Cortex™ XSOAR

Cortex XSOAR integrates with an ever-growing list of products, from SIEMs and endpoint tools to threat intelligence platforms and non-security products. By integrating with Cortex XSOAR, your products can leverage the industry’s leading Security Orchestration, Automation, and Response (SOAR) platform to standardize, scale, and accelerate incident response.

Integrate with Cortex XSOAR

Build and list your own technical product integration!

Click below for more details.

SSL Blacklist Logo

abuse.ch SSL Blacklist Feed

Cortex XSOAR integrates with the abuse.ch SSL IP Blacklist for threat intel management of hosts (IP addresses) that SSLBL has seen in the past 30 days and identified as being associated with a malicious SSL certificate.

AbuseIPDB logo

AbuseIPDB

Cortex XSOAR integrates with AbuseIPDB, an IP address blacklist for webmasters and sysadmins to report,identify or check IP addresses that have been associated with malicious activity online.

Accenture Security Logo

Accenture Security

Cortex XSOAR integrates with iDefense’s vulnerability intelligence of 1,000+ technology vendors, malware tools and techniques, IOCs, target organizations, threat actors, etc.

AccessData Logo

AccessData

Cortex XSOAR integrates with AccessData’s AD Enterprise post-breach analysis tool and API, to automate the workflow request for endpoint memory dump and process information

active directory logo

Active Directory Query

Query active directory for user, computer and other objects in real time from Cortex XSOAR automated playbooks.

Aella Data Logo

Aella Data

Cortex XSOAR integrates with Aella Data for AI-driven breach detection and investigation.

algosec logo

AlgoSec

Cortex XSOAR integrates with AlgoSec BusinessFlow, Firewall Analyzer, and FireFlow.

AlienVault OTX

Cortex XSOAR integrates with AlienVault OTX to enable data enrichment and IOC hunting.

AlienVault USM Anywhere

Cortex XSOAR integrates with AlienVault USM Anywhere to search and monitor events from AlienVault USM Anywhere.

Amazon AWS Logo

Amazon CloudWatch Logs

Cortex XSOAR integrates with Amazon CloudWatch Logs for management of log files from Amazon EC2 instances, AWS CloudTrail, Route 53, and other sources.

AWS Logo

Amazon DynamoDB

Cortex XSOAR integrates with Amazon DynamoDB for the orchestration and automation of operational tasks involving Amazon DynamoDB.

Amazon AWS Logo

Amazon EC2

Cortex XSOAR integrates with EC2 for orchestration of compute capacity tasks.

Amazon AWS Logo

Amazon GuardDuty

Cortex XSOAR integrates with Amazon GuardDuty for threat detection and monitoring.

Amazon AWS Logo

Amazon Route 53

Cortex XSOAR integrates with Amazon Route 53 for orchestration of cloud DNS management tasks.

Analyst Platform Logo

Analyst Platform Illuminate

Cortex XSOAR integrates with AnalystPlatform’s Illuminate for ingestion of malware information and activity for automated data enrichment and threat hunting.

Anomali

Cortex XSOAR integrates with Anomali ThreatStream for forensics and malware analysis.

ANY.RUN logo

ANY.RUN

Cortex XSOAR integrates with AnyRun for orchestration of malware analysis investigation.

Apache Active MQ Logo

Apache ActiveMQ

Cortex XSOAR integrates with Apache ActiveMQ for orchestration of authentication and messaging incidents.

ARIA Cybersecurity Solutions Logo

ARIA SDS Packet Intelligence

Cortex XSOAR integrates with ARIA SDS to accelerate incident response by automating cyber-attack containment at the conversation level, and provide protection against future attacks.

Atlassian Logo

Atlassian Confluence Server

Cortex XSOAR integrates with Confluence Server to streamline and automate management of the Confluence spaces and content.

attack IQ logo

AttackIQ Platform

Cortex XSOAR integrates with AttackIQ, an attack simulation platform, for vulnerability management orchestration.

Attivo Networks Logo

Attivo Networks

Cortex XSOAR integrates with Attivo Networks ThreatDefend platform to provide in-network threat deception for post-compromise threat detection.

Awake Security Logo with Solution Brief

Awake Security

Cortex XSOAR integrates with Awake Security for automated network detection and response.

AWS Logo

AWS Athena

Cortex XSOAR integrates with AWS Athena for orchestration of Athena queries as part of cloud security operations and incident response.

Amazon AWS Logo

AWS CloudTrail

Cortex XSOAR integrates with AWS CloudTrail for tracking user activity and API iusage.

