Learn about Cortex XSIAM and the key integrated capabilities.
Alert Alert Exclusion Analytics behavioral indicators of compromise Attack Surface Management Behavioral indicators of compromise Bring Your Own Machine Learning Broker Virtual Machine Broker Virtual Machine Fully Qualified Domain Name Causality Chain Causality Group Owner Causality View Cloud Detection and Response Cortex Copilot Cortex Data Model Cortex Query Language Dataset Elasticsearch Filebeat Endpoint Detection and Response Endpoint Protection Platform Exception Exception vs Alert Exclusion Extended Detection and Response External Dynamic List Filebeat Forensics Fully Qualified Domain Name Identity Threat Detection and Response Incident Indicators of compromise IT Metrics Dashboard Managed Threat Hunting Management, Reporting, and Compliance Master Boot Record Protection MITRE ATT&CK Framework Coverage Dashboard Next-Generation Firewall Notebooks On-write File Protection Playbook Prisma Script Security Orchestration, Automation, and Response Security Information and Event Management Threat Intelligence Platform User and Entity Behavior Analytics Unified Extensible Firmware Interface Protection Virtual Machine Vulnerability Assessment Windows Event Collector XSIAM Command Center
Cortex XSIAM, or extended security intelligence and automation management, is a cloud-delivered, integrated SOC platform that unifies key functions, including EDR, XDR, SOAR, ASM, UEBA, TIP, and SIEM. Cortex XSIAM streamlines your cybersecurity infrastructure by consolidating multiple products into a unified platform.
With a simplified data onboarding process, SecOps teams can easily incorporate new data sources. The extended data model ensures normalization and correlation of data, facilitating schema on-read data access. Cortex XSIAM automatically stitches together endpoint, network, cloud, and identity data, allowing for precise detection of advanced threats: simplifying investigations through cross-data insights.
Cortex XSIAM facilitates swift incident investigation by providing a comprehensive view of every attack, featuring intelligent alert grouping and collected information about the root cause. Embedded automation enriches alerts, responds to malicious activity, and closes low-risk alerts before they reach the queue, enabling analysts to focus on the few threats requiring human intervention. Already proven in production, Cortex XSIAM powers PANW's own SOC, reducing over one trillion events per month to a handful of analyst incidents per day.
Unlike traditional SOC models, that leave optimization efforts in the hands of the customer, Cortex XSIAM benefits from continuous updates by PANW's Unit 42 research team. With threat intel gathered from more than 85,000 customers, our dedicated research team updates machine learning (ML) detection models and automatically distributes the latest protections to our product deployments. By combining leading technology with shared intelligence and research, PANW shares the responsibility of protecting our customers' ongoing operations.
Cortex XSIAM data flow
The following image describes the data collection, flow, and processing from various sources to Cortex XSIAM:
Data sources are collected at the bottom of the chain and processed by on-premise servers and engines. Data is initially processed and analyzed using Cortex Data Model (XDM) and XQL, allowing for queries and analysis. The processed data is integrated with Virtual Machines, AI analytics, ML models, and Attack Surface Management (ASM). This allows Cortex XSIAM to automate alerts and security responses.