Palo Alto Cortex XSIAM Features

Diagnose and resolve incidents without the need for human interaction.

Guide users through the resolution process and give specific instructions to remedy individual occurrences.

Cuts off network connection or temporarily inactivate applications until incidents are remedied.

Gathers information related to threats in order to gain further information on remedies.

Analyzes incidents, correlates related events, and determines the scope and impact of attacks.

Clearly notifies users with relevant information and anomalies in a timely manner.

Sets a standard performance baseline by which to compare log activity.

Allows platform to scale to size of desired environment and configured with high availability and disaster recovery capabilities.

Information on each incident is stored in databases for user reference and analytics.

Produces reports detailing trends and vulnerabilities related to their network and infrastructure.

Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.

Ability to track incidents, tasks, evidence, and investigation progress within a structured case.

Administrators can organize workflows to guide remedies to specific situations incident types.

Allows for customized support for hybrid environments

Streamline the flow of work processes by establishing triggers and alerts that notify and route information to the appropriate people when their action is required within the compensation process.

Provides all-encompassing display and analysis of environments, resources, traffic, and activity across networks.

Documents the actions from endpoints within a network. Alerts users of incidents and abnormal activities and documents the access point.

Keeps records of each network asset and its activity. Discovers new assets accessing the network.

Provides security information and stores the data in a secure repository for reference.

Alerts users of incidents and allows users to intervene manually or triggers an automated response.

Reduces time spent remedying issues manually. Resolves common network security incidents quickly.

Documents cases of abnormal activity and compromised systems.

Information on each incident is stored in databases for user reference and analytics.

Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.

Produces reports detailing trends and vulnerabilities related to their network and infrastructure.

Stores information related to common threats and how to resolve them once incidents occur.

Analyzes your existing network and IT infrastructure to outline access points that can be easily compromised.

Allows users to customize analytics with granulized metrics that are pertinent to your specific resources.

Allows users to search databases and incident logs to gain insights on vulnerabilities and incidents.

Indexes metadata descriptions for easier searching and enhanced insights

Facilitates Artificial Intelligence (AI) or Machine Learning (ML) to enable data ingestion, performance suggestions, and traffic analysis.

Reduces time spent remedying issues manually. Resolves common network security incidents quickly.

Constantly monitors traffic and activity. Detects anomalies in functionality, user accessibility, traffic flows, and tampering.

Visually displays connected applications and integrated data. Allows customization and management of workflow structures.

Streamline the flow of work processes by establishing triggers and alerts that notify and route information to the appropriate people when their action is required within the compensation process.

Reduces time spent remedying issues manually. Resolves common network security incidents quickly.

Constantly monitors logs to detect anomalies in real time.

Reduces time spent remedying issues manually. Resolves common network security incidents quickly.

Streamlines the flow of work processes by establishing triggers and alerts that notify and route information to the appropriate people when their action is required within the compensation process.

Allows users to perfrom hands-on live simulations and penetration tests.

Runs pre-scripted vulnerability scans and security tests without requiring manual work.

Provides monitoring capabilities for multiple networks at once.

Constantly monitors activity related to user behavior and compares activity to benchmarked patterns.

Provides all-encompassing display and analysis of environments, resources, traffic, and activity across networks.

Provides features to allow scaling for large organizations.

Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.

Constantly monitors activity related to user behavior and compares activity to benchmarked patterns.

Constantly monitors traffic and activity. Detects anomalies in functionality, user accessibility, traffic flows, and tampering.

Facilitates the decryption of files and data stored using cryptographic algorithms.

Has a centralized view of data breach notification functions including any tasks that are at risk of falling behind mandated reporting timelines.

Provides tools such as auto-discovery to assist companies in automating their breach notification response.

Provides functionality to help companies comply data breach notification timelines, as determined by various regulatory laws.

Offers workflows to enable multiple departments to collaborate on data breach notification tasks

Has reporting and analytics functionality to show compliance with data breach notification laws.

Identifies potentially malicious files and applications for threats files and applications for abnormalities and threats.