Amazon AWS Logo

AWS IAM

Cortex XSOAR integrates with AWS IAM for orchestration of identity and access management tasks

AWS Logo

AWS Lambda

Cortex XSOAR integrates with AWS Lambda for orchestration of Lambda functions as part of cloud security operations and incident response.

Amazon AWS Logo

AWS S3

Cortex XSOAR integrates with AWS S3 for orchestration of cloud security response and IT tasks

AWS Logo

AWS SageMaker

The Cortex XSOAR machine learning phishing email classifier is available on the Amazon Sagemaker marketplace.

Amazon AWS Logo

AWS Security Hub

Cortex XSOAR integrates with AWS Security Hub for bidirectional management of finding from Security Hub or other security products.

Amazon AWS Logo

AWS SQS

Cortex XSOAR integrates with Amazon SQS for orchestration of SQS tasks as part of security operations and incident response.

Bastille Networks Logo

Bastille Networks

Cortex XSOAR integrates with Bastille Netwokrs to enable RF monitoring for wireless intrusion detection and policy enforcement.

BitDam Logo

BitDam

Cortex XSOAR integrates with BitDam for email gateway security orchestration.

Blockade

Blockade

Blockade brings antivirus-like capabilities to users who run the Chrome browser, blocking malicious resources from being viewed or loaded inside of the browser.

BMC Remedy AR System

A professional development environment that provides a foundation for Business Service Management (BSM) solutions.

Box Logo

Box

Cortex XSOAR integrates with Box to manage Box users.

Brute Force Blocker Logo

BruteForceBlocker Feed

Cortex XSOAR integrates with BruteForceBlocker for threat intel management of indicators from the feed.

C2SEC Logo

C2SEC iRisk Enterprise Platform

The Cortex XSOAR integration with C2SEC enables the orchestration of domain management and automated retrieval of information about leaked credentials, encryption, network and application related vulnerabilities.

carbonblack live response logo

Carbon Black Defense

Next-generation antivirus + EDR in one cloud-delivered platform that stops range of malware and non-malware attacks.

carbonblack live response logo

Carbon Black Enterprise Protection

Reduced risk and exposure by automating response to security incidents and using rich endpoint data from Carbon Black and automated playbooks from Cortex XSOAR.

carbonblack live response logo

Carbon Black Live Response

Cortex XSOAR integrates with CB Live Response to collect information and take action on remote endpoints in real time.

Censys

Censys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.

Centreon

Cortex XSOAR integrates with Centreon for orchestration of IT and network monitoring.

CheckPoint Software Logo

Check Point SandBlast

Cortex XSOAR integrates with Check Point SandBlast to help prevent malware and zero-day attacks.

CheckPhish Logo

CheckPhish

This integration automates URL checking for suspicious behavior.

Cherwell Logo

Cherwell

Cortex XSOAR integrates with Cherwell for orchestration of cloud-based IT service management tasks.

CIRCL Logo

CIRCL Passive DNS

Cortex XSOAR integrates with CIRCL for DNS and SSL certificate information inquiry orchestration.

cisco logo

Cisco AMP

AMP continuously analyzes file activity across your extended network, so you can quickly detect, contain, and remove advanced malware.

cisco logo

Cisco CloudLock

Cloudlock is a cloud-native CASB that helps protect your cloud users, data, and apps.

cisco logo

Cisco Email Security

Cortex XSOAR integrates with Cisco Email Security to protect against ransomware, business email compromise, spoofing, and phishing.

cisco logo

Cisco Meraki

Cortex XSOAR integrates with Cisco Meraki for device and firewall management.

cisco logo

Cisco Spark

Cortex XSOAR integrates with messaging platform Cisco Spark for user and team management.

cisco logo

Cisco Threat Grid

Threat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware.

cisco logo

Cisco Umbrella Investigate

Cisco Umbrella Investigate provides a complete view of Internet domains, IP addresses, and systems to pinpoint attackers’ infrastructures and predict future threats.

cisco logo

Cisco Webex Teams

Cortex XSOAR integrates with Cisco Webex for orchestration of video conferencing administrative tasks.

Cloudflare Logo

Cloudflare Feed

Cortex XSOAR integrates with Cloudflare for threat intel management of indicators from the feed.

CloudShark Logo

CloudShark

Cortex XSOAR integrates with CloudShark for ingestion of network packet analysis intel for automated data enrichment.

