Licensing information for Cortex XSOAR 6.
There are four main types of Cortex XSOAR licenses:
License | Details |
|---|---|
Cortex XSOAR Community Edition | (General free usage) evaluates Cortex XSOAR for partner development. |
Cortex XSOAR Threat Intel Management (includes two full users) | Limited to customers migrating from Minemeld and does not require case management for security orchestration, automation, and response (SOAR). |
Cortex XSOAR Starter Edition (includes two full users) | Relevant for customers who require case management for SOAR. Cortex XSOAR Starter Enterprise Platform - includes two users and support. |
Cortex XSOAR (Includes four full users) | Relevant for customers with case management for SOAR and threat intelligence needs. Cortex XSOAR is a full product that includes automation, orchestration, and threat intelligence management for Enterprise. |
Additional types of Cortex XSOAR licenses:
Cortex XSOAR Enterprise Starter platform for MSSP
Cortex XSOAR Threat Intelligence Management for MSSP with two users
Cortex XSOAR full product that includes automation, orchestration, and threat intelligence management for MSSP - with four users
Cortex XSOAR Starter Perpetual
Cortex XSOAR Threat Intelligence Management Perpetual with two users
Cortex XSOAR and Threat Intelligence Management (TIM) multi-tenant licenses
Cortex XSOAR full product that includes automation, orchestration, and threat intelligence management for perpetual with four users
All Cortex XSOAR licenses come with an additional development license.
For more licensing details, see the Cortex XSOAR Licenses.Licenses
See Add a License.Add a License
To install Cortex XSOAR as multi-tenant, you need to install everything from scratch.
Yes, you can change your installation to a multi-tenant environment as long as you don’t onboard end-customers.
If your license expires, your Cortex XSOAR machine will roll back to Cortex XSOAR community edition, including all of its limitations. All automations will cease.
Audit users have read-only permission in Cortex XSOAR, meaning they do not have the ability to edit system components and data or run commands, automations, and playbooks. Audit users can view incidents, dashboards, and reports.
Full users have read-write permission in Cortex XSOAR, meaning they have the ability to view and edit system components and data. They can investigate incidents, run automation scripts and playbooks, and chat in the War Room. Full user access to Cortex XSOAR is determined by their assigned role.
A message pops up that you’ve exceeded the amount of users. If you would like to purchase more users, contact your account team.