Analyzes infortmation from a computer or other endpoint's memory dump for information removed from hard drive.

Identifies recently accessed files and applications for abnormalities and threats.

Parses and/or extracts emails and associated content for malware, phishing, other data that can be used in investigations.

Allows for parsing and/or extraction of artifacts native to Linux OS including but not limited to system logs, SSH activity, and user accounts.

Constantly monitors traffic and activity. Detects anomalies in functionality, user accessibility, traffic flows, and tampering.

Constantly monitors acivity related to user behavior and compares activity to benchmarked patterns and fraud indicators.

Provide insights into why trends are occurring and what issues could be related.

Monitors, records, and logs both real-time and post-event activity.

Produces reports detailing trends and vulnerabilities related to their network and infrastructure.

Provides relevant and helpful suggestions for vulnerability remediation upon detection.

Reduces time spent remedying issues manually. Resolves common network security incidents quickly.

Constantly monitors activity related to user behavior and compares activity to benchmarked patterns.

Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.

Monitors the actions from endpoints within a network. Alerts users of incidents and abnormal activities and documents the access point.

Integrates additional security tools to automate security and incident response processes.

Collects information from multiple sources to cross reference and build contextual to correlate intelligence.

Stores information related to common threats and how to resolve them once incidents occur.

Offer pre-built and custom reporting and dashboards for quick insights into system states.

Identifies and scores potential network security risks, vulnerabilities, and compliance impacts of attacks and breaches.

Creates reports outlining log activity and relevant metrics.

Allows for vulnerability ranking by customized risk and threat priorities.

Analyzes your existing network and IT infrastructure to outline access points that can be easily compromised.

Stores information related to common vulnerabilities and how to resolve them once incidents occur.

Identify risk data attributes such as description, category, owner, or hierarchy.

Provides the ability to create custom reporting dashboards to further explore vulnerability and risk data.

Tracks infrastructure resource needs and alerts administrators or automatically scales usage to minimize waste.

Monitors performance and statistics related to memory, caches and connections.

Detects anomalies in functionality, user accessibility, traffic flows, and tampering.

Actively monitors status of work stations either on-premise or remote.

Monitors data quality and send alerts based on violations or misuse.

Identifies potential network security risks, vulnerabilities, and compliance impacts.

Creates reports outlining log activity and relevant metrics.

Streamline the flow of work processes by establishing triggers and alerts that notify and route information to the appropriate people when their action is required within the compensation process.

Integrates additional security tools to automate security and incident response processes.

Allows users to track and control activity across cloud services and providers.

Reduces time spent remedying issues manually. Resolves common network security incidents quickly.

Facilitates the proactive search for emerging threats as they target servers, endpoints, and networks.

Allows administrators to set rules specified to detect issues related to issues such as sensitive data misuse, system misconfiguration, lateral movement, and/or non-compliance.

Constantly monitors system to detect anomalies in real time.

Stores information related to common threats and how to resolve them once incidents occur.

Facilitates Artificial Intelligence (AI) such as Machine Learning (ML) to enable data ingestion, performance suggestions, and traffic analysis.

Collects information from multiple sources to cross reference and build contextual to correlate intelligence.

Allows users to generate text based on a text prompt.

Condenses long documents or text into a brief summary.

Allows users to generate text based on a text prompt.

Condenses long documents or text into a brief summary.

Capability to perform complex tasks without constant human input

Ability to break down and plan multi-step processes

Anticipates needs and offers suggestions without prompting

Makes informed choices based on available data and objectives

Capability to perform complex tasks without constant human input

Ability to break down and plan multi-step processes

Anticipates needs and offers suggestions without prompting

Makes informed choices based on available data and objectives

Capability to perform complex tasks without constant human input

Anticipates needs and offers suggestions without prompting

Makes informed choices based on available data and objectives

Capability to perform complex tasks without constant human input

Anticipates needs and offers suggestions without prompting

Makes informed choices based on available data and objectives

Offers managed detection and response services.

Offers managed detection and response services.