API 2.0 Overview API 1.0 to 2.0 Migration Guide What's New
Action Usecase Alerting Usecase Analysis and Response API's Building Search Queries Configuration Backup Restore and Export APIs Enrichment Usecase Groups Usecase Mimecast API In Power BI Secure Email Gateway SIEM Tutorial CG SIEM Tutorial CI SIEM Batch CG Guidelines SIEM Batch CI Guidelines
API 2.0 Reference API 1.0 Reference
Technology Partners
Become a Partner

Palo Alto Networks Cortex XSIAM 

Developed by Palo Alto Networks

The Autonomous Platform Powering the Modern SOC

API 2.0 Compatible

Cortex XSIAM uses machine intelligence and automation to optimize security operations, centralizing and scaling incident ingestion and response across enterprise and cloud environments. It enables rapid investigation with intelligent alert grouping and root-cause insights, while automation handles low-risk alerts and responses, freeing analysts to focus on critical threats. Proven in production, XSIAM powers Palo Alto Networks’ SOC, reducing over one trillion events monthly to just a few analyst incidents. The integration includes the ability to ingest email security logs as well as empower Cortex XSOAR response actions.

Palo Alto XSIAM Diagram .png
Developer: Palo Alto Networks
Contact: Palo Alto Networks
Documentation: View
Release Date: January 2025
Version: 1.1
Talk to a Specialist
Get Started

Mimecast and Palo Alto Networks Cortex XSIAM Use Cases:

Security Information and Event Management

Delivers all common SIEM function, including log management, correlation and alerting, reporting, and long-term data retention.

Extended Detection and Response

Gathers telemetry from any source for unrivaled detection coverage and accuracy, with the highest number of technique-level detections in the 2022 MITRE ATT&CK evaluations.

Attack Surface Management

Provides embedded attack surface management capabilities for an attacker's view of your organization, with asset discovery, vulnerability assessment, and risk management.

Security orchestration, Automation, and Response

Automates nearly any use case with hundreds of built-in playbooks and offers customization with a visual drag-and-drop playbook editor.

Management, Reporting, and Compliance

Simplifies operations, centralizing all configuration, monitoring and reporting orchestration and response. 

Threat Intelligence Platform

Aggregates, scores, and distributes threat intelligence data, including the industry leading Unit 42 threat feed, to third party tools and enriches alerts for context and attribution.

Endpoint Protection Platform

Prevents endpoint attacks with a proven endpoint agent that blocks exploits, malware, and fireless attacks and collects full telemetry for detection and response.

User and Entity Behavior Analytics

Users machine learning and behavioral analysis to profile users and entities and alert on behaviors that may indicate a compromised account of malicious insider.

Cloud Detection and Response

Analyzes cloud audit, flow, and container host logs together with data from other sources for holistic detection and response across hybrid enterprise.

Related Integrations

Explore Palo Alto Wildfire
Explore Palo Alto Cortex XSOAR
Back to Top