Cortex by Palo Alto Networks—the AI-based continuous security operations platform—extends next-generation security into cloud. This simplifies deployment and reduces infrastructure and operational overhead. You can use the Cortex Hub to browse for, activate, and access Cortex apps. Most Cortex apps rely on the Cortex Data Lake to analyze and report on your network, cloud, and endpoint data.

Break the security silos with Cortex XDR

Latest Releases

May 30 You no longer need Panorama to start sending logs to Cortex Data Lake! Enable your firewalls to securely connect to Cortex Data lake, and start logging to the cloud now.
May 27 Cortex XDR – Investigation and Response now provides an overview of incidents in your environment and security status over time. From the prioritized incidents in the dashboard, you can drill down into incidents and alerts for additional details.   
May 1

Security Lifecycle Review (SLR) reports now include even more threat data. Get visibility into:

  • Malware that was first detected on the endpoint.
  • Threats that are known to be connected to high-profile attacks, targeted campaigns, or malicious actors.
  • The countries most targeted by threats found on your network.
April 29

Introducing Explore!

Explore is a new app on the Cortex hub, that allows you to easily examine the  network and endpoint log data stored in Cortex Data Lake.

April 25 Get email updates when the Log Forwarding app is not able to connect to your Syslog server, so that you can quickly restore Syslog connectivity and resume log forwarding.
April 16 Cortex hub now provides role management for apps—use the hub to manage who can access Cortex apps, and their level of access.

Cortex Infrastructure

Cortex Hub


The Cortex Hub is the home for all your Cortex apps. Use it as a launch pad to access, use, and build apps.

Cortex Data Lake


The Cortex Data Lake stores the context-rich enhanced network logs generated by our security products, including our next-generation firewalls, GlobalProtect cloud service, and Traps management service. Cortex apps use the Cortex Data Lake to access, analyze, and report on your network data.

Directory Sync Service


The Directory Sync Service provides Cortex apps with read-only access to your Active Directory information—apps can use this data to provide user, group, and computer context for network and threat events.

Cortex Apps

Cortex XDR


Cortex XDR Investigation and Response consumes data from the Cortex Data Lake and correlates logs from different network sensors to reveal threat casualties and timelines—it's your mission control for complete visibility into all your network traffic. The Cortex XDR Investigation and Response app triggers alerts based on indicators of compromise (including behavioral anomalies) and can send those alerts to the Cortex Data Lake. Cortex XDR Investigation and Response provides a single interface from which you can investigate and triage alerts, take remediation actions, and define policies to prevent future attacks.

Traps Management Service


As new malware variants pop up around the globe and new software bugs and vulnerabilities are discovered, it is challenging to ensure that your endpoints remain secure. With the Traps™ management service, a cloud-based endpoint security service, you save the time and cost of building out your own global endpoint security infrastructure. This simplified deployment, which requires no server licenses, databases, or other infrastructure to get started, enables you to quickly protect your endpoints.

Explore


Explore the Cortex Data Lake by searching, filtering, and exporting log data. This app offers you critical visibility into your enterprise's network activities by allowing you to easily examine network and endpoint log data.

Log Forwarding App


The logs stored in the Cortex Data Lake are available for queries and reports using Panorama and the Application Framework. If you need to fulfill your organization's legal compliance requirements, the Log Forwarding app enables you to easily forward logs stored in the Cortex Data Lake to external destinations. For example, you can forward logs using Syslog to a SIEM for long term storage, SOC, or internal audit obligations, and forward email notifications for critical events to an email address.

Security Lifecycle Review (SLR)


Security Lifecycle Review (SLR) is a cloud-based application that summarizes the risks your organization faces and how exposed you are to threats. An SLR report can be used as part of an initial product evaluation, or during regular security check-ups. Plus, SLR reports are highly customizable—you can choose to include only the information that is most important to you, and make summaries, findings, and recommendations more targeted. Here you'll find everything you need to get started with SLR, including how to activate the SLR app and generate an SLR report.