Code42 Logo

Code 42

Cortex XSOAR integrates with Code42 to allow security teams to significantly reduce the time to detect and respond to insider threats such as departing employees or a remote workforce by quickly identifying potential data exfiltration across computers, email, cloud and SaaS apps, and automates the response and remediation of insider risks

CoFence Logo

Cofense Triage

Cortex XSOAR integrates with Cofense for automated threat analysis and remediation.

confer logo

Confer

Collect alerts from Confer and create incidents inside of Cortex XSOAR.

Counter Craft Logo

CounterCraft Cyber Deception

Corex XSOAR integrates with the CounterCraft Cyber Deception Platform to automate management of events, alerts, indicators, and hosts.

CounterTack GoSecure Logo

CounterTack

Cortex XSOAR integrates with CounterTack for orchestrartion of endpoint security incident response.

CrowdStrike Demisto Solution Brief

Crowdstrike Falcon Host

Automatically check reputation of files, URL and IP addresses, query endpoint for rich forensics data and take actions back via Cortex XSOAR playbooks and from investigation war-room.

CrowdStrike Demisto Solution Brief

CrowdStrike Falcon Intel

Automatically check reputation of files, URL and IP addresses, query endpoint for rich forensics data and take actions back via Cortex XSOAR playbooks.

CrowdStrike Demisto Solution Brief

Crowdstrike Falcon Sandbox

Cortex XSOAR integrates with Falcon Sandbox to orchestrate fetching and resolving detections, searching devices, getting behaviors by ID, containing hosts, and lifting host containment.

CrowdStrike Demisto Solution Brief

CrowdStrike Falcon Streaming

Cortex XSOAR integrates with the Falcon Streaming API to provide a constant source of information for real-time threat detection and prevention.

CSV Logo

CSV Feed

Cortex XSOAR integrates with CSVs for threat intel management of indicators from a CSV feed.

cuckoo sandbox logo

Cuckoo

Analyze malware using the open source Cuckoo sandbox via automated playbooks.

cve logo

CVE Search

Cortex XSOAR integrates with CVE Search for vulnerability management.

Cybertriage Logo

Cyber Triage

Cortex XSOAR partners with Cyber Triage for practical endpoint response.

cyberark logo

CyberArk

Cortex XSOAR integrates with CyberArk Application Identity Manager for accounts and credentials.

Cybereason

This integration enables search for connections and processes on Cybereason.

Cylance Logo

CylanceINFINITY

Cortex XSOAR integrates with Cylance INFINITY for orchestration of threat intelligence analysis .

Cylance Logo

CylancePROTECT

Cortex XSOAR integrates with Cylance Protect for orchestration of endpoint security incident response and endpoint enrichment.

Cymulate Logo

Cymulate

Cortex XSOAR integrates with the Cymulate breach and attack simulation solution to automate retrieval of detailed incident information

Dell Technologies Logo

Dell Secureworks

Cortex XSOAR integrated with Dell Secureworks for automation of ticketing and case management tasks.

Devo Logo - Solution Brief

Devo

Cortex XSOAR integrates with Devo for orchestration of real-time operations analytics.

Digital Guardian Logo

Digital Guardian

Cortex XSOAR integrates with Digital Guardian to retrieve incidents and programmatically add or remove entries from watchlists and component lists.

Digital Shadows

Digital Shadows monitors and manages an organization’s digital risk across the widest range of data sources within the open, deep, and dark web.

Dnstwist Logo

Dnstwist

Cortex XSOAR integrates with Dnstwist for automation of phishing incident response and remediation.

Domain Tools Logo - Solution Brief

DomainTools

Query cyber threat intelligence data about domains, IP and URLs from DomainTools.

Dshield Logo

DShield Feed

Cortex XSOAR integrates with DShield for threat intel management of indicators from the feed.

Duo Logo

Duo

Duo is a comprehensive security solution confirms the identity of users and health of their devices before they connect to your applications.

EclecticIQ logo

EclecticIQ Platform

Cortex XSOAR integrates with EclecticIQ for automation of reputation queries and threat intel incident response.

Elastic Logo Solution Brief

Elasticsearch

Run custom and pre-defined queries against your Elasticsearch instance to look for IOC, analyze logs or other tasks.

