Skip to main content

Core - Investigation and Response

Automates incident response

Cortex XSIAM is an intelligent data foundation, where high-quality telemetry across the security infrastructure, threat intelligence, external attack surface data and user response actions are ingested and integrated automatically. Unlike SIEM, Cortex XSIAM ingests granular data – not just alerts and logs – to fuel many layers of machine learning that automate critical threat detection and remediation steps downstream.

What does this pack do?

The playbooks included in this pack help you respond to Cortex XDR alerts in a timely manner. They also help automate repetitive tasks associated with Cortex XDR alerts:

  • Syncs and updates Cortex XDR alerts.
  • Triggers a sub-playbook to handle each alert by type.
  • Extracts and enriches all relevant indicators from the source alert.
  • Hunts for related IOCs.
  • Calculates the severity of the alert.
  • Interacts with the analyst to choose a remediation path or close the incident as a false positive based on the gathered information and incident severity.
  • Remediates the incident by blocking malicious indicators and isolating infected endpoints.

Cortex XSIAM Video

T1036 - Masquerading




Cortex XSIAM


CertificationRead more
Supported ByCortex
CreatedFebruary 17, 2022
Last ReleaseNovember 14, 2023

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.