Cortex™ XSOAR

An open community for digital forensics and incident response where security analysts can share tools, processes, playbooks, and more.

Collaborative, Open Playbooks and Automations

Cortex XSOAR playbooks are based on open and non-proprietary standards. COPS (Collaborative Open Playbook Standard) can be used to build both automated and process-oriented playbooks for security operations. We invite the community to review and contribute to our repository.
In addition to playbooks, 1000s of automations and 100s of integrations are available as open-source. We hope you find these resources useful and contribute back!

Open Source

Largest Incident Response Community

Share IR and forensics best practices and tools with other security analysts

Join the Community

of Messages

Exchanged Monthly


From Across the World


For Different Topics​

Open Source

  Playbooks and Automations

See for yourself

Free edition users get 30 day enterprise trial.

Offer subject to change.

Cortex XSOAR​

  • Unlimited Automations
  • Unlimited Incident History
  • Unlimited Threat Intelligence Feeds
  • Native Threat Intel with AutoFocus
  • Full Enterprise Reports Package
  • 24/7 Customer Support
  • Multi-Tenancy

Community Edition

  • 166 Daily Automation Commands
  • Rolling 30-Day Incident History
  • 5 Active Feeds/100 Indicators Per Feed
  • Not Included
  • Incident Closure Report
  • Slack DFIR Community
  • Single Tenant Only