Endace Logo

Endace

Cortex XSOAR integrates with the Endace to enable continuous packet capture and centralized search across the network. This integration uses Endace APIs to search, archive and download PCAP file from either a single EndaceProbe or many via the InvestigationManager and enables integration of full historical packet capture into security automation workflows.

endgame logo

Endgame

Endgame enables endpoint protection built to stop advanced attacks before damage and loss occurs.

microsoft logo

EWS

Cortex XSOAR integrates with EWS for orchestration of EWS operations.

microsoft logo

EWS v2

Cortex XSOAR integrates with EWS for orchestration of EWS operations.

Exabeam

Automatically enrich incident data with user risk score and complete session details from Exabeam and trigger responses to watchlist based on investigation.

Expanse Logo

Expanse Expander

Cortex XSOAR integrates with Expanse Expander for automated data enrichment, retrieving asset and network exposure information from Expanse’s continuous inventory of Internet-connected assets.

F5 Logo

F5 Networks

Cortex XSOAR integrates with F5 for firewall policy management.

Facebook ThreatExchange

Cortex XSOAR integrates with ThreatExchange for automated ingestion, enrichment and querying of threat intelligence about applications, IP addresses, URLs and hashes.

Farsight Security

Cortex XSOAR integrates with Farsight Security to access real-time and historical Passive Domain Name System data.

Fastly Logo

Fastly Feed

Cortex XSOAR integrates with Fastly for intel management for firewall whitelists of assigned CIDRs from the feed.

Fidelis Logo

Fidelis Elevate

Cortex XSOAR integrates with Fidelis Elevate to automate detection and response to network threats and data leakage.

FireEye

Analyze malware samples collected from endpoint and other security tools automatically using Fireeye.

FireEye AX Series

Cortex XSOAR integrates with FireEye AX to orchestrate malware analysis including automating file detonation, report ingestion and data enrichment.

FireEye ETP

Cortex XSOAR integrates with FireEye ETP for email security orchestration.

FireEye Helix

Cortex XSOAR integrates with FireEye Helix for automated security operations and incident response.

FireEye HX

Cortex XSOAR integrates with FireEye HX for faster endpoint threat prevention and response.

FireEye iSight

Cortex XSOAR integrates with FireEye iSight for threat intelligence.

Flashpoint Logo

Flashpoint

Cortex XSOAR integrates with Flashpoint to enable automated data enrichment leveraging Flashpoint’s intelligence reports and threat data from illicit threat actor communities.

Forcepoint

Forcepoint CASB

Cortex XSOAR integrates with Forcepoint CASB to provide visibility and control over sanctioned and unsanctioned cloud apps.

Fortinet Logo

Fortinet Fortigate

Cortex XSOAR integrates with Fortinet for orchestration of Fortigate firewall and policy administration.

Fortinet Logo

Fortinet FortiSIEM

Cortex XSOAR integrates with Fortinet for automated ingestion, searching, and update of FortiSIEM events and management of resource lists.

Freshworks Logo

Freshdesk

Cortex XSOAR integrates with Freshdesk for orchestration of ticketing and case management tasks.

giphy logo

Giphy

The integration with Giphy enables the display of gifs in the Cortex XSOAR war room.

GitHub Logo

GitHub API

This integration enables the execution of GitHub commands from within Cortex XSOAR.

google apps logo

Google Apps

Cortex XSOAR integrates with both GSuite and Admin API for authentication and messaging.

Google Cloud Logo

Google BigQuery

This integration enables automated or manual querying of BigQuery within Cortex XSOAR.

Google Chronicle Logo

Google Chronicle

Cortex XSOAR integrates with Google Chronicle for automated cloud-based threat detection and response.

Google Cloud Logo

Google Cloud Functions

Cortex XSOAR integrates with Google Cloud Functions, an event-driven serverless compute platform that enables running code locally or in the cloud without having to provision servers.

Google Cloud Logo

Google Cloud Storage

This integration enables automated or manual querying of Google Cloud Storage’s file storage web service within Cortex XSOAR.

Google Cloud Logo

Google Cloud Translate

This integration with Google Cloud Translate enables the orchestration of Google Translate actions from within Cortex XSOAR.

Google Logo

Google Docs

Cortex XSOAR integrates with Google Docs to enable automation of document creation, querying and updating.

Google Cloud Logo

Google Resource Manager

This integration enables Google Resource Manager commands to be executed automatically or manually within Cortex XSOAR.

Google Logo

Google Safe Browsing

Cortex XSOAR’s integration with Google Safe Browsing enables URL reputation checks within Cortex XSOAR.

Google Logo

Google Vault

The integration with Google Safe Browsing enables URL reputation checks within Cortex XSOAR.

