Cortex by Palo Alto Networks—the AI-based continuous security operations platform—extends next-generation security into cloud. This simplifies deployment and reduces infrastructure and operational overhead. You can use the hub to discover, activate, and access Cortex apps. Most Cortex apps rely on the Cortex Data Lake to analyze and report on your network, cloud, and endpoint data.

Latest Hub, Cortex Data Lake, and Log Forwarding App Releases

Highlights Details
23 February 2020 Demisto 5.5 is now in Beta!
2 July 2019 The Log Forwarding app can now send your Cortex XDR - Investigation and Response alerts to a Syslog or email destination.
30 May 2019 You no longer need Panorama to start sending logs to Cortex Data Lake! Enable your firewalls to securely connect to Cortex Data lake, and start logging to the cloud now.
1 May 2019

Security Lifecycle Review (SLR) reports now include even more threat data. Get visibility into:

  • Malware that was first detected on the endpoint.
  • Threats that are known to be connected to high-profile attacks, targeted campaigns, or malicious actors.
  • The countries most targeted by threats found on your network.

Cortex Infrastructure


The hub is the home for all apps built on Cortex. Use it as a launch pad to discover, use, and build apps.

Cortex Data Lake

The Cortex Data Lake stores the context-rich enhanced network logs generated by our security products, including our next-generation firewalls, GlobalProtect cloud service, and Traps management service. Cortex apps use the Cortex Data Lake to access, analyze, and report on your network data.

Directory Sync Service

The Directory Sync Service provides Cortex apps with read-only access to your Active Directory information—apps can use this data to provide user, group, and computer context for network and threat events.

Apps Built on Cortex

Cortex XDR

Cortex XDR Investigation and Response consumes data from the Cortex Data Lake and correlates logs from different network sensors to reveal threat casualties and timelines—it's your mission control for complete visibility into all your network traffic. The Cortex XDR Investigation and Response app triggers alerts based on indicators of compromise (including behavioral anomalies) and can send those alerts to the Cortex Data Lake. Cortex XDR Investigation and Response provides a single interface from which you can investigate and triage alerts, take remediation actions, and define policies to prevent future attacks.


Explore the Cortex Data Lake by searching, filtering, and exporting log data. This app offers you critical visibility into your enterprise's network activities by allowing you to easily examine network and endpoint log data.

Security Lifecycle Review (SLR)


Demisto 5.5 is now in Beta! Learn more about the Demisto SOAR platform and how it can help you automate your security operations.

Log Forwarding App

The logs stored in the Cortex Data Lake are available for queries and reports using Panorama and the Application Framework. If you need to fulfill your organization's legal compliance requirements, the Log Forwarding app enables you to easily forward logs stored in the Cortex Data Lake to external destinations. For example, you can forward logs using Syslog to a SIEM for long term storage, SOC, or internal audit obligations, and forward email notifications for critical events to an email address.