Release highlights - Cortex XSIAM

Cross-region support in multi-tenant architectures

Cross-region tenant pairing enables multi-tenant organizations to pair their parent and child tenants across different geographic regions, providing enhanced visibility and control for distributed security operations. To enable this capability, please contact your Palo Alto Networks account team.

AI Detection & Response (Beta)

Gain visibility into usage of AI/ML in the cloud using a new dedicated dashboard that also presents related issues and cases. New detectors analyze cloud audit logs from AWS, Azure, and GCP to find AI-specific threats.

New and enhanced dashboard visuals and capabilities

The latest batch of enhancements introduces multiple new and updated widgets and controls—including single-click multi-column and multi-line charts—making it easier to visualize, organize, compare, and filter data, and quickly turn your data into actionable insights.

Ingest data into Cortex XSIAM using Cribl Stream (Beta)

A new integration offers XSIAM customers an option to leverage Cribl for data pipeline management, delivering a seamless experience and simplifying data onboarding for Cribl customers.

New Graph Search in Query Builder (Beta)

(Requires the Cortex XSIAM Premium license or the Cortex Cloud Posture Management add-on)

Drive SecOps convergence and improve threat detection and response with a new Graph Search feature embedded in the Query Builder. Graph Search provides an interactive and visually intuitive way to map out and explore the full stack of an organization’s posture and the associated risks it drives. This enables security teams, from code to cloud to SOC, to more efficiently understand attack paths, discover hidden risks, and make informed decisions in less time, leading to improved security posture and operational efficiency.