Skip to main content

Cortex by Palo Alto Networks

Integrated, automated and simple threat detection, prevention and response


reduction in alert volume



faster investigation



lower cost



endpoints scanned daily

Solution components

The industry’s most comprehensive product suite for security operations, empowering enterprises with the best-in-class detection, investigation, automation and response capabilities.


Cortex XDR Prevent

A single, cloud-delivered agent for endpoint protection, detection and response.

  • Get extended visibility with endpoint data sources
  • Block malware, ransomware, exploits and fileless attacks with next generation antivirus
  • Secure endpoints with device control, host firewall and disk encryption
  • Enrich investigations with tailored threat intelligence including WildFire analysis

Cortex XDR Pro

The only detection and response platform that runs on integrated endpoint, network and cloud data supporting third-party feeds, offering the same capabilities as Cortex XDR as well as:

  • Pinpoint attacks with AI-driven detection and response
  • Optional managed threat hunting, host insights and forensics capabilities

Cortex XSOAR

The industry's leading security orchestration, automation and response platform.

  • Orchestrate and automate incident response workflows with SecOps workflow automation
  • Manage incident cases in a war room with real-time collaboration
  • Tie threat intel to incidents and automate distribution to enforcement points with threat intel management
  • Automate routine tasks and increase efficiency with network security automation

Cortex Xpanse

An automated Attack Surface Management platform enabling continuous discovery, evaluation and mitigation of the external attack surface by finding exposure categories such as:

  • Remote access service
  • Insecure file sharing/exchanging services
  • Unpatched or end-of-life systems
  • IT admin system portals
  • Sensitive business operation applications 

Unit 42 Security Consulting Services Palo Alto Networks

Unit 42 brings together world-renowned threat researchers with an elite team of incident responders and security consultants to create an intelligence driven, response ready organization passionate about helping customers more proactively manage cyber risk

  • Incident Response
  • Cyber Risk Management 

Cortex XSIAM

The autonomous SOC platform powering the modern SOC. SecOps has too much information to manage in too many silos, and it relies heavily on reactive manual human effort after an incident, leading to longer investigation times, missed events and ultimately longer dwell times. Solve this with an automate first approach and:

  • Respond to Threats in a Fraction of the Time
  • Simplify Data Onboarding in Ways You Wish Your SIEM Could
  • Elevate the Role of Your Security Analysts”

Key benefits of Cortex

Quick service set-up

Set up value-added detection and response services quickly, without needing to deploy and manage on-premise equipment

Third-party feed support

Cortex supports third-party feeds, offering cross and upsell opportunities with nearly all customers

Stand out from the competition

Cortex offers unique capabilities that differentiate Palo Alto Networks products over competitors’ security solutions, thereby differentiating you from your competition


Harness the power of the cloud and intelligent engineering to scan all endpoints and uncover gaps before adversaries do


Break down security silos by gathering and integrating data from any source

Maximises ROI

Cut costs by consolidating tools, streamlining operations and preventing catastrophic attacks

Get your customers hands-on with Cortex

Cortex XDR virtual workshop

Schedule a hands-on investigation and threat-hunting workshop delivered by Palo Alto Networks experts, developed with you for your customers.

Example activities

  • Investigate and respond to reveal attack chain and root cause
  • Investigate suspicious user behaviour and a stealthy attack
  • Reveal root cause and potential damage
  • Investigate alerts from NGFW, Cortex XDR Prevent and BIOCs
  • Hunt for threats across the environment
  • BIOC creation from lessons learned in prior exercises
Schedule a workshop

Cortex XDR and XSOAR Capture the Flag events

Capture the flag events provide a fun, hands-on way to learn about Cortex XDR or XSOAR with a competitive twist.

The event consists of a series of questions that vary in their degree of difficulty and require participants to exercise different skill sets to solve.

Once a challenge is solved, a 'flag' is given to the participant which then results in points being awarded.

Schedule an event

Request a demo

Get to know the Cortex portfolio better with a free virtual investigation and threat hunting workshop or demo.


Cortex XDR

Cortex XSOAR

Cortex Xpanse

Virtual workshop

Request a demo

Request a demo

Request a demo



Partner resources

Sales resources

Understand the key Cortex features, benefits and differentiators to effectively present the solution to your customers.

Technical resources

Understand the technical capabilities, components and integrations of the Cortex portfolio to better-inform your customers.

Marketing resources

Use available resources and campaigns-in-a-box to easily kick-start your Cortex marketing activity. 

* requires log-in to Palo Alto Networks' partner portal