API 2.0 Overview API 1.0 to 2.0 Migration Guide What's New
Action Usecase Alerting Usecase Analysis and Response API's Building Search Queries Configuration Backup Restore and Export APIs Enrichment Usecase Groups Usecase Mimecast API In Power BI Secure Email Gateway SIEM Tutorial CG SIEM Tutorial CI SIEM Batch CG Guidelines SIEM Batch CI Guidelines
API 2.0 Reference API 1.0 Reference
Alliance Partners
Become a Partner

Palo Alto Networks Cortex XSIAM 

Developed by Palo Alto Networks

The Autonomous Platform Powering the Modern SOC

Cortex XSIAM harnesses the power of machine intelligence and automation to radically improve security outcomes and transform the manual SecOps model. From enterprise to cloud, XSIAM centralizes, automates, and scales security operations to protect organizations from advanced attacks.Cortex XSIAM lets analysts swiftly investigate incidents by providing a complete picture of every attack, including intelligent alert grouping and collected information about the root cause. Embedded automation can enrich alerts, respond to malicious activity, and close low-risk alerts before they reach the queue enabling analysts to focus on the few threats that require human intervention. XSIAM is already proven in production, powering Palo Alto Networks own SOC and reducing over one trillion events per month into a handful of analyst incidents per day.

Palo Alto Networks Logo
Developer: Palo Alto Networks
Contact: Palo Alto Networks
Documentation: View
Release Date: June 2024
Version: 1.0
Talk to a Specialist
Get Started

Mimecast and Palo Alto Networks Cortex XSIAM Use Cases:

Security Information and Event Management

Delivers all common SIEM function, including log management, correlation and alerting, reporting, and long-term data retention.

Extended Detection and Response

Gathers telemetry from any source for unrivaled detection coverage and accuracy, with the highest number of technique-level detections in the 2022 MITRE ATT&CK evaluations.

Attack Surface Management

Provides embedded attack surface management capabilities for an attacker's view of your organization, with asset discovery, vulnerability assessment, and risk management.

Security orchestration, Automation, and Response

Automates nearly any use case with hundreds of built-in playbooks and offers customization with a visual drag-and-drop playbook editor.

Management, Reporting, and Compliance

Simplifies operations, centralizing all configuration, monitoring and reporting orchestration and response. 

Threat Intelligence Platform

Aggregates, scores, and distributes threat intelligence data, including the industry leading Unit 42 threat feed, to third party tools and enriches alerts for context and attribution.

Endpoint Protection Platform

Prevents endpoint attacks with a proven endpoint agent that blocks exploits, malware, and fireless attacks and collects full telemetry for detection and response.

User and Entity Behavior Analytics

Users machine learning and behavioral analysis to profile users and entities and alert on behaviors that may indicate a compromised account of malicious insider.

Cloud Detection and Response

Analyzes cloud audit, flow, and container host logs together with data from other sources for holistic detection and response across hybrid enterprise.

Related Integrations

Explore Palo Alto Wildfire
Explore Palo Alto Cortex XSOAR
Back to Top