Cortex by Palo Alto Networks—the AI-based continuous security operations platform—extends next-generation security into cloud. This simplifies deployment and reduces infrastructure and operational overhead. You can use the hub to discover, activate, and access Cortex apps. Most Cortex apps rely on the Cortex Data Lake to analyze and report on your network, cloud, and endpoint data.

News!

Date Highlight
2 November 2020

You can now forward Cortex Data Lake logs to external destinations from within the Cortex Data Lake app. As a result, the individual Log Forwarding app will be phased out.

Visit the Cortex Data Lake documentation for help with log forwarding, information about new features, and all future log forwarding updates.

30 March 2020 Demisto is now Cortex XSOAR!

Cortex Infrastructure

Hub


The hub is the home for all apps built on Cortex. Use it as a launch pad to discover, use, and build apps.

Cortex Data Lake


The Cortex Data Lake stores the context-rich enhanced network logs generated by our security products, including our next-generation firewalls, GlobalProtect cloud service, and Traps management service. Cortex apps use the Cortex Data Lake to access, analyze, and report on your network data.

Directory Sync


Directory Sync provides user, group, and computer context from your directory to Palo Alto Networks apps for user and device visibility and policy enforcement.

Apps Built on Cortex

Cortex XDR


Cortex XDR consumes data from the Cortex Data Lake and correlates logs from different network sensors to reveal threat casualties and timelines—it's your mission control for complete visibility into all your network traffic. The Cortex XDR app triggers alerts based on indicators of compromise (including behavioral anomalies) and can send those alerts to the Cortex Data Lake. Cortex XDR provides a single interface from which you can investigate and triage alerts, take remediation actions, and define policies to prevent future attacks.

AutoFocus


AutoFocus® is a cloud-based threat intelligence service that enables you to easily identify critical attacks, so that you can triage effectively and take action without requiring additional IT resources. AutoFocus correlates threat data from your network, industry, and global intelligence feeds, and surfaces what’s most important. This includes giving you a direct pipeline to actionable intelligence from Unit 42, the Palo Alto Networks threat research team—AutoFocus lets you know if Unit 42’s newly-discovered adversaries, campaigns, and exploits have targeted your network, or networks like yours.

Cortex XSOAR


Demisto is now Cortex XSOAR! Learn more about the Cortex XSOAR platform and how it can help you automate your security operations.

Security Lifecycle Review (SLR)


Security Lifecycle Review (SLR) reports now include even more threat data. Get visibility into malware that was first detected on the endpoint, threats that are known to be connected to high-profile attacks, targeted campaigns, or malicious actors, and countries most targeted by threats found on your network.

Explore


Explore the Cortex Data Lake by searching, filtering, and exporting log data. This app offers you critical visibility into your enterprise's network activities by allowing you to easily examine network and endpoint log data.