Why Embrace SOAR?
See Gartner Thoughts and Recommendations
Learn more
EM360 Podcast Series With Cortex XSOAR.
Enhance your cybersecurity defenses with expert insights.
Listen now
Get a custom ROI report
Understand the true business value of an XSOAR investment.
Calculate ROI
Cortex XSOAR Community Edition
Start Your 30-Day Free Trial of Cortex XSOAR
Get free edition
When it comes to incident response, SOC teams must shift their thinking to an automation-first mindset.
Putting humans at the frontlines of incident response is no longer sustainable. Modern SOCs are incorporating automation into their incident response workflows to maximize operational efficiencies.
Reduce alert noise and surface critical incidents
Eliminate repetitive, manual tasks
Facilitate analyst investigation and collaboration
Map external threats to SOC incidents
Learn more
Why Cortex XSOAR
Supercharge incident response across your SOC. Reduce time spent on incidents by 90%.*
*Reported time savings from aggregated customer use cases, including Palo Alto Networks SOC.
Eliminate Busywork
Let automation reduce the noise and handle repetitive, time-consuming tasks so you get to focus on what’s critical and on improving your security posture. We offer automation content packs across a wide range of use cases to help you accelerate deployment.
Speed Investigation
Everything you need to remediate an incident in one place – incident data, indicators and threat intel are all fully integrated. You have a war room to collaborate in real time, manage tickets, and conduct post-incident analysis and reporting.
Better investigations
Orchestrate Across Your SOC
Automation alone is half the puzzle. You need a holistic approach that efficiently pulls together people, processes and technology. With XSOAR, you can orchestrate and centralize incident response across your teams, tools and networks.
Top use cases
Designed for Security Analysts
Read the datasheetWatch Video
Automate Your Manual Workflows
900+ prebuilt integration and automation packs. 1,000s of security actions for DIY playbooks. Visual playbook editor for code-free automation.
Speed Up Your Incident Investigations
Virtual war room for incident investigation and collaboration. ChatOps and CLI for on-the-fly investigation. Auto-documentation for knowledge sharing and audit reporting. Machine learning to aid analysts.
Act On Your Threat Intel
Automate indicator processing and scoring. Map external threats to your incidents. Auto-push the latest indicators to EDLs. Unique high-fidelity threat intel from Unit 42™.
Deploy Across Your Stack
Find what you need in the Marketplace to orchestrate incident response across your entire product stack.
Our Palo Alto Networks SOC uses XSOAR to save an average of 2,600 analyst hours a month. XSOAR performs the work equivalent of 16 FTEs.
Our Palo Alto Networks SOC uses XSOAR to save an average of 2,600 analyst hours a month. XSOAR performs the work equivalent of 16 FTEs.
See What XSOAR Can Do for You
Enrich data, improve alert triage and automate repetitive tasks to reduce your investigation time from hours to just minutes. Discover your potential ROI and operational efficiency gains based on your organization with a customized report.
- Calculate your ROI
90%
REDUCTION IN REMEDIATION TIME
89%
REDUCTION IN TIME SPENT INVESTIGATING MALWARE INCIDENTS
75%
FEWER INCIDENTS REQUIRING MANUAL INTERACTION
Security Automation Hands-On Workshops
Learn how to automate security operations workflows to save time and effort.
Sign up now
Build Your Own Security Automation Program
Here are four tips we’ve garnered from working on thousands of SOAR deployments:
Before you SOARStart simpleBe predictableGet a champion
Before you SOAR
What are your existing policies and processes? What tools do you use daily? Who needs to be involved in response and remediation? Standardize your processes so they are repeatable and consistent.
Start simple
Are there time-consuming tasks that are part of a larger workflow? Are there tasks that impact operations if forgotten? Tackle these before you try automating a workflow end-to-end. Can’t code? Start with pre-built playbooks and integrations. XSOAR has tons to choose from, covering a wide range of common use cases. A visual editor makes it easy to make edits without touching code.
Be predictable
XSOAR ensures that processes produce the same outputs, the same way, every time. This speeds the onboarding of new SOC analysts, with documented best practices codified in playbooks. Consistent workflows make it easier to swap out point products, minimizing operational downtime.
Get a champion
Starting small gets you quick wins to justify your investment. However, to take it to the next step, you need stakeholder buy-in to effect real digital transformation in your SOC. XSOAR users who succeed in transforming their SOCs dedicate resources to their teams to drive automation progress, and identify areas where automation can be a business enabler.
Now that you are ready to start on your automation journey, how do you identify the best use cases for automation? In this webinar, our XSOAR experts provide insights from their experience onboarding our own customers.
