Cortex XDR
Palo Alto Networks' XDR platform that connects endpoint, network, cloud, and identity data to detect and stop attacks. It uses behavioral analytics and AI to group alerts into incidents and provide root-cause analysis.
What is Cortex XDR?
Cortex XDR is Palo Alto Networks' extended detection and response platform, designed to break down the silos between endpoint, network, cloud, and identity telemetry. It deploys a single lightweight agent on endpoints that collects behavioral data and sends it to a central analytics engine. That engine applies AI-driven behavioral analytics to group related events into coherent incidents, each with a root-cause visualization that shows exactly how an attack unfolded. Beyond detection, Cortex XDR supports active response: isolating endpoints, killing processes, blocking network connections, and running live forensic queries remotely. Its integration with the broader Palo Alto Networks ecosystem means that detections can automatically trigger firewall policy updates or WildFire sandbox submissions.
How does Cortex XDR work with Qevlar?
Qevlar connects to Cortex XDR to retrieve endpoint alerts and process-level telemetry during automated investigations. When an incident is triggered, Qevlar can query XDR for the full behavioral timeline on an affected host, correlating that data with network and identity signals to build a complete picture of the threat before an analyst reviews it.
Other integrations
Want to help your analysts focus on the most critical alerts?
