Palo Alto Networks Cortex XDR
Palo Alto Networks Cortex XDR is an Extended Detection and Response (XDR) and Endpoint Detection and Response (EDR) offering.
Palo Alto Networks Cortex XDR is an Extended Detection and Response (XDR) solution that includes an Endpoint Detection and Response (EDR) offering. Leveraging Palo Alto Networks EDR alerts enables you to query security detections of observables, including IP addresses, process names, file names, file paths, MD5 hashes, SHA256 hashes, registry keys, hostnames, and Cortex agent IDs. Note: Integration with EDR requires a Cortex XDR Pro per endpoint license.
Additionally, the integration allows you to leverage Cortex response actions to respond to incidents or proactively mitigate threats in multiple ways, including:
-
Adding files to blocklists.
-
Quarantining or unquarantining endpoints.
-
Performing malware scans on endpoints.
These are workflows that you can install in Cisco XDR automation and use with this integration. These are different from built-in workflows which are built into Cisco XDR by default for all customers.
These workflows are built into Cisco XDR automation and can be used with this integration. These are different from installable workflows, which are optional workflows you can install from Cisco and its partners.
These actions can be used in Cisco XDR automation to build workflows for this product. Workflows can help you automate how you investigate, respond to incidents, and more.