Palo Alto Networks Cortex Cloud

Palo Alto Networks Cortex Cloud provides integration with Cortex XDR and Strata Logging Service for next-generation firewalls.

• Palo Alto Networks Cortex XDR: an Extended Detection and Response (XDR) solution that includes an Endpoint Detection and Response (EDR) offering. Leveraging Palo Alto Networks EDR alerts enables you to query security detections of observables including IP addresses, process names, file names, file paths, MD5 hashes, SHA256 hashes, registry keys, hostnames, and Cortex agent IDs. Enabling this integration also provides a target in Cisco XDR automation for automated workflows. Note: Integration with Cortex XDR requires a Cortex XDR Pro per endpoint license.

• Palo Alto Networks Firewalls with Strata Logging Service: next-generation firewalls (NGFW) provide advanced and integrated security features beyond traditional firewalls. These features include application awareness, URL filtering, content inspection, and threat prevention capabilities. Forwarding NGFW logs to the Strata Logging Service, where they are normalized and enriched with endpoint and cloud data from various products, enables the ability to query NGFW alerts via the Cortex API. Leveraging Palo Alto Networks NGFW alerts allows you to query security detections for observables such as IP addresses, URLs, file names, MD5 hashes, SHA256 hashes, emails, and email subjects. Note: Integration with NGFW requires a Cortex XDR Pro per GB license.

Additionally, the integration allows you to leverage Cortex response actions to respond to incidents or proactively mitigate threats in multiple ways, including:

• Adding files to blocklists.
• Quarantining or unquarantining endpoints.
• Performing malware scans on endpoints.