Palo Alto Networks announced Cortex XSOAR (formerly Demisto), and we dive into some details and capabilities, including third-party and partner-owned integrations. We also include a link to a webcast for more information about Cortex XSOAR.
What is Cortex XSOAR?
With the ever expanding security horizon, security professionals are always looking for things to make their life and jobs easier. When it comes to security orchestration and automation (SOAR), it can be a complicated environment. This environment is similar to an ecosystem. And just like any ecosystem, it can go terribly wrong if not managed properly.
Have you heard of Demisto? Well, this is the new evolution of it—now better than ever. Palo Alto Networks has been tirelessly working to improve the Demisto product, and we're happy to present Cortex XSOAR.
Cortex XSOAR Capabilities
The Cortex XSOAR platform includes more than 270 out-of-the-box playbooks to automate and orchestrate any security use case. Our commitment to an open ecosystem couldn’t be stronger, so we also have more than 360 third-party integrations, including 105 that we recently added in the last 11 months. Read about our newest partner-owned integrations.
Standardize and automate processes for any security use case - Easily automate hundreds of security use cases with playbooks that orchestrate response actions across more than 350 third-party products.
Adapt to any alert with security-focused case management - Accelerate incident response by unifying alerts, incidents, and indicators from any source within a single case management framework.
Boost SecOps efficiency with real-time collaboration - Facilitate investigations across teams with a Virtual War Room with built-in ChatOps and command line interface to execute commands across the entire product stack in real time.
Take action on threat intelligence with confidence and speed - With full control of threat data, you can aggregate disparate sources, customize and score feeds, and match indicators against a customer's specific environment while leveraging playbook automation to drive instant action.
Any great tool can only be as useful if it can integrate with other partners. That's what makes Cortex XSOAR exceptional with 360+ integrations. With so many integrations, this opens up Cortex XSOAR to several great capabilities at your fingertips. Users also have the ability to combine the real-time threat detection capability of Google Chronicle with the security orchestration and automation features of Cortex XSOAR to better understand threat activity within their organizations and automate remediation across affected assets.
Key integration features include:
Automate incident and indicator enrichment with Google Chronicle alert data, such as domain/IP reputation, ingestion time, and sighting details.
Access or query Google Chronicle for asset list and details associated with a domain/IP from within Cortex XSOAR.
Leverage hundreds of Cortex XSOAR product integrations to coordinate and automate remediation across endpoints or affected assets.
If any tool is hard to use or hard to integrate, then it will not be useful. One of the great features of Cortex XSOAR is that technical partners can architect, build, submit, and support their own offerings built on Cortex XSOAR.
Over a dozen partners have already participated in this new process: