1. Home
    2. Cortex

    Cortex by Palo Alto Networks—the AI-based continuous security operations platform—extends next-generation security into cloud. This simplifies deployment and reduces infrastructure and operational overhead. You can use the hub to discover, activate, and access Cortex apps. Most Cortex apps rely on the Cortex Data Lake to analyze and report on your network, cloud, and endpoint data.

    News!

    Date Highlight
    2 November 2020

    You can now forward Cortex Data Lake logs to external destinations from within the Cortex Data Lake app. As a result, the individual Log Forwarding app will be phased out.

    Visit the Cortex Data Lake documentation for help with log forwarding, information about new features, and all future log forwarding updates.
    30 March 2020 Demisto is now Cortex XSOAR!

    Getting Started

    1. Get started with Cortex Data Lake
    2. See what apps are available in the hub
    3. Activate a new app

    Cortex Infrastructure

    Hub

    The hub is the home for all apps built on Cortex. Use it as a launch pad to discover, use, and build apps.

    Get Started

    Cortex Data Lake

    The Cortex Data Lake stores the context-rich enhanced network logs generated by our security products, including our next-generation firewalls, GlobalProtect cloud service, and Traps management service. Cortex apps use the Cortex Data Lake to access, analyze, and report on your network data.

    Start Logging

    Directory Sync

    Directory Sync provides user, group, and computer context from your directory to Palo Alto Networks apps for user and device visibility and policy enforcement.

    Sync Directory

    Apps Built on Cortex

    Cortex XDR

    Cortex XDR consumes data from the Cortex Data Lake and correlates logs from different network sensors to reveal threat casualties and timelines—it's your mission control for complete visibility into all your network traffic. The Cortex XDR app triggers alerts based on indicators of compromise (including behavioral anomalies) and can send those alerts to the Cortex Data Lake. Cortex XDR provides a single interface from which you can investigate and triage alerts, take remediation actions, and define policies to prevent future attacks.

    Get Started

    AutoFocus

    AutoFocus® is a cloud-based threat intelligence service that enables you to easily identify critical attacks, so that you can triage effectively and take action without requiring additional IT resources. AutoFocus correlates threat data from your network, industry, and global intelligence feeds, and surfaces what’s most important. This includes giving you a direct pipeline to actionable intelligence from Unit 42, the Palo Alto Networks threat research team—AutoFocus lets you know if Unit 42’s newly-discovered adversaries, campaigns, and exploits have targeted your network, or networks like yours.

    Get Focused

    Cortex XSOAR

    Demisto is now Cortex XSOAR! Learn more about the Cortex XSOAR platform and how it can help you automate your security operations.

    Explore Cortex XSOAR

    Security Lifecycle Review (SLR)

    Security Lifecycle Review (SLR) reports now include even more threat data. Get visibility into malware that was first detected on the endpoint, threats that are known to be connected to high-profile attacks, targeted campaigns, or malicious actors, and countries most targeted by threats found on your network.

    Run Your SLR

    Explore

    Explore the Cortex Data Lake by searching, filtering, and exporting log data. This app offers you critical visibility into your enterprise's network activities by allowing you to easily examine network and endpoint log data.

    Explore Now

    © 2020 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo