Cortex XDR applies machine learning at cloud scale to rich network, endpoint, and cloud data, so you can quickly find and stop targeted attacks, insider abuse, and compromised endpoints. Cortex XDR apps consume and correlate data from the Cortex Data Lake to reveal threat causalities and timelines—they're your mission control for complete visibility into network traffic and user behavior.

Latest Releases

Highlights Details
24 September 2019 Configure a new incident starring policy to enable Cortex XDR to categorize incidents that contain characteristics that are important to you.
6 August 2019 Two apps become one! Cortex XDR now includes all investigation, response, and analytics capabilities. 
30 June 2019 Cortex XDR welcomes Demisto with new APIs to help you leverage Demisto for automated incident response and security orchestration.
21 May 2019
Cortex XDR – Analytics can now analyze your GlobalProtect VPN traffic and adds 12 new alerts
29 April 2019 The Cortex XDR – Investigation and Response app now aggregates alerts and artifacts related to a detected threat into a single incident.
16 April 2019 Cortex hub now provides role management for apps—use the hub to manage who has access to your Cortex apps and what level of access they have.

Cortex XDR™ Documentation

Cortex XDR™ Administrator’s Guide

Provides comprehensive information for using Cortex XDR to accelerate investigations across your network, endpoint, and cloud data.

Cortex XDR™ Release Notes

Review the newest features and known issues for Cortex XDR.

Cortex XDR API Reference

Cortex XDR APIs enable you to integrate with Demisto and other third-party tools to view and manage your Cortex XDR - Investigation and Response incidents.

Additional Resources

Cortex XDR™ Analytics Alert Reference

View all Cortex XDR Analytics alerts.

Live Community: Cortex XDR

Have questions about Cortex XDR? Join the Live Community to post your questions and get answers.