Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.


L4 Transporter

Hello people ,


I am trying to figure out real difference between XDR and XSOAR.


XDR is far more intelligent than. SIEM . So this means SIEM is killed ?


XDR can also perform incident response , so what is the real value of SOAR?


L3 Networker

Hi @FWPalolearner, It appears that you are looking to understand more on the Cortex Portfolio, which is one integrated platform for security operations. Each one of the security tools provides multiple solutions to your security posture. For example, Cortex XDR provides the ability to stitch together network, endpoint, cloud, and identity data for threat detection. Cortex XSOAR optimizes the SecOps workflow by automating incident response with playbook automation. Please take a look at the Cortex Portfolio reference links mentioned above for additional details on the security tools and the additional solutions/use-cases. If you have any specific questions about any one of the security tools, then I suggest to contact your Palo Alto Networks representatives to assist with providing you a path forward. 

L4 Transporter

Palo Alto Networks XSOAR is Security Orquestration and Response. There you can design and develop your process and procedures framework for your SOC and Security Operations and Response. Including there your playbooks for your analysts and Incident Responders. This is a very useful tool for Incident Response / Incident "Management"


XDR is to detect, investigate and give lets say the technical response to the incident. In this last sentence technical response I mean that you might follow the processes, procedures,  playbooks ... that you have written on your Palo Alto XSOAR.

Palo Alto Cortex XDR will automatically detect the malicious/suspicious activity in your infrastructure/assets create the alerts within the incidents for your analysts who just go there to see that tons of technical work has been already done and all meaningful events are put together and in context. So your analysts will understand what is going on. Which kind of incident they are facing understanding the real threats taking place at your organization. They can even give a response gathering more information, malicious files, deletion of those files in all your infra, isolating endpoints or groups of them in just seconds and all this  with just a few clicks. 




  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!