Cortex by Palo Alto Networks—the AI-based continuous security operations platform—extends next-generation security into cloud. This simplifies deployment and reduces infrastructure and operational overhead. You can use the Cortex Hub to browse for, activate, and access Cortex apps. Most Cortex apps rely on the Cortex Data Lake to analyze and report on your network, cloud, and endpoint data.

Break the security silos with Cortex XDR

Latest Releases

10 April 2019 Cortex hub now provides role management for apps—use the hub to manage who has access to your Cortex apps and what level of access they have.
4 March 2019 Cortex XDR applies machine learning at cloud scale to rich network, endpoint and cloud data, so you can quickly find and stop targeted attacks, insider abuse, and compromised endpoints.
4 February 2019

The latest Traps Management Service release includes:

  • Email alerts,
  • a new Traps Security and Deployment Report,
  • and a new admin role!

Cortex Infrastructure

Cortex Hub


The Cortex Hub is the home for all your Cortex apps. Use it as a launch pad to access, use, and build apps.

Cortex Data Lake


The Cortex Data Lake stores the context-rich enhanced network logs generated by our security products, including our next-generation firewalls, GlobalProtect cloud service, and Traps management service. Cortex apps use the Cortex Data Lake to access, analyze, and report on your network data.

Directory Sync Service


The Directory Sync Service provides Cortex apps with read-only access to your Active Directory information—apps can use this data to provide user, group, and computer context for network and threat events.

Cortex Apps

Cortex XDR


Cortex XDR Investigation and Response consumes data from the Cortex Data Lake and correlates logs from different network sensors to reveal threat casualities and timelines—it's your mission control for complete visibility into all your network traffic. The Cortex XDR Investigation and Response app triggers alerts based on indicators of compromise (including behavioral anomalies) and can send those alerts to the Cortex Data Lake. Cortex XDR Investigation and Response provides a single interface from which you can investigate and triage alerts, take remediation actions, and define policies to prevent future attacks.

Traps Management Service


As new malware variants pop up around the globe and new software bugs and vulnerabilities are discovered, it is challenging to ensure that your endpoints remain secure. With the Traps™ management service, a cloud-based endpoint security service, you save the time and cost of building out your own global endpoint security infrastructure. This simplified deployment, which requires no server licenses, databases, or other infrastructure to get started, enables you to quickly protect your endpoints.

Log Forwarding App


The logs stored in the Cortex Data Lake are available for queries and reports using Panorama and the Application Framework. If you need to fulfill your organization's legal compliance requirements, the Log Forwarding app enables you to easily forward logs stored in the Cortex Data Lake to external destinations. For example, you can forward logs using Syslog to a SIEM for long term storage, SOC, or internal audit obligations, and forward email notifications for critical events to an email address.

Security Lifecycle Review (SLR)


Security Lifecycle Review (SLR) is a cloud-based application that summarizes the risks your organization faces and how exposed you are to threats. An SLR report can be used as part of an initial product evaluation, or during regular security check-ups. Plus, SLR reports are highly customizable—you can choose to include only the information that is most important to you, and make summaries, findings, and recommendations more targeted. Here you'll find everything you need to get started with SLR, including how to activate the SLR app and generate an SLR report.