Call a Specialist Today! 866-981-2998

Call a Specialist Today! 866-981-2998

Palo Alto Networks Cortex XDR
Break the silos of traditional detection and response

Palo Alto Networks Cortex-XDR

Palo Alto Networks Cortex

  • Cortex XDR for 1TB of Cortex Data Lake, includes 200 Traps licenses(TMS Only), 1-year, includes Premium Support
    Request a Quote for Pricing!
  • Cortex XDR for 1TB of Cortex Data Lake, includes 200 Traps licenses(TMS Only), 3-year, includes Premium Support
    Request a Quote for Pricing!
  • Cortex XDR for 1TB of Cortex Data Lake, includes 200 Traps licenses(TMS Only), 1-year, includes Partner Premium Support
    Request a Quote for Pricing!
  • Cortex XDR for 1TB of Cortex Data Lake, includes 200 Traps licenses(TMS Only), 3-year, includes Partner Premium Support
    Request a Quote for Pricing!

Click here to jump to more pricing!


Hunt down and stop stealthy attacks by unifying network, endpoint, and cloud data

Break Down Silos to Simplify Your Investigations

Security teams often lack the visibility and automation required to stop attacks. Siloed tools like endpoint detection and response (EDR) and network traffic analysis (NTA) collect large amounts of data, but they also force analysts to pivot from console to console to verify threats, increasing complexity and slowing down investigations. Faced with a shortage of cybersecurity professionals, teams must simplify their operations, or they will struggle to investigate and stop attacks.

Quickly Detect, Investigate, and Respond to Threats


Automate detection with AI

Cortex XDR uncovers every step of an attack by applying machine learning to rich network, endpoint and cloud data. Working when you are not, Cortex XDR outsmarts attackers by detecting behavioral anomalies indicative of attacks. You can take advantage of over 100 predefined rules or build custom ones to identify threats to high-value assets.


Cut investigation time 8x

By consolidating alerts into incidents, Cortex XDR reduces the alerts to review by 50x, on average. Each incident provides a complete picture of an attack, with integrated threat intelligence and actionable details. Automated root cause analysis reveals the source and the sequence of events for any alert with a single click, simplifying triage and analysis.


Quickly eliminate threats

Your security team can instantly contain any threat from the Cortex XDR console. You can easily apply knowledge gained from each investigation to protect against future threats. By simplifying operations and continually reducing your attack surface, you can gain more value from your existing security investments.

Protect Against Known and Unknown Threats with Traps

Great security starts with ironclad prevention. Traps™ for endpoint protection and response, included with Cortex XDR, uses multiple methods of prevention to safeguard endpoints from malware, ransomware, and exploits. Together, Traps and Cortex XDR deliver consistent prevention, detection, and response across all your digital assets. Native integration with cloud-based threat intelligence ensures prevention is coordinated across your network, endpoint, and cloud security products

Stop the threats that lead to costly breaches

Malware and fileless attacks
Cortex XDR uncovers known and unknown malware by detecting attack behaviors and anomalous activity associated with malware. Analysts can also search endpoints for indicators of compromise.

Targeted attacks
Cortex XDR detects the anomalous activities that attackers carry out as they move around the network looking for valuable data.

Malicious insiders
By profiling behavior, Cortex XDR identifies behavioral anomalies, such as internal reconnaissance and credential abuse, to spot attacks.

Risky behavior
Cortex XDR enables your organization to follow security best practices by monitoring user activity and identifying risky behavior and policy violations.

Business Benefits

Automatically uncover stealthy attacks: Continuously detect threats with machine learning, behavioral analytics, and custom detection rules.

Stop alert fatigue and attrition: Validate security alerts in seconds, improving analyst productivity and morale by reducing the backlog.

Reduce mean time to identify (MTTI): Combine precise attack detection with rapid alert triage to drastically cut dwell time.

Reduce mean time to contain (MTTC): Investigate and accurately respond to external attacks and insider threats, without years of experience.

Increase ROI from current investments with Cortex: Solve all your security needs through an ecosystem of trusted apps, while using existing infrastructure as sensors and enforcement points.

Operational Benefits

Achieve visibility across network, endpoint, and cloud data: Collect and correlate network, endpoint, and cloud data at scale for use in detection, triage, investigation, response, and hunting.

Automatically detect sophisticated attacks 24/7: Use always-on machine learning and custom rules to detect advanced persistent threats and other sophisticated attacks.

Eliminate the alert backlog: Simplify investigations with automated root cause analysis and timeline views, lowering the skill required to evaluate and analyze alerts.

Drastically reduce false positive alerts: Apply knowledge from every investigation to refine behavioral detection rules and speed future analysis, decreasing noise and risk.

Increase SOC productivity: Streamline operational processes to a single console by consolidating alert triage, investigation, and response across your network, endpoint, and cloud environments.

Remediate without business impact: Shut down attacks with surgical precision while avoiding user or system downtime.

Eliminate advanced threats: Protect your network against malicious insiders, policy violations, external threats, ransomware, fileless and memory-only attacks, and advanced zero-day malware.

Supercharge your security team: Disrupt every stage of an attack by detecting IoCs, anomalous behavior, and malicious patterns of activity.

Key Capabilities

Gain Complete Visibility

Correlate network, endpoint, and cloud data to streamline detection and response. Cortex XDR saves hours of manual analysis by automatically correlating data collected from your network, endpoints, and cloud assets. It stitches disparate data types together within Cortex Data Lake, a scalable and efficient cloud-based data store, to accurately detect attacks and simplify investigations.

