incident Case Study](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#cyber?ts=markdown) * [Cyber Incident Reporting FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#faqs?ts=markdown) * [What is Digital Forensics and Incident Response (DFIR)?](https://www.paloaltonetworks.com/cyberpedia/digital-forensics-and-incident-response?ts=markdown) * [DFIR: A Symbiotic Relationship](https://www.paloaltonetworks.com/cyberpedia/digital-forensics-and-incident-response#dfir?ts=markdown) * [The Role of Digital Forensics](https://www.paloaltonetworks.com/cyberpedia/digital-forensics-and-incident-response#role-of-digital-forensics?ts=markdown) * [The Role and Importance of Incident Response](https://www.paloaltonetworks.com/cyberpedia/digital-forensics-and-incident-response#roles?ts=markdown) * [What is the Difference Between DFIR and SOC?](https://www.paloaltonetworks.com/cyberpedia/digital-forensics-and-incident-response#difference?ts=markdown) * [The Role of EDR in DFIR](https://www.paloaltonetworks.com/cyberpedia/digital-forensics-and-incident-response#role-of-edr?ts=markdown) * [DFIR Challenges](https://www.paloaltonetworks.com/cyberpedia/digital-forensics-and-incident-response#challenges?ts=markdown) * [Digital Forensics and Incident Response Best Practices](https://www.paloaltonetworks.com/cyberpedia/digital-forensics-and-incident-response#best-practices?ts=markdown) * [Future Trends in DFIR](https://www.paloaltonetworks.com/cyberpedia/digital-forensics-and-incident-response#future-trends?ts=markdown) * [DFIR FAQs](https://www.paloaltonetworks.com/cyberpedia/digital-forensics-and-incident-response#faqs?ts=markdown) * [What is Cloud Incident Response?](https://www.paloaltonetworks.com/cyberpedia/unit-42-cloud-incident-response?ts=markdown) * [Cloud Incident Response (IR) Explained](https://www.paloaltonetworks.com/cyberpedia/unit-42-cloud-incident-response#explained?ts=markdown) * [Why Cloud IR Differs from Traditional IR](https://www.paloaltonetworks.com/cyberpedia/unit-42-cloud-incident-response#why?ts=markdown) * [The Cloud Incident Response Lifecycle](https://www.paloaltonetworks.com/cyberpedia/unit-42-cloud-incident-response#lifecycle?ts=markdown) * [SOC IR vs. Cloud IR](https://www.paloaltonetworks.com/cyberpedia/unit-42-cloud-incident-response#vs?ts=markdown) * [Best Practices for Cloud Incident Response](https://www.paloaltonetworks.com/cyberpedia/unit-42-cloud-incident-response#best?ts=markdown) * [Cloud Incident Response Frameworks and Standards](https://www.paloaltonetworks.com/cyberpedia/unit-42-cloud-incident-response#standards?ts=markdown) * [The Role of Cloud-Native Security Tools](https://www.paloaltonetworks.com/cyberpedia/unit-42-cloud-incident-response#role?ts=markdown) * [Future Trends in Cloud Incident Response](https://www.paloaltonetworks.com/cyberpedia/unit-42-cloud-incident-response#future?ts=markdown) * [Key Challenges in Cloud Incident Response](https://www.paloaltonetworks.com/cyberpedia/unit-42-cloud-incident-response#key?ts=markdown) * [Solutions to Overcome Cloud IR Barriers](https://www.paloaltonetworks.com/cyberpedia/unit-42-cloud-incident-response#solutions?ts=markdown) * [Cloud Incident Response FAQs](https://www.paloaltonetworks.com/cyberpedia/unit-42-cloud-incident-response#faqs?ts=markdown) * [What is an Incident Response Playbook?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-playbook?ts=markdown) * [The Role of Incident Response Playbooks](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-playbook#role?ts=markdown) * [Differences Between Playbooks, Plans, and Runbooks](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-playbook#differences?ts=markdown) * [The Steps of Incident Response](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-playbook#steps?ts=markdown) * [Key Components of an Incident Response Playbook](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-playbook#key?ts=markdown) * [Building an Effective Incident Response Playbook](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-playbook#building?ts=markdown) * [Incident Response Playbook FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-playbook#faqs?ts=markdown) * [What is the Role of EDR in Digital Forensics and Incident Response (DFIR)?](https://www.paloaltonetworks.com/cyberpedia/what-is-the-role-of-edr-in-dfir-digital-forensics-and-incident-response?ts=markdown) * [Digital Forensics vs. Incident Response](https://www.paloaltonetworks.com/cyberpedia/what-is-the-role-of-edr-in-dfir-digital-forensics-and-incident-response#digital?ts=markdown) * [Exploring Fundamentals of EDR Incident Response and Forensics](https://www.paloaltonetworks.com/cyberpedia/what-is-the-role-of-edr-in-dfir-digital-forensics-and-incident-response#exploring?ts=markdown) * [The Core Features of