Learn about Cortex XSOAR features.
Alert Alert Exclusion Analytics behavioral indicators of compromise Attack Surface Management Behavioral indicators of compromise Bring Your Own Machine Learning Broker Virtual Machine Broker Virtual Machine Fully Qualified Domain Name Causality Chain Causality Group Owner Causality View Cloud Detection and Response Cortex Copilot Cortex Data Model Cortex Query Language Dataset Elasticsearch Filebeat Endpoint Detection and Response Endpoint Protection Platform Exception Exception vs Alert Exclusion Extended Detection and Response External Dynamic List Filebeat Forensics Fully Qualified Domain Name Identity Threat Detection and Response Incident Indicators of compromise IT Metrics Dashboard Managed Threat Hunting Management, Reporting, and Compliance Master Boot Record Protection MITRE ATT&CK Framework Coverage Dashboard Next-Generation Firewall Notebooks On-write File Protection PlaybookPrisma ScriptSecurity Orchestration, Automation, and Response Security Information and Event Management Threat Intelligence Platform User and Entity Behavior Analytics Unified Extensible Firmware Interface Protection Virtual Machine Vulnerability Assessment Windows Event Collector XSIAM Command Center
Cortex XSOAR is the industry’s first extended security orchestration and automation platform that simplifies security operations by unifying automation, case management, real-time collaboration, and threat intel management.
Cortex XSOAR ingests aggregated alerts and indicators of compromise (IOCs) from detection sources, such as security information and event management (SIEM) solutions, network security tools, threat intelligence feeds, and mailboxes, before executing automatable, process-driven playbooks to enrich and respond to these incidents. These playbooks coordinate across technologies, security teams, and external users for centralized data visibility and action.
With a Threat Intel Management license, Cortex XSOAR provides a Threat Intelligence Platform with actionable threat data from Unit 42. You can identify and discover new Malware families or campaigns and create and disseminate strategic intelligence reports.
For existing Cortex users, XSOAR is easily integrated into other Cortex solutions and is delivered from the same platform.
Why Cortex XSOAR?
Improve SOC Efficiency by Automating Incident Response
Automate incident response workflows and repetitive tasks to free up analysts to focus on the most critical incidents with Cortex XSOAR. Use predefined playbooks or easily customize your own to automate SOC use cases such as indicator enrichment, alert deduplication, phishing response, ransomware response, threat intelligence feed management, malware investigation, and even IT operations such as employee onboarding and offboarding.
Experience Better Performance, Reliability, and Scalability
Cortex XSOAR supports future growth, with rapid deployment to accelerate ROI. Fully integrated into the Cortex platform, Cortex XSOAR is delivered through a unified user interface for ease of use and consistency in workflow management.
Ingest, Search, and Query All Security Alerts
When complex, real-time investigations require analyst intervention, ensure analysts have quick access to investigation data. Cortex XSOAR accelerates incident response by unifying incident and indicator data from multiple sources on a single easy-to-search platform.
Improve Investigation Quality by Working Together
Collaborative investigation features provide a powerful toolkit to help analysts assist each other, run real-time security commands, and learn from each incident with auto-documentation of all actions. An ML-driven assistant learns from actions taken in the platform and offers guidance on analyst assignments and commands to execute actions.
Act on Threat intelligence with Agility and Confidence
Unify aggregation, scoring, and sharing threat intelligence with playbook-driven automation with native threat intelligence management. The built-in, high-fidelity threat intelligence can be boosted by layering additional third-party threat intel to better reveal and prioritize critical threats.
How Cortex XSOAR Works
Cortex XSOAR ingests aggregated alerts and indicators of compromise (IoCs) from detection sources such as security information and event management (SIEM) solutions, network security tools, threat intelligence feeds, and mailboxes, before executing automatable, process-driven playbooks to enrich and respond to these incidents. These playbooks coordinate across technologies, security teams, and external users for centralized data visibility and action.
For existing Cortex users, XSOAR is easily integrated into other Cortex solutions and is delivered from the same platform. Cortex XSOAR ingests alerts from third-party products and Threat intel feeds and by installing content packs, you can automate the investigation and response process.