The Cortex portfolio, an integrated suite of AI-driven, intelligent products for the SOC

Shift from dozens of siloed SOC tools to Cortex and unleash the power of analytics, AI and automation to secure what’s next:

Cortex XDR: Industry-first detection and response

Cortex XSOAR: Security automation for everyone

Cortex XPANSE: Complete visibility into all your internet-facing assets

You can use the hub to discover, activate, and access Cortex apps. Most Cortex apps rely on the Cortex Data Lake to analyze and report on your network, cloud, and endpoint data.

Recent Cortex News!

Date Highlight
June 27 2022
May 30 2022

Cortex XSOAR 6.8

  • Deployment Wizard: When installing or updating the Malware content pack, a new DEPLOYMENT WIZARD tab guides you step-by-step to quickly adopt the Malware use case.
  • Error handling in playbooks: When creating/editing a standard task that uses an automation or a conditional task that uses an automation, if the the task errors, the playbook continues on an error path.
  • New custom playbooks set to quiet mode: When creating a new custom playbook, by default, the playbook is set to Quiet Mode to improve system performance.
  • Exclude items from local changes in remote repositories: Exclude content items in your development environment from syncing with your production machine.
  • HTTP,  HTTPS, and SSH are supported for remote repositories: Connect to a remote repository using HTTP,  HTTPS, or SSH.
  • API keys creation: Select which roles have read and read/write permission when creating API keys.
July 2022 Cortex Xpanse latest release notes

Cortex Infrastructure


The hub is the home for all apps built on Cortex. Use it as a launch pad to discover, use, and build apps.

Cortex Data Lake

The Cortex Data Lake stores the context-rich enhanced network logs generated by our security products, including our next-generation firewalls, GlobalProtect cloud service, and Traps management service. Cortex apps use the Cortex Data Lake to access, analyze, and report on your network data.

Cloud Identity

Cloud Identity Engine reduces the complexity of deploying a comprehensive identity solution or transitioning from an on-premises LDAP authentication solution to a cloud-based identity provider (IdP).

Apps Built on Cortex

Cortex XDR

Cortex XDR consumes data from the Cortex Data Lake and correlates logs from different network sensors to reveal threat casualties and timelines—it's your mission control for complete visibility into all your network traffic. The Cortex XDR app triggers alerts based on indicators of compromise (including behavioral anomalies) and can send those alerts to the Cortex Data Lake. Cortex XDR provides a single interface from which you can investigate and triage alerts, take remediation actions, and define policies to prevent future attacks.


AutoFocus® is a cloud-based threat intelligence service that enables you to easily identify critical attacks, so that you can triage effectively and take action without requiring additional IT resources. AutoFocus correlates threat data from your network, industry, and global intelligence feeds, and surfaces what’s most important. This includes giving you a direct pipeline to actionable intelligence from Unit 42, the Palo Alto Networks threat research team—AutoFocus lets you know if Unit 42’s newly-discovered adversaries, campaigns, and exploits have targeted your network, or networks like yours.

Cortex XSOAR

Demisto is now Cortex XSOAR! Learn more about the Cortex XSOAR platform and how it can help you automate your security operations.

Security Lifecycle Review (SLR)

Security Lifecycle Review (SLR) reports now include even more threat data. Get visibility into malware that was first detected on the endpoint, threats that are known to be connected to high-profile attacks, targeted campaigns, or malicious actors, and countries most targeted by threats found on your network.

Cortex Xpanse

Cortex Xpanse is an automated Attack Surface Management (ASM) platform that provides a complete and accurate inventory of an organization’s global internet-facing assets and misconfigurations to continuously discover, evaluate, and mitigate an external attack surface, flag risky communications, evaluate supplier risk or assess the security of M&A targets.


Explore the Cortex Data Lake by searching, filtering, and exporting log data. This app offers you critical visibility into your enterprise's network activities by allowing you to easily examine network and endpoint log data.