Overview - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Cortex XSIAM
Creation date
Last date published
Administrator Guide

Learn more about Cortex XSIAM and what it provided you with.

Cortex XSIAM is an AI-powered SOC platform that revolutionizes how data, analytics, and automation are deployed to outpace threats. Extended Security Intelligence & Automation Management (XSIAM) turns widespread infrastructure telemetry into an intelligent data foundation to fuel best-in-class artificial intelligence and dramatically accelerate threat response.

Cortex XSIAM collects and ingests endpoint, network, cloud, and identity data, in addition to logs and alerts,  to drive machine learning for natively autonomous response actions, such as cross-correlation of alerts and data, detection of highly sophisticated threats, and automated remediation based on native threat intelligence and attack surface data. 

Specifically, Cortex XSIAM enables you to:

  • Rapid Detection and Response - Full visibility across external and internal assets, and Internet-facing vulnerabilities by providing multiple layers of AI-driven analytics based on your data foundation. Cortex XSIAM detects emerging threats across the entire security infrastructure, automates the correlation of alerts and data into incidents, and leverages a self-learning recommendation engine to determine response next steps.

  • Threat Hunting and Threat Intelligence - Advanced Cortex Query Language (XQL) search, visualization, and aggregation capabilities incorporated with automated feed aggregation from multiple sources, WildFire threat intelligence incident artifacts, and Unit 42 enrichment, hunting, and investigation analysis.

  • Increase SOC Efficiency - Easily onboard and automatically normalizes, correlates, and stitches cloud-based data to speed deployment and provide an intelligent foundation for analytics, streamlining analysis with hundreds of built-in playbooks, and product integrations.