Break the silos of traditional detection and response

Stop sophisticated attacks across your network, endpoint and cloud assets

Siloed tools, such as endpoint detection and response and network traffic analysis – EDR and NTA – force your analysts to manually piece together information, slowing down investigations and increasing complexity. Cortex XDR™ cloud-based detection and response app removes security blind spots by stitching together network, endpoint and cloud data.


Detect, investigate and respond at lightning speed

Automate detection with AI

Cortex XDR uncovers every step of an attack by applying machine learning to rich network, endpoint and cloud data. Working when you are not, Cortex XDR outsmarts attackers by detecting behavioral anomalies indicative of attacks. You can take advantage of over 100 predefined rules or build custom ones to identify threats to high-value assets.

Cut investigation time 8x

By consolidating alerts into incidents, Cortex XDR reduces the alerts to review by 50x, on average. Each incident provides a complete picture of an attack, with integrated threat intelligence and actionable details. Automated root cause analysis reveals the source and the sequence of events for any alert with a single click, simplifying triage and analysis.

Quickly eliminate threats

Your security team can instantly contain any threat from the Cortex XDR console. You can easily apply knowledge gained from each investigation to protect against future threats. By simplifying operations and continually reducing your attack surface, you can gain more value from your existing security investments.

Instantly identify the root cause of an attack


Transform your SOC team into threat-fighting champions

Cortex XDR enables your team to:

  • Automatically detect sophisticated attacks by analyzing network, endpoint and cloud data
  • Simplify investigations with automated root cause analysis and timeline analysis
  • Contain and coordinate response for any threat across all enforcement points
  • Streamline threat hunting with powerful search capabilities for behavioral threats


Pinpoint stealthy attacks with machine learning and analytics

Rapidly resolve threats with Live Terminal

You can further investigations by directly accessing monitored endpoints with Live Terminal. You can view or delete files, execute commands and Python scripts, terminate processes, and more. Live Terminal offers in-depth analysis without disrupting your end users.

Learn more about Live Terminal in the Cortex XDR white paper.


Cortex XDR


Simplify operations and maximize your security investment

Log all the data you need without compromise

Cortex XDR leverages Cortex Data Lake for efficient, scalable cloud-based log storage. It provides an operationally efficient and cost-effective way to store large volumes of data for months to support investigations.

Learn more

Use existing infrastructure for detection and response

Cortex XDR avoids the need to deploy new, single-purpose hardware and software by using your Palo Alto Networks products for data collection and enforcement. All Cortex XDR subscriptions include Traps™ endpoint protection and response standard, providing you the best endpoint protection available.

Learn more

Gain round-the-clock security with managed services

Achieve peace of mind by engaging experts to continuously hunt and investigate threats. Palo Alto Networks has partnered with leading managed service providers to deliver 24/7, year-round managed services.

Learn more

Spotlight: Cherwell Software

Harness the power of Cortex

Cortex is the industry’s only open and integrated AI-based continuous security platform. It delivers radical simplicity and significantly improves security outcomes through automation and unprecedented accuracy.

Learn how XDR is revolutionizing security operations.



Stop the threats that lead to costly breaches

Malware and fileless attacks

Cortex XDR uncovers known and unknown malware by detecting attack behaviors and anomalous activity associated with malware. Analysts can also search endpoints for indicators of compromise.

Targeted attacks

Cortex XDR detects the anomalous activities that attackers carry out as they move around the network looking for valuable data.

Malicious insiders

By profiling behavior, Cortex XDR identifies behavioral anomalies, such as internal reconnaissance and credential abuse, to spot attacks.

Risky behavior

Cortex XDR enables your organization to follow security best practices by monitoring user activity and identifying risky behavior and policy violations.