What Is Cortex?



The Platform


Cortex™ is the industry’s only open and integrated AI-based continuous security platform. It allows companies to collect and aggregate security data–logs from network, endpoint and cloud–into the Cortex Data Lake. Cortex customers leverage Palo Alto Networks offerings, such as Cortex XDR Analytics and Cortex XDR Investigation & Response (I&R), to gain valuable insights and prevent successful cyberattacks.

Cortex is Securing the Future through its open platform, allowing Independent Software Vendors (ISVs) to integrate their cutting edge innovations with the wealth of data in the Cortex Data Lake, through Cortex partner apps.



Who Is Using Cortex?


There are a number of ways our customers have access to Cortex today, and that number is exponentially growing as more companies are enabling Cortex apps to consume their Data Lake information.

All customers that use Cortex Data Lake, Traps (with TMS), Global Protect Cloud Service (GPCS) and Cortex XDR have the option to enable Cortex partner apps through Cortex Hub.

Note: Explicit user consent is always required to provide access to the data to a third-party vendor.


Cortex Apps by Palo Alto Networks


An app built for Cortex is a piece of software that communicates with the Cortex APIs and is listed on our marketplace: Cortex hub. Palo Alto Networks customers can choose to enable apps on their Data Lake and grant the app access to their data.

On top of the rich set of data that is generated by the Next-Generation Firewall and Traps, Palo Alto Networks offers a set of apps that consume the data and prevent successful cyberattacks:

  • Cortex XDR–Analytics provides a cloud-based network security service that automatically detects and reports post-intrusion threats. It does this by identifying good (normal) behavior on your network so that it can identify bad (anomalous) behavior. The Cortex XDR – Analytics app provides a streamlined user interface that allows you to efficiently and effectively investigate and respond to anomalies on your network.

  • Cortex XDR–Investigation & Response offers complete visibility over network traffic, user behavior and endpoint activity. It simplifies threat investigation by correlating logs from your network sensors (next-generation firewalls, Traps endpoint agents, etc.) to reveal threat casualties and timelines. This enables companies to easily identify the root cause of every alert and perform immediate response actions. Finally, to stop future attacks, proactively defined indicators of compromise (IOCs) and behavioral rules will detect and respond to malicious activity automatically.More information on Cortex XDR apps.

  • Security Lifecycle Review (SLR) is a cloud-based application that summarizes the risks an organization faces. The SLR is free with a Palo Alto Networks Cortex Data Lake subscription and can be found on the Cortex hub.More information on SLR.

  • Explore displays and searches in network (PAN-OS ®) and endpoints (Traps management service) log records stored on Cortex Data Lake, which can then be exported into a comma-separated (CSV) file. More information on Explore.



Cortex Apps by Third Parties


In addition to the Palo Alto Networks apps, Cortex apps can be built by third parties using the APIs.

This short video shows how easy it is for a customer to activate an app on Cortex:




Partner apps are not hosted by Palo Alto Networks; they can run in the cloud or on-premises. Apps can be stand-alone products built specifically for Cortex or connectors that enable an integration with an existing offering.

Check out Cortex hub to see a list of generally available apps for Cortex. Your application could be there!



Sign up to get first access to the beta!

© 2019 Palo Alto Networks, Inc. All rights reserved.