EDR Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-the-role-of-edr-in-dfir-digital-forensics-and-incident-response#the?ts=markdown) * [The Intersection of EDR and Incident Response](https://www.paloaltonetworks.com/cyberpedia/what-is-the-role-of-edr-in-dfir-digital-forensics-and-incident-response#response?ts=markdown) * [Enhancing Forensic Capabilities with EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-the-role-of-edr-in-dfir-digital-forensics-and-incident-response#enhancing?ts=markdown) * [Integrating EDR into Your Cybersecurity Strategy](https://www.paloaltonetworks.com/cyberpedia/what-is-the-role-of-edr-in-dfir-digital-forensics-and-incident-response#integrating?ts=markdown) * [DFIR vs. EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-the-role-of-edr-in-dfir-digital-forensics-and-incident-response#vs?ts=markdown) * [CSIRT vs. Digital Forensics](https://www.paloaltonetworks.com/cyberpedia/what-is-the-role-of-edr-in-dfir-digital-forensics-and-incident-response#forensics?ts=markdown) * [Challenges with EDR in Incident Response and Forensics](https://www.paloaltonetworks.com/cyberpedia/what-is-the-role-of-edr-in-dfir-digital-forensics-and-incident-response#challenges?ts=markdown) * [Case Study: Impact of EDR in Real-World Scenarios](https://www.paloaltonetworks.com/cyberpedia/what-is-the-role-of-edr-in-dfir-digital-forensics-and-incident-response#case?ts=markdown) * [The Role of EDR in Incident Response and Forensics FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-the-role-of-edr-in-dfir-digital-forensics-and-incident-response#faqs?ts=markdown) * [What Is an Incident Response Team?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-team?ts=markdown) * [What is an Incident Response Team?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-team#what?ts=markdown) * [Types of Incident Response Teams](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-team#types?ts=markdown) * [Key Functions and Responsibilities](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-team#key?ts=markdown) * [Building an Effective Incident Response Team](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-team#building?ts=markdown) * [Incident Response Team Structure](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-team#incident?ts=markdown) * [Benefits and Best Practices for IRTs](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-team#benefits?ts=markdown) * [What is an EDR Team?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-team#edr?ts=markdown) * [What is an ERT?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-team#ert?ts=markdown) * [Incident Response Team FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-an-incident-response-team#faqs?ts=markdown) * [What is an Incident Response Plan Template?](https://www.paloaltonetworks.com/cyberpedia/incident-response-plan-template?ts=markdown) * [Importance of an Incident Response Plan](https://www.paloaltonetworks.com/cyberpedia/incident-response-plan-template#importance-of-ir-plan?ts=markdown) * [Benefits of a Well-Crafted Incident Response Plan](https://www.paloaltonetworks.com/cyberpedia/incident-response-plan-template#benefits?ts=markdown) * [Key Components of an Incident Response Plan Template](https://www.paloaltonetworks.com/cyberpedia/incident-response-plan-template#key-components?ts=markdown) * [Steps to Create an Incident Response Plan](https://www.paloaltonetworks.com/cyberpedia/incident-response-plan-template#steps?ts=markdown) * [Incident Response Plan Templates](https://www.paloaltonetworks.com/cyberpedia/incident-response-plan-template#templates?ts=markdown) * [Incident Response Plan FAQs](https://www.paloaltonetworks.com/cyberpedia/incident-response-plan-template#faqs?ts=markdown) * [What Is an Incident Response Plan (IRP)?](https://www.paloaltonetworks.com/cyberpedia/incident-response-plan?ts=markdown) * [Why is an Incident Response Plan Important?](https://www.paloaltonetworks.com/cyberpedia/incident-response-plan#why?ts=markdown) * [How to Build an Incident Response Plan](https://www.paloaltonetworks.com/cyberpedia/incident-response-plan#how?ts=markdown) * [Incident Response (IR) Plan FAQs](https://www.paloaltonetworks.com/cyberpedia/incident-response-plan#faqs?ts=markdown) # What is Cyber Incident Reporting? 