https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-vs-xsoar/m-p/439187#M1132 <P>Hello people ,</P><P>&nbsp;</P><P>I am trying to figure out real difference between XDR and XSOAR.</P><P>&nbsp;</P><P>XDR is far more intelligent than. SIEM . So this means SIEM is killed ?</P><P>&nbsp;</P><P>XDR can also perform incident response , so what is the real value of SOAR?</P> Wed, 06 Oct 2021 17:06:56 GMT FWPalolearner 2021-10-06T17:06:56Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-vs-xsoar/m-p/439187#M1132 <P>Hello people ,</P><P>&nbsp;</P><P>I am trying to figure out real difference between XDR and XSOAR.</P><P>&nbsp;</P><P>XDR is far more intelligent than. SIEM . So this means SIEM is killed ?</P><P>&nbsp;</P><P>XDR can also perform incident response , so what is the real value of SOAR?</P> Wed, 06 Oct 2021 17:06:56 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-vs-xsoar/m-p/439187#M1132 FWPalolearner 2021-10-06T17:06:56Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-vs-xsoar/m-p/439219#M1133 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/133520">@FWPalolearner</a>, It appears that you are looking to understand more on the <A href="https://www.paloaltonetworks.com/cortex" target="_self">Cortex Portfolio</A>, which is one integrated platform for security operations. Each one of the security tools provides multiple solutions to your security posture. For example, Cortex XDR provides the ability to <A href="https://www.paloaltonetworks.com/cortex/detection-and-response" target="_self">stitch together</A> network, endpoint, cloud, and identity data for threat detection. Cortex XSOAR optimizes the SecOps workflow by<A href="https://www.paloaltonetworks.com/cortex/security-operations-automation" target="_self"> automating incident response with playbook automation</A>. Please take a look at the Cortex Portfolio reference links mentioned above for additional details on the security tools and the additional solutions/use-cases. If you have any specific questions about any one of the security tools, then I suggest to contact your Palo Alto Networks representatives to assist with providing you a path forward.&nbsp;</P> Wed, 06 Oct 2021 18:54:08 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-vs-xsoar/m-p/439219#M1133 WSeldenIII 2021-10-06T18:54:08Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-vs-xsoar/m-p/439376#M1134 <P>Palo Alto Networks XSOAR is Security Orquestration and Response. There you can design and develop your process and procedures framework for your SOC and Security Operations and Response. Including there your playbooks for your analysts and Incident Responders. This is a very useful tool for Incident Response / Incident "Management"</P><P>&nbsp;</P><P>XDR is to detect, investigate and give lets say the technical response to the incident. In this last sentence technical response I mean that you might follow the processes, procedures,&nbsp; playbooks ... that you have written on your Palo Alto XSOAR.</P><P>Palo Alto Cortex XDR will automatically detect the malicious/suspicious activity in your infrastructure/assets create the alerts within the incidents for your analysts who just go there to see that tons of technical work has been already done and all meaningful events are put together and in context. So your analysts will understand what is going on. Which kind of incident they are facing understanding the real threats taking place at your organization. They can even give a response gathering more information, malicious files, deletion of those files in all your infra, isolating endpoints or groups of them in just seconds and all this&nbsp; with just a few clicks.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 07 Oct 2021 10:50:35 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-vs-xsoar/m-p/439376#M1134 eluis 2021-10-07T10:50:35Z