Google Cloud Logo

Google Vision AI

Cortex XSOAR integrates with Google Vision to enable image processing and detect brand logos in an image.

Google Cloud Logo

Google Vision AI

Cortex XSOAR integrates with Google Vision AI for automated data enrichment and image detection.

grr logo

GRR

Cortex XSOAR integrates with GRR to enable Rapid Response framework for investigations.

GuardiCore logo

GuardiCore

Cortex XSOAR integrates with GuardiCore to provide data center breach detection.

Guidance EnCase

Cortex XSOAR integrates with EnCase to request scans of specific endpoints.

Hashicorp Logo

HashiCorp Vault

This integration enables HashiCorp Vault commands to manage secrets and protect sensitive data to be executed from Cortex XSOAR.

haveibeenpwned logo

Have I Been Pwned?

Cortex XSOAR integrates with Have I Been Pwned? to check whether emails or domains have been compromised in recent breaches.

Hybrid Analysis Logo

Hybrid Analysis

Cortex XSOAR integrates with Hybrid Analysis for orchestration of automated malware analysis and incident response.

IBM Logo

IBM Resilient Systems

Cortex XSOAR integrates with IBM Resilient Systems for orchestration of ticketing and case management tasks.

IBM-XFE

IBM XFE

Check for reputation of IP addresses, URL and files using IBM X-Force exchange database from automated playbooks and war-room.

icebrg logo

Icebrg

Icebrg reduces risk by accelerating threat detection, triage, and response to rapidly-evolving breaches across global networks.

iDefense logo

iDefense

Cortex XSOAR integrates with iDefense for contextual, timely, and actionable security intelligence.

Illusive Networks Logo

Illusive Networks

Cortex XSOAR integrates with the Illusive Attack Management API to retrieve incidents with a forensics timeline, attack surface insights, collect forensics on-demand, and manage a variety of operations with regard to deceptive entities, deception policies, and more.

Imperva

Cortex XSOAR integrates with Incapsula to manage sites and IPs.

Indeni Logo

Indeni

Corex XSOAR integrates with the Indeni security infrastructure automation solution to automate management of device vulnerability tickets.

InfoArmor Logo

InfoArmor VigilanteATI

Cortex XSOAR’s integration with InfoArmor enables automation and orchestration of threat intel tasks such as gathering leak information, vulnerable host data and updating watchlists.

Infoblox Logo

Infoblox

Cortex XSOAR integrates with Infoblox to enable collection of metadata about IPs in your network and manage DNS Firewalls by configuring and defining response policy zones (RPZs) to block DNS resolution for malicious or unauthorized hostnames, or redirect clients to a walled garden by substituting responses.

Intezer Logo

Intezer Analyze

Cortex XSOAR integrates with Intezer Analyze for malware detection and analysis.

IPinfo Logo

ipinfo

Cortex XSOAR integrates with the ipinfo.io API to get data about an IP address.

ipstack logo

ipstack

The integration with IPStack and IPStack Docker automation of IP to geolocation mapping.

IronNet Logo

IronNet IronDefense

Cortex XSOAR integrates with IronNet for the orchestration of network traffic analysis (NTA) incident response.

IsItPhishing logo

IsItPhishing

Collaborative web service that provides validation on whether a URL is a phishing page.

Jamf

Cortex XSOAR integrates with Jamf for comprehensive device management.

JASK Logo

JASK

Cortex XSOAR integrates with JASK for automated security operations and incident response

joe security logo

Joe Security Sandbox

Cortex XSOAR integrates with Joe Security Sandbox to automate detonation and malware analysis.

JsonWhois Logo

JsonWhois

This integration enables automated data enrichment for domains and IP addresses.

kafka logo

Kafka

Kafka is an open-source distributed streaming platform.

kenna logo

Kenna

Kenna is a Risk Intelligence & Vulnerability platform that enables InfoSec teams to prioritize and remediate vulnerabilities faster.

Koodous

Check Android app samples against the Koodous API using this integration.

lastline logo

Lastline Analyst

Cortex XSOAR integrates with Lastline Analyst for advanced malware isolation and inspection.

Lockpath logo

Lockpath

Cortex XSOAR integrates with Keylight, an enterprise GRC platform with tools for managing risk and compliance.

Logrithm Logo

LogRhythm

Create incidents from alarms in Logrhythm automatically and search for logs from within Cortex XSOAR interface.

LogRhythm Logo

LogRhythm Rest

Cortex XSOAR’s integration with LogRhythm Rest enables automation of host creation and updates and query execution.

logz.io logo

Logz.io

Cortex XSOAR integrates with Logz.io to retrieve and remediate security incidents and search across logs.

