Cortex XSIAM

At a Glance
The AI-Driven Security Operations Platform
The needs of the SOC have changed. It is taking organizations too long Orchestration Endpoint Protection
and Automation and Intelligence
to d­ etect ­security incidents, and when they detect them, too long to
­remediate. When c ­ ombined with recent regulatory requirements and
threat actors c­ arrying out end-to-end attacks in a matter of hours, this
UEBA,
Threat Intel
introduces s­ ignificant risk to organizations. Management
Network,
Cloud Analytics
Threat Detection
and Response
The modern SOC must be built on a new architecture:
• Broad and automated data integration, analysis, and triage
Attack Surface Reporting and
• Unified workflows that enable analysts to be productive Management Compliance

• Embedded intelligence and automated response that can block

Data Foundation and
attacks with minimal analyst assistance Detection Analytics

Unlike legacy security operations, the modern SOC leads with massive
XSIAM Delivers Integrated Capabilities
­datasets run by data science, rather than human ­judgment and rules
­designed to catch­ ­yesterday’s threats. XSIAM combines these key SOC product capabilities into a single unified platform:
Cortex XSIAM (extended security intelligence and automation
®
SIEM* TIP*
management) unifies best-in-class functions, including endpoint Includes all common SIEM functions, including Provides full TIP capabilities to manage Palo Alto Networks and
detection and response (EDR); extended detection and response log management, correlation and alerting, and third-party feeds, and to automatically map them to alerts and incidents.
compliance reporting.*
(XDR); security orchestration, automation, and response (SOAR);
XDR EDR
attack surface management (ASM); user and entity behavior analytics
Integrates endpoint, cloud, and network­ Includes a complete endpoint agent and cloud analytics backend to
(UEBA); threat intelligence platform (TIP); and security information and ­telemetry for automated detection and response. provide endpoint threat prevention, automated response, and in-depth
event management (SIEM). Using a security-specific data model and telemetry useful for any threat investigation.

applying machine learning, XSIAM automates data integration, analysis, ASM* UEBA
Includes embedded ASM capabilities that Includes specialized identity analytics that use machine learning and
and triage to respond to most alerts. This enables you to focus on the provide a holistic view of the asset inventory, behavioral analysis to profile users, machines, and entities to identify
incidents that require human intervention. including internal endpoints and vulnerability and alert on behavior that may indicate a compromised account or
alerting for discovered internet-facing assets. malicious insider.
The data model is updated continuously with Palo Alto ­Networks threat
SOAR Cloud Detection and Response (CDR)
intelligence gathered globally across tens of thousands of customers. Includes a robust SOAR module and The XSIAM analytics array includes specialty analytics ­designed to
XSIAM uses an ML-led design to integrate ­massive amounts of security marketplace to create and orchestrate detect and alert on anomalies in cloud data such as cloud service
playbooks for use with XSIAM. provider logs and cloud security product alerts.
data, aggregate alerts into incidents for automated analysis and triage,
Management, Reporting, and Compliance
and respond to most incidents automatically. Centralized management functions simplify operations. Powerful graphical reporting capabilities support reporting for
compliance, data ingestion, incident trends, SOC performance metrics, and more.
XSIAM is already proven in production, powering Palo Alto Networks
own SOC and turning over a trillion events per month into a handful of * Available through additional licensing and modules.

analyst incidents per day. Visit the Cortex XSIAM page or connect with your account manager today to set up a demo and
see XSIAM in action.
Cortex XSIAM | At a Glance | © 2024 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks, Inc. 1