Cortex by Palo Alto Networks—the AI-based continuous security operations platform—extends next-generation security into cloud. This simplifies deployment and reduces infrastructure and operational overhead. You can use the hub to discover, activate, and access Cortex apps. Most Cortex apps rely on the Cortex Data Lake to analyze and report on your network, cloud, and endpoint data.
|July 2||The Log Forwarding app can now send your Cortex XDR - Investigation and Response alerts to a Syslog or email destination.|
|May 30||You no longer need Panorama to start sending logs to Cortex Data Lake! Enable your firewalls to securely connect to Cortex Data lake, and start logging to the cloud now.|
|May 27||Cortex XDR – Investigation and Response now provides an overview of incidents in your environment and security status over time. From the prioritized incidents in the dashboard, you can drill down into incidents and alerts for additional details.|
Security Lifecycle Review (SLR) reports now include even more threat data. Get visibility into:
Explore is a new app on the hub, that allows you to easily examine the network and endpoint log data stored in Cortex Data Lake.
|April 25||Get email updates when the Log Forwarding app is not able to connect to your Syslog server, so that you can quickly restore Syslog connectivity and resume log forwarding.|
|April 16||The hub now provides role management for apps—use the hub to manage who can access Cortex apps, and their level of access.|
The hub is the home for all apps built on Cortex. Use it as a launch pad to discover, use, and build apps.
The Cortex Data Lake stores the context-rich enhanced network logs generated by our security products, including our next-generation firewalls, GlobalProtect cloud service, and Traps management service. Cortex apps use the Cortex Data Lake to access, analyze, and report on your network data.
The Directory Sync Service provides Cortex apps with read-only access to your Active Directory information—apps can use this data to provide user, group, and computer context for network and threat events.