5 min. read Table of Contents * * [An Overview of Cybersecurity Incident Management](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#an?ts=markdown) * [Key Components of Cyber Incident Reporting](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#key?ts=markdown) * [Steps to Establish a Cyber Incident Reporting Process](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#steps?ts=markdown) * [The CISA Rule for Cyber Incident Reporting](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#reporting?ts=markdown) * [Cyber Security Incident Case Study](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#cyber?ts=markdown) * [Cyber Incident Reporting FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#faqs?ts=markdown) 1. An Overview of Cybersecurity Incident Management * * [An Overview of Cybersecurity Incident Management](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#an?ts=markdown) * [Key Components of Cyber Incident Reporting](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#key?ts=markdown) * [Steps to Establish a Cyber Incident Reporting Process](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#steps?ts=markdown) * [The CISA Rule for Cyber Incident Reporting](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#reporting?ts=markdown) * [Cyber Security Incident Case Study](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#cyber?ts=markdown) * [Cyber Incident Reporting FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting#faqs?ts=markdown) Cyber incident reporting involves documenting and notifying relevant authorities or stakeholders about a cybersecurity incident that has occurred. These incidents can include [data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown), cyberattacks, unauthorized access, and other security events compromising the confidentiality, integrity, or availability of information systems and data. The primary purpose of cyber incident reporting is to manage and mitigate the impact of the incident, enhance security measures, and ensure compliance with legal and regulatory requirements. ## An Overview of Cybersecurity Incident Management Effective cybersecurity incident management and reporting are crucial for minimizing damage and ensuring swift recovery. Organizations must establish clear protocols for identifying, assessing, and responding to incidents. These protocols should include immediate containment measures, detailed documentation, and communication strategies. Incident reporting should be timely and precise, providing essential information to stakeholders and regulatory bodies. Regular training and simulations enhance preparedness and ensure all team members understand their roles and responsibilities. Leveraging advanced tools and technologies can streamline incident management, enabling quicker detection and response. Continuous improvement through post-incident analysis helps refine strategies and prevent future occurrences. Integrating these practices into the organizational culture fosters resilience and trust, safeguarding data and reputation. ### The Importance of Cyber Incident Reporting Cyber incident reporting serves multiple vital functions, including ensuring compliance with regulatory requirements, maintaining transparency with stakeholders, and driving continuous improvement in security practices. Timely and accurate reporting of cyber incidents helps meet legal obligations and fosters trust and credibility among clients, partners, and the public. Moreover, a well-documented incident report provides valuable insights for refining security measures and preventing future breaches. Effective incident reporting also facilitates better coordination and collaboration between internal teams and external entities, such as law enforcement and cybersecurity experts, enhancing the overall response and mitigation efforts. In addition, the following are significant reasons for cyber incident reporting to become an essential part of good cybersecurity defense: * Timely response allows organizations to respond quickly to mitigate the damage. * Containment involves isolating affected systems or networks to prevent the attack's spread. * Legal and regulatory compliance is a key driver in reporting certain cybersecurity incidents. Failure to comply with these requirements can result in legal and financial penalties. * Risk assessment resulting from cyber incident reporting helps organizations understand the nature and frequency of incidents, which helps them prioritize security measures and allocate resources effectively. * Identifying patterns and trends often results from reporting incidents, which helps to build more robust defenses and anticipate future attacks. * Data protection laws often require detailed reports on the status of personal or sensitive information that may have been compromised in a security event. * Reputation management is an important goal for all organizations, and transparent and responsible incident reporting can help maintain an organization's reputation. * Forensic analysis resulting from incident reports enables organizations to determine the cause, scope, and impact of the incident. * Coordination with law enforcement may be necessary for criminal investigations. Timely reporting can aid in identifying and prosecuting the perpetrators. * Incident