Automate Attack Detection with AI

Find stealthy threats with behavioral analytics. Cortex XDR automatically pinpoints active attacks, allowing your team to triage and contain threats before the damage is done. Using machine learning, Cortex XDR continuously profiles user and device behavior to detect anomalous activity indicative of attacks. By examining rich data built expressly for analytics, Cortex XDR can detect attacks such as credential theft and tunneled DNS threats, which are nearly impossible to identify from standard threat logs or high-level network flow data. Automated detection works all day, every day, providing you peace of mind.

Hunt Threats with Powerful Search Tools

Uncover hidden malware, targeted attacks, and insider threats. Your security team can search, schedule, and save queries to identify hard-to-find threats. Flexible searching capabilities let your analysts hunt threats and search for indicators of compromise (IoCs) without learning a new query language. By incorporating threat intelligence from Palo Alto Networks with a complete set of network, endpoint, and cloud data, your team can catch malware, external threats, and internal attacks whether the incidents are in progress or occurred in the past.

Instantly Investigate Events

Automatically reveal the root cause of every alert. With Cortex XDR, your analysts can analyze alerts from any source with a single click, streamlining investigations. Cortex XDR automatically reveals the root cause, reputation, and sequence of events associated with each alert, lowering the experience needed for accurate validation. A forensic timeline of all attack activity provides actionable detail for incident investigations, allowing analysts to determine the scope, damage, and next steps in seconds.

Coordinate Response Across Enforcement Points

Stop threats with fast and accurate remediation. Cortex XDR lets your security team instantly contain network, endpoint, and cloud threats from one console. Your analysts can quickly stop the spread of malware, restrict network activity to and from devices, and update threat prevention lists like bad domains through tight integration with enforcement points. With Cortex XDR, you can swiftly shut down advanced attacks while gaining more value from your existing investments.

Adapt Your Defenses to Stop Future Attacks

Detect attackers’ tactics, techniques, and procedures with behavioral rules. With Cortex XDR, your team can apply knowledge from each investigation to reduce your attack surface and streamline future investigations, shifting your security posture from reactive to proactive. Your analysts can also create granular behavioral rules that detect malicious activity unique to your network. Flexible informational alerts improve timeline analysis by identifying suspicious behavior and making complex events easy to understand.

Get Industry-Leading Endpoint Protection

Use a single agent for endpoint threat prevention and data collection. Your Cortex XDR subscription includes Traps agents, offering you the best endpoint protection available. Traps lets you stop known and unknown malware, exploits, and ransomware by blocking malicious behavior and techniques. Integrated, cloud-based malware analysis with Palo Alto Networks WildFire® malware prevention service improves accuracy and coverage. The Traps agent records all endpoint activity, forwards it to Cortex Data Lake for analysis, and orchestrates response.

Ease Deployment with Cloud Delivery

Get started in minutes. The cloud-based Cortex XDR app offers simple, zero-touch deployment, eliminating the need to deploy new on-premises log collectors or sensors. It uses your existing Palo Alto Networks products as sensors and enforcement points, reducing the number of products you need to manage. If you’re a new customer, you only need to deploy one type of sensor, such as Next-Generation Firewalls or Traps, to detect and stop threats with Cortex XDR. Cortex XDR is built on Cortex, the industry’s only open AI-based continuous SOC platform. It delivers new levels of simplicity in security operations and significantly improved security outcomes through automation and unprecedented accuracy.

cortex lake
Figure: Analysis of data from any source for detection and response


Cortex XDR Features
Automated alert investigation Custom behavior-based detection
Root cause analysis Supervised and unsupervised machine learning
Incident response Malware and fileless attack detection
Incident containment and recovery Targeted attack detection
Post-incident impact analysis Insider threat detection
Threat hunting Risky user behavior analysis
IoC and threat intelligence searches Malware, ransomware, and exploit prevention with Traps
Technical Specifications
Delivery model Cloud-delivered application
Data retention 30-day to unlimited data storage

Operating System Support

Traps supports multiple endpoints across Windows®, macOS®, and Linux operating systems.

Cortex XDR Pathfinder minimum requirements: 2 CPU cores, 8 GB RAM, 128 GB thin-provisioned storage, VMware ESXi™ V5.1 or higher, or Microsoft Hyper-V® 6.3.96 or higher hypervisor.

    Cortex XDR licensing includes:
  • Cortex XDR – Analytics app
  • Cortex XDR – Investigation and Response app
  • Traps endpoint protection and response
  • Cortex XDR – Pathfinder endpoint analysis service (agentless alternative to Traps)

Optimizing Detection and Response for the SOC


Download the Palo Alto Networks Cortex XDR Datasheet (PDF).

Pricing Notes:

Palo Alto Networks Cortex

  • Cortex XDR for 1TB of Cortex Data Lake, includes 200 Traps licenses(TMS Only), 1-year, includes Premium Support
    Request a Quote for Pricing!
  • Cortex XDR for 1TB of Cortex Data Lake, includes 200 Traps licenses(TMS Only), 3-year, includes Premium Support
    Request a Quote for Pricing!
  • Cortex XDR for 1TB of Cortex Data Lake, includes 200 Traps licenses(TMS Only), 1-year, includes Partner Premium Support
    Request a Quote for Pricing!
  • Cortex XDR for 1TB of Cortex Data Lake, includes 200 Traps licenses(TMS Only), 3-year, includes Partner Premium Support
    Request a Quote for Pricing!