Cortex security operations

Cortex security operations

Cortex is the industry’s most comprehensive product suite for security operations empowering enterprises with best-in-class detection, investigation, automation, and response capabilities.

Cortex XDR

The Cortex XDR app offers you complete visibility over network traffic, user behavior, and endpoint activity. It simplifies threat investigation by correlating logs from your sensors to reveal threat causalities and timelines. These summarizations enable you to easily identify the root cause of every alert. The app also allows you to perform immediate response actions. Finally, to stop future attacks, you can proactively define indicators of compromise (IoCs) and BIOCs to detect and respond to malicious activity. The following illustration depicts the Cortex XDR architecture.

Cortex XSOAR

Cortex XSOAR is the industry-leading Security Orchestration, Automation, and Response (SOAR) technology that will automate up to 95% of all response actions requiring human review and allow overloaded security teams to focus on the actions that really require their attention. Cortex SOAR integrates with a wide variety of products providing enhanced automation and response across processes involving multiple products. The following illustration depicts the Cortex XSOAR engine in the center with information sources on the left and potential consumers on the right.

Cortex Data Lake

Cloud-delivered Cortex Data Lake enables you to easily collect large volumes of log data so that innovative applications can gain insight from your environment. You can simplify your log infrastructure, automate log management, and use your data to prevent attacks more effectively. Cortex Data Lake can:

  • Radically simplify your security operations by collecting, integrating, and normalizing your enterprise’s security data
  • Effortlessly run advanced AI and machine learning with cloud-scale data and compute
  • Constantly learn from new data sources to evolve your defenses.

Following are the products that use Cortex Data Lake and their requirements:

• Palo Alto Networks Next-Generation Firewalls and Prisma Access: 

  • Next-generation firewalls and Panorama for network security management with the ability to connect to the cloud service
  • Next-generation firewalls and Panorama running PAN-OS® 8.0.5+
  • Panorama with the cloud services plugin installed

• Old versions of Palo Alto Networks Traps for endpoint protection and response: 

  • Traps running version 5.0+ with Traps management service 

• Cortex XDR: 

  • Cortex XDR application (Traps agent included)


AutoFocus contextual threat intelligence service is your single source for threat intelligence. Your teams will receive instant understanding of every event with context from Unit 42 threat researchers, and you can embed rich threat intelligence in analysts’ existing tools to significantly speed investigation, prevention, and response.

  • Get unique visibility into attacks crowdsourced from the industry’s largest footprint of network, endpoint, and cloud intel sources. 
  • Enrich every threat with the deepest context from Unit 42 threat researchers. 
  • Give analysts a major time advantage with intel embedded in any tool through a custom threat feed and agile APIs.
Leave a Reply
Your email address will not be published. *

This site uses Akismet to reduce spam. Learn how your comment data is processed.