Cortex by Palo Alto Networks—the AI-based continuous security operations platform—extends next-generation security into cloud. This simplifies deployment and reduces infrastructure and operational overhead. You can use the hub to discover, activate, and access Cortex apps. Most Cortex apps rely on the Cortex Data Lake to analyze and report on your network, cloud, and endpoint data.

Recent Cortex News!

Date Highlight
15 January 2021

You can now search, filter, and export your Cortex Data Lake log data from within the Cortex Data Lake app. As a result, the individual Explore app will be phased out.

Visit the Cortex Data Lake documentation for help interacting with your logs, information about new features, and all future updates.

Cortex Infrastructure


The hub is the home for all apps built on Cortex. Use it as a launch pad to discover, use, and build apps.

Cortex Data Lake

The Cortex Data Lake stores the context-rich enhanced network logs generated by our security products, including our next-generation firewalls, GlobalProtect cloud service, and Traps management service. Cortex apps use the Cortex Data Lake to access, analyze, and report on your network data.

Cloud Identity

Cloud Identity Engine reduces the complexity of deploying a comprehensive identity solution or transitioning from an on-premises LDAP authentication solution to a cloud-based identity provider (IdP).

Apps Built on Cortex

Cortex XDR

Cortex XDR consumes data from the Cortex Data Lake and correlates logs from different network sensors to reveal threat casualties and timelines—it's your mission control for complete visibility into all your network traffic. The Cortex XDR app triggers alerts based on indicators of compromise (including behavioral anomalies) and can send those alerts to the Cortex Data Lake. Cortex XDR provides a single interface from which you can investigate and triage alerts, take remediation actions, and define policies to prevent future attacks.


AutoFocus® is a cloud-based threat intelligence service that enables you to easily identify critical attacks, so that you can triage effectively and take action without requiring additional IT resources. AutoFocus correlates threat data from your network, industry, and global intelligence feeds, and surfaces what’s most important. This includes giving you a direct pipeline to actionable intelligence from Unit 42, the Palo Alto Networks threat research team—AutoFocus lets you know if Unit 42’s newly-discovered adversaries, campaigns, and exploits have targeted your network, or networks like yours.

Cortex XSOAR

Demisto is now Cortex XSOAR! Learn more about the Cortex XSOAR platform and how it can help you automate your security operations.

Security Lifecycle Review (SLR)

Security Lifecycle Review (SLR) reports now include even more threat data. Get visibility into malware that was first detected on the endpoint, threats that are known to be connected to high-profile attacks, targeted campaigns, or malicious actors, and countries most targeted by threats found on your network.


Explore the Cortex Data Lake by searching, filtering, and exporting log data. This app offers you critical visibility into your enterprise's network activities by allowing you to easily examine network and endpoint log data.