reports often produce improved preparedness, helping organizations update their incident response plans, policies, and security controls. * Notifying affected parties may be required if customer or user data is compromised. ## Key Components of Cyber Incident Reporting A comprehensive cyber incident report is essential for effectively managing and mitigating the impact of cybersecurity incidents. It is a detailed account of the incident, providing critical information that helps organizations respond promptly and efficiently. By systematically documenting every aspect of the incident, from initial detection to post-incident review, organizations can ensure a structured and thorough approach to incident management. Following is an outline of the key components of a cyber incident report, highlighting the vital steps and information necessary to create an effective and actionable report. 1. **Incident Detection:** Identifying the occurrence of a cyber incident through monitoring systems, user reports, or automated alerts. 2. **Initial Assessment:** Evaluating the incident's severity and impact to determine the appropriate response. 3. **Documentation:** Recording detailed information about the incident, including the nature of the attack, affected systems, time and date of occurrence, and initial findings. 4. **Notification:** Informing internal teams (IT, security, management) and external stakeholders (customers, partners, regulatory bodies) about the incident. This may involve: * Immediate reporting to senior management. * Notifying affected parties. * Reporting to regulatory authorities as required by law. 5. **Containment and Mitigation:** Taking steps to contain the incident and mitigate its effects, such as isolating affected systems, applying patches, or changing access credentials. 6. **Investigation:** Conducting a thorough investigation to understand the cause of the incident, the extent of the damage, and potential vulnerabilities exploited. 7. **Recovery:** Restoring affected systems and data, ensuring that the systems are secure before returning to normal operations. 8. **Post-Incident Review:** Analyzing the incident to identify lessons learned and improve future incident response processes. This includes updating security policies and procedures. ## Steps to Establish a Cyber Incident Reporting Process Creating an effective cyber incident reporting process is essential for organizations to swiftly and efficiently respond to cybersecurity threats. A well-defined process ensures that all incidents are handled consistently and organized, minimizing damage and facilitating recovery. Establishing this process involves several key steps: 1. **Develop an Incident Response Plan:** Outline the steps during a cyber incident, including roles and responsibilities. 2. **Train Employees:** Ensure all employees know the reporting procedures and understand their role in the incident response process. 3. **Implement Monitoring Tools:** Use [security information and event management](https://www.paloaltonetworks.com/cyberpedia/what-is-siem-software?ts=markdown)(SIEM) systems, [intrusion detection systems](https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-detection-system-ids?ts=markdown) (IDS), and other monitoring tools to detect and alert potential incidents. 4. **Establish Communication Channels:** Set up clear communication channels for reporting incidents internally and externally. 5. **Regular Drills and Updates:** Conduct regular incident response drills and update the response plan to address emerging threats and vulnerabilities. ### When to Report a Cyber Incident Report a cyber incident immediately upon detection to prevent further damage. Early reporting allows the IT team to contain the threat, mitigate risks, and preserve crucial evidence. Regulatory bodies often mandate prompt notification if sensitive data is compromised to avoid legal repercussions. Any unusual activity, such as unauthorized access or data breaches, warrants an immediate report. Delaying can exacerbate the impact, leading to significant financial loss and reputational damage. Even minor incidents, like [phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing?ts=markdown) attempts or [malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware?ts=markdown) infections, should be reported to identify potential patterns and vulnerabilities. Quick reporting facilitates timely communication with affected stakeholders, maintaining trust and transparency. Regularly train employees to recognize and report incidents, ensuring they understand their critical role in the organization's cybersecurity posture. ### Where to Report a Cyber Incident Organizations should report cyber incidents immediately to their internal IT or cybersecurity