Cortex XDR – Analytics

Cortex XDR – Analytics release notes.
Welcome to Cortex XDR – Analytics (formerly known as Magnifier)! Cortex XDR – Analytics is a cloud app that runs in Cortex by Palo Alto Networks. It automatically detects and reports on post-intrusion threats by identifying good (normal) behavior on your network, so that it can notice bad (anomalous) behavior. In order for Cortex XDR – Analytics to detect malicious intrusions, it must be able to monitor a large amount of data. There are four ways Cortex XDR – Analytics gets the data it needs:
  • Firewall logs—If you use Palo Alto Networks next-generation firewalls, you must configure them to forward the required logs (traffic, at a minimum) to Cortex Data Lake. While PAN-OS 8.0.5 is the minimum required release version for firewalls sending logs to Cortex Data Lake, PAN-OS 8.1.1 or later is required for the app to leverage Enhanced Application Logs.
  • Traps agents—You can also use Traps to monitor and collect activity on endpoints. Traps forwards endpoint activity to Cortex Data Lake, which Cortex XDR – Analytics can then use to detect anomalous files or activity on the endpoint.
  • Pathfinder VM—You can set up one or more Pathfinder VMs on your network to scan relevant hosts and endpoints on your network that are not covered by Traps. Pathfinder uses these scans to associate network flows with source processes, and to collect data for forensics. Pathfinder sends this data to the Cortex XDR – Analytics app for analysis and reporting.
  • Directory Sync Service—This service provides Active Directory information to Magnifier so that it can be used to clearly identify and describe the users and hosts that appear in the Cortex XDR – Analytics alerts.
Also included with Cortex XDR  is Cortex XDR – Investigation and Response. Cortex XDR – Investigation and Response triggers alerts based patterns of potentially harmful indicators and behaviors. You can gain further insight into the cause of an alert by investigating the alert further in Cortex XDR – Investigation and Response. Both applications provide a single interface from which you can take remediation actions, and define policies to detect malicious activity in the future.
Review these release notes for the latest new features we’ve introduced and known issues that we’re working on. Then, refer to the Cortex XDR – Analytics Administrator’s Guide for instructions on installing and using this application.
To view the current operational status of Palo Alto Networks cloud services including Cortex XDR apps, see We recommend that you subscribe to the status page for service-related announcements.

Related Documentation