The Palo Alto Networks Cortex XSOAR production environment
has SOC 2 Type II and ISO 27001 certification. Palo Alto Networks
is dedicated to strong security policies and internal controls.
The Palo Alto Networks SOC monitors servers 24/7 for vulnerability
compliance. The annual penetration test report and the SOC 2 report
can be provided upon request.
Development instances in the hosted service are not SOC
Security measures include but are not limited to:
Inbound traffic is allowed only on port 443. Inbound
traffic to the web interface can be limited to specific CIDRs, by
submitting a support ticket. Up to 100 custom rules per environment
No customer operated or owned agents can be installed on
hosted service components (instance, network, load balancer, etc.)
Penetration testing is performed annually, while additional
ongoing tests are done as part of the XSOAR development process.
Docker hardening is applied by default and Docker is upgraded
with system upgrades, as needed.
Integration credentials are stored encrypted in the database.
AWS Specific Security Measures
DDOS protection is provided through an AWS load balancer.
AWS is the SSL certificate provider. Certificates managed
in the AWS Certificate Manager (ACM) use RSA keys with a 2048-bit
modulus and SHA-256.
Data at rest is encrypted using AWS EBS volume encryption
with a dedicated CMK key.
Cortex XSOAR Key Management Policy
Each customer has their own AWS KMS key, generated by AWS.
AWS KMS keys are rotated yearly.
Palo Alto Networks secures the AWS KMS key via IAM and the
AWS KMS key policy.
Only managers and administrators have key administrator privileges.
AWS EBS service has permissions to encrypt, decrypt, and/or re-encrypt.
If vulnerabilities are found, the master keys can be rotated
manually and the EBS volume can be re-encrypted as needed.
The outbound IP is static and can be used to make connections
from the hosted instance to your internal devices using the allow
list. The inbound IP changes and is managed by Amazon Web Services.
Access to information in Cortex XSOAR is by default restricted
to the customer’s users, to Palo Alto Networks DevOps team members
who have been granted user permissions by the customer, and to customer
support and success teams when a support case is opened. Customers
are responsible for reviewing the information they submit to Palo
Alto Networks and for omitting any data they do not wish to include
and that is not required for support purposes. Access to telemetry
data is limited to DevOps, customer success, product management
In addition to security measures specific to Cortex XSOAR hosted
service, the Cortex XSOAR application supports advanced methods
of authentication via Active Directory, SSO, and a variety of other
services to ensure that only users with a business need can access
Cortex XSOAR. Passwords and API keys are encrypted when stored at
rest. Data in Cortex XSOAR is encrypted at rest via volume encryption.
All communications are TLS encrypted between Cortex XSOAR components
and between Cortex XSOAR and third-party tools.
For more information about how data may be captured, processed,
and stored by and within the service, please refer to Cortex XSOAR (Hosted) Privacy.