Watch the webinar
Better Together
Cortex® XSOAR™ is integrated with the Cortex platform for a seamless user experience and ease of deployment. Use XSOAR to orchestrate incident response and automate workflows across your Palo Alto Networks portfolio and extract more value out of your security investment.
XSOAR + XDR
Accelerate endpoint malware incident investigation. Automate the collection of evidence and trigger containment activity.
Learn more
XSOAR + Xpanse
Enrich threat intel data on IPs, domains and certificates using information from assets discovered by Xpanse Expander, and automatically remediate attack surface exposures.
XSOAR + Prisma Cloud
Automate workflow management for misconfigurations alerts, threat alerts and unsanctioned/unmanaged cloud asset findings.
Learn more
XSOAR + Prisma Access
Auto-scale access to Prisma® Access for remote users for surges and the automatic allow listing of new egress IPs, security groups and IAMs to ensure business continuity.
Learn more
XSOAR + NGFW
Automate time-consuming tasks such as updating PAN-OS® firewall devices or onboarding firewall devices. Leverage SOAR to automatically update IP, DNS, and URL blacklists through external dynamic lists hosted on Cortex XSOAR.
Learn more
XSOAR + Unit 42
XSOAR Threat Intelligence Management provides native access to the massive Palo Alto Networks threat intelligence repository from Unit 42 so SOC teams can take action on intelligence data and leverage automation to parse, prioritize and distribute relevant threat information.
Learn more
Take It to the Next Level
These are just a sample of things you are doing every day that can be automated. Our Cortex Customer Success and Professional Services teams can help you optimize your deployment to realize the full potential of your automation investment.
SOAR onboarding assistance
- Customer journey kickoff
- Onboarding assistance
- Service configuration
- Use case assistance
- Training, documentation and workshops
SOAR platform support
- Support community
- Support portal
- Telephone support
- Response time (S1)
- Slack DFIR private channel
Optimized SOAR experience
- Annual health check
- Customized success plans
- Periodic operations reviews
- Executive business reviews
- Executive business reviews
Not Ready to Go It Alone?
We partner with hundreds of Managed Service Providers worldwide to offer security automation as a service. If you are an MSSP looking to partner with the industry leader in SOAR, you can get more details about the program and our robust multitenant platform here.
Learn more
Hear from our customers
More Customer Stories
Featured Resources
See all documents
PODCAST
The Role of Automation in Rapid Breach Response
Listen now
Analyst Report
Cortex XSOAR: A Leader Once Again
Read more
Case Study
Nuffield helps protect network of hospitals
Learn More
Video
A Day in the Life of a Security Architect
Watch now
Video
Introduction to XSOAR
Watch now
Video
XSOAR Default Playbook: Use cases and improvements
Watch now
DATASHEET
XSOAR Privacy Datasheet
Learn More
Whitepaper
Automating the SOC
Download
DATASHEET
Cortex XSOAR Datasheet
Learn about XSOAR
REPORT
2022 Gartner Market Guide for SOAR
Download
REPORT
KuppingerCole Leadership Compass of SOAR
Read the report
E-BOOK
Security Orchestration for Dummies
Download
WHITEPAPER
Top 10 SOAR Automation Use Cases
See use cases
WHITEPAPER
State of SOAR Report
Read the report
VIDEO
SOC Automation Tour
Watch now
DATASHEET
Cortex XSOAR Threat Intelligence Management
Learn More
See all documents
Get the latest news, invites to events, and threat alerts
- USA (ENGLISH)
- AUSTRALIA (ENGLISH)
- BRAZIL (PORTUGUÉS)
- CANADA (ENGLISH)
- CHINA (简体中文)
- FRANCE (FRANÇAIS)
- GERMANY (DEUTSCH)
- INDIA (ENGLISH)
- ITALY (ITALIANO)
- JAPAN (日本語)
- KOREA (한국어)
- LATIN AMERICA (ESPAÑOL)
- MEXICO (ESPAÑOL)
- SINGAPORE (ENGLISH)
- SPAIN (ESPAÑOL)
- TAIWAN (繁體中文)
- UK (ENGLISH)
Popular Resources
- Blog
- Communities
- Content Library
- Cyberpedia
- Event Center
- Investors
- Products A-Z
- Tech Docs
- Unit 42
- Sitemap
Legal Notices
- Privacy Statement
- Trust Center
- Terms of Use
- Documents
- Do Not Sell or Share My Personal Information
Popular Links
- About Us
- Customers
- Careers
- Contact Us
- Manage Email Preferences
- Newsroom
- Product Certifications
Report a Vulnerability
