Cortex XDR applies machine learning at cloud scale to rich network, endpoint, and cloud data, so you can quickly find and stop targeted attacks, insider abuse, and compromised endpoints. Cortex XDR apps consume and correlate data from the Cortex Data Lake to reveal threat causalities and timelines—they're your mission control for complete visibility into network traffic and user behavior.

Latest Releases

Highlights Details
30 November 2020 Cortex XDR 2.6.5
16 November 2020 Traps agent 6.1.7
2 November 2020 Cortex XDR agent 7.2.1 for macOS
1 November 2020 Cortex XDR 2.6
21 October 2020 Cortex XDR agent 7.2.1 for Windows and Linux
19 October 2020 Upcoming features for Cortex XDR 2.6
19 October 2020 EDL Support for Cortex XDR Pro per Endpoint
... Cortex XDR release archive

Cortex XDR™ Documentation

Cortex XDR™ Prevent Administrator’s Guide

Cortex XDR™ Pro Administrator’s Guide

Cortex XDR™ Release Notes


Review the newest features and known issues for Cortex XDR.

Cortex XDR™ XQL Language Reference


Learn about XQL, the Cortex XDR query language that you can use to investigate network and endpoint activity captured in raw logging data.

Cortex XDR™ API Reference


View all Cortex XDR APIs.

Cortex XDR™ XQL Schema Reference


Discover the xdr_data dataset and Cortex XDR presets that you can use with XQL.

Cortex XDR™ Analytics Alert Reference


View all Cortex XDR Analytics alerts.

Cortex XDR Agent

Cortex XDR™ Agent Administrator's Guide


The Cortex XDR Agent Administrator's Guide describes the requirements for and how to install and use Cortex XDR agent.

Cortex XDR™ Agent Release Notes


Learn more about the new features, known issues, and changes to default behavior in Cortex XDR agent.

Where Can I Install the Cortex XDR Agent?

Additional Resources

Live Community: Cortex XDR


Have questions about Cortex XDR? Join the Live Community to post your questions and get answers.

Palo Alto Networks Compatibility Matrix


Find compatibility information for the Cortex XDR agent.

How Does Cortex XDR Protect Against CVE-2020-0796?


Unit42 describes our Palo Alto Networks coverage for this recent vulnerability.