team. This team can assess the situation and take initial containment measures. Notifying the relevant regulatory bodies becomes crucial if the incident involves sensitive data or critical infrastructure. For example, the Cybersecurity and Infrastructure Security Agency (CISA) serves as a primary point of contact in the United States. Businesses in the European Union must report breaches to their national data protection authority within 72 hours, as mandated by the [General Data Protection Regulation (GDPR)](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance?ts=markdown). Law enforcement agencies, such as the FBI's Internet Crime Complaint Center (IC3) or local police departments, also play a vital role in investigating cybercrimes. Reporting to these agencies can help track and mitigate broader cyber threats. Many countries have established Computer Emergency Response Teams (CERTs) that offer specialized assistance and can coordinate a more extensive response. Timely reporting ensures that the incident is managed effectively, minimizing potential damage. ### What to Include in a Cyber Security Incident Report A thorough cyber incident report is pivotal for effective incident management and future prevention. It should capture all relevant details about the incident, providing a clear and comprehensive account that can be used for analysis and response. Key elements to include are: * **Incident Details:** This includes the date and time of the incident, its location, and a description of the event, including its scope and nature. * **Incident Classification:** The classification categorizes the event's severity and impact, and identifies the impacted digital assets. * **Incident Response Team:** The names and roles of specific individuals responding to the incident and their contact information are included. * **Initial Detection and Alerting:** The report explains how the incident was detected, who reported it, and when it was reported. * **Attack Vectors and Techniques:** The report should include how the hacker gained access or executed the attack. * **Evidence and Artifacts:** The report should include logs, files, or other digital artifacts related to the incident. * **Containment Actions:** Steps taken to contain the incident and prevent further damage should be detailed, as should information on the isolation of affected systems/networks. * **Eradication Efforts:** Measures taken to remove the root cause of the incident provide important insights into both the cause and resolution of the problem. * **Recovery Steps:** The report should include details on how affected systems and services were restored, including verification of system integrity post-recovery. * **Lessons Learned:** The report should analyze what went wrong and recommendations to prevent similar actions. * **Legal and Regulatory Compliance:** The report should include information on compliance with data protection laws and regulatory reporting requirements and any potential legal actions or law enforcement involvement. * **Incident Timeline:** A detailed chronological account of the incident, including key events and actions taken, is a key part of the report. * **Documentation of Costs:** The report should include a detailed accounting of costs related to the response, recovery, and remediation. * **Recommendations and Action Items:** It is essential to propose actions that prevent future incidents and assignments for follow-up actions. ## The CISA Rule for Cyber Incident Reporting The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has established guidelines for cyber incident reporting, particularly for federal agencies and critical infrastructure organizations. The key aspects of the CISA Rule are: * **Mandatory reporting:** Federal civilian executive branch agencies are required to report significant cybersecurity incidents to CISA within specific timeframes. * **Definition of significant cybersecurity incidents:** CISA defines significant cybersecurity incidents as incidents that significantly impact an agency's mission, operations, or security. This includes incidents involving data breaches, malware infections, unauthorized access, and more. * **Timely reporting:** Federal agencies must report incidents as soon as possible but no later than one hour after the initial detection of a significant incident. * **Incident Reporting Portal:** CISA has established a web portal called the Cyber Incident Reporting Portal (CIRP) to facilitate incident reporting. * **Information sharing:** CISA may share information about reported incidents with other government agencies and private-sector organizations to enhance cybersecurity across critical infrastructure sectors. Although these steps apply primarily to government agencies and critical