Cortex XDR

An introduction to Cortex XDR and its components.
The Cortex XDR – Analytics app runs on Cortex by Palo Alto Networks, and is responsible for performing all automated data analysis. The app logs alerts and allows you to track alerts. Finally, the app provides both an administrative and an analyst user interface. The Cortex XDR – Investigation and Response app is also available for use with the Cortex XDR – Analytics app. The Cortex XDR – Investigation and Response app provides more context and detail when an alert is raised and enables you to take remediation actions and define policies to detect the malicious activity in the future.
To provide flexibility based on your available Palo Alto Network services and your unique environment in your organization, you can configure the Cortex XDR – Analytics app based on which sources are available. You can configure the app to use firewall logs, endpoint activity data, VPN traffic logs, or a combination of those data sources.
magnifier-architecture.png

Cortex Data Lake (formerly Logging Service)

The Cortex Data Lake contains the firewall logs and other data used by the Cortex XDR – Analytics engine to identify both normal and abnormal activity on your network. This is a core service of Cortex and the use of Cortex Data Lake is required for the Cortex XDR – Analytics app to function. The Cortex XDR – Analytics app also writes alerts to Cortex Data Lake so that applications beyond the Cortex XDR – Analytics app can leverage that alert information.

Cortex XDR – Investigation and Response

The Cortex XDR – Investigation and Response app provides a single interface from which you can investigate and triage alerts across all your Palo Alto Networks detection sources including the Cortex XDR – Analytics app. From the app you can investigate threats, take remediation actions, and define rules to detect malicious activity based on historical and new log information in Cortex Data Lake.

Related Documentation