infrastructure groups, they represent a solid framework for private-sector organizations to use in their cyber incident reporting. ## Cyber Security Incident Case Study A cybersecurity incident can encompass a wide range of events or actions that compromise the confidentiality, integrity, or availability of computer systems, networks, or data. A phishing attack is a common example. * **Description:** Phishing is a cyberattack where an attacker impersonates a legitimate entity (such as a trusted organization or individual) to trick recipients into divulging sensitive information, such as login credentials, personal details, or financial information. * **Incident Scenario:** An employee at a company receives an email that appears to be from their bank, claiming there is a security issue with their account and requesting immediate action. The email contains a link to a fraudulent website that mimics the bank's login page. Unaware of the deception, the employee enters their username and password on the fake website. * **Impact:** The attacker gains access to the employee's bank account and may use this information for unauthorized financial transactions or identity theft. The employee's personal and financial information is compromised. * **Response:** The organization's IT or security team detects the incident, isolates the affected employee's account, changes their credentials, and informs the employee about the phishing attempt. They also analyze the email and website to identify indicators of compromise, update email filters, and conduct awareness training to prevent similar incidents in the future. ## Cyber Incident Reporting FAQs ### Where should cyber incidents be reported? The reporting of cyber incidents depends on several factors, including the nature of the incident, the organization's internal policies, and any legal or regulatory requirements that may apply. Key groups that should be informed include internal teams, such as incident response, IT, legal/compliance, and line of business executives. ### What are the benefits of using a third party to create cyber incident reports? Engaging a third party to develop a cyber incident report can offer several benefits to organizations, depending on their specific circumstances and needs. These include the perceived independence and objectivity of an outside organization and their expertise, experience, and technical proficiency. It also demonstrates to regulators that the organization is taking all necessary steps to comply with requirements. ### Does Palo Alto Networks have a team dedicated to incident response? Palo Alto Networks' Unit 42 brings together world-renowned threat researchers with an elite team of incident responders and security consultants to create an intelligence-driven, response-ready organization passionate about helping customers more proactively manage cyber risk. Its cyber incident reporting capabilities include threat intelligence, IoC sharing, malware analysis, incident context, best practices, collaborative processes, and customized reporting. Related Content [What are Managed Detection and Response (MDR) Services? Learn about MDR and how it can enhance your organization's security defenses.](https://www.paloaltonetworks.com/cyberpedia/managed-detection-and-response-services-mdr?ts=markdown) [Global Business Defends Against Multiphased Muddled Libra Cyberattack Unit 42 was called in to investigate a complex attack involving social engineering, exploiting security tools and data theft.](https://www.paloaltonetworks.com/customers/global-business-defends-against-multiphased-muddled-libra-cyberattack?ts=markdown) [A New Regulatory Era for Cybersecurity Get actionable insights to understand the new SEC cybersecurity incident reporting rules and ensure compliance through a proactive security program.](https://www.paloaltonetworks.com/resources/ebooks/sec-security-rules-for-cisos?ts=markdown) [Supercharge Your Defenses Read the whitepaper to find out how to give your SecOps a powerful edge.](https://www.paloaltonetworks.sg/resources/whitepapers/supercharge-your-defenses) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20is%20Cyber%20Incident%20Reporting%3F&body=Discover%20how%20comprehensive%20cyber%20incident%20reporting%20can%20improve%20your%20cybersecurity%20posture.%20Learn%20about%20key%20steps%20and%20best%20practices%20for%20effective%20incident%20management.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-cyber-incident-reporting) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown) What Is Incident Response? [Next](https://www.paloaltonetworks.com/cyberpedia/digital-forensics-and-incident-response?ts=markdown) What is Digital Forensics and Incident Response (DFIR)? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language