Looker Logo

Looker

The Cortex XSOAR-Looker integration provides the ability to query, save and run looks, and fetch look results as incidents.

mail-listener

Mail Listener

Automatically create incidents from the emails in a security mailbox. Custom parsers can trigger different types from same mailbox.

mail-sender

Mail Sender

Automatically send notification emails for task assignment, incident assignment or other actions from Cortex XSOAR.

Maltiverse Logo

Maltiverse

Cortex XSOAR integrates with Maltiverse to analyze suspicious hashes, URLs, domains and IP addresses.

Malwarebytes Logo

Malwarebytes

Cortex XSOAR integrates with Malwarebytes to scan and remediate threats on endpoints in the Malwarebytes cloud.

Malwr

Analyze files using the Malwr sandbox using this integration.

Mattermost Logo

Mattermost

This integration enables the automation of Matermost messaging tasks within Cortex XSOAR.

MaxMind Logo

MaxMind GeoIP2

Cortex XSOAR integrates with MaxMind for automation of IP enrichment.

McAfee Active Response

Cortex XSOAR integrates with McAfee Active Response for comprehensive endpoint detection and response.

McAfee DAM

Cortex XSOAR integrates with McAfee Database Activity Monitoring for real-time, reliable protection for business-critical databases.

McAfee DXL

This integration enables you to orchestrate and automate pushing data to the DXL fabric.

McAfee ePO

Cortex XSOAR integrates with McAfee ePolicy Administrator for unified policy management.

McAfee ESM

Import critical alerts from McAFee ESM as incidents into Cortex XSOAR and automate response actions.

McAfee NSM

Cortex XSOAR integrates with McAfee NSM for simple, centralized control for distributed network security appliances.

McAfee Web Gateway

McAfee Web Gateway delivers high-performance web security through an on-premises appliance that can be deployed both as dedicated hardware and a virtual machine.

micro focus logo

Micro Focus

Micro Focus (specifically, ArcSight) integrates with Cortex XSOAR through its ESM SIEM and events logger, allowing seamless creation and updation of events.

microsoft logo

Microsoft Azure Compute

This integration with Azure Compute enables the orchestration tasks related to creating and managing Azure Virtual Machines.

microsoft logo

Microsoft Azure Feed

Cortex XSOAR integrates with Microsoft Azure.CloudIPs for threat intel management of cloud IPs.

microsoft logo

Microsoft Exchange 2016 Compliance Search

This integration with Exchange 2016 Compliance Search enables the initiation of a compliance search, removal of compliance search or checking of status and results of compliance searches.

microsoft logo

Microsoft Graph Calendar

This integration enables you to automate and orchestrate the creation and management of Microsoft calendars and events.

microsoft logo

Microsoft Graph Groups

This integration enables the creation and managing of different types of groups and group functionality form within Cortex XSOAR.

Microsoft Logo - Demisto Solution Brief

Microsoft Graph Mail

This integration with Microsoft Graph API enables orchestration of Microsoft Graph Mail tasks such as searching emails, deleting emails and investigating attachments.

Microsoft Logo - Demisto Solution Brief

Microsoft Graph User

This integration with Microsoft Graph API enables orchestration of Microsoft Graph User tasks such as creating, deleting and updating user permissions.

microsoft logo

Microsoft Intune Feed

Crotex XSOAR integrates with Microsoft Intune Feed for threat intel management of indicators from the feed.

microsoft logo

Microsoft Teams

This integration mirrors investigations between Cortex XSOAR and Teams, and enables teams to send messages and notifications for new incidents, assigned incidents and tasks from Cortex XSOAR.

Mimecast Logo

Mimecast

Cortex XSOAR integrates with Mimecast for unified email management.

misp logo

MISP

Cortex XSOAR integrates with MISP for automated threat intelligence incident response such as automated file and IP reputation checking, enriching and managing MISP events.

moloch logo

Moloch

Moloch is a large scale, open source, full packet capturing, indexing, and database system.

MXToolBox

MXToolBox

This integration enables access of MX records, DNS, blacklists and SMTP diagnostics in one integrated tool.

MySQL

Run SQL queries for gathering rich information against any MySQL database.

Nessus

Nessus is a vulnerability scanner for auditors and security analysts by Tenable Network Security.

Netcraft Logo

Netcraft

This integration enables the automation of Netcraft open and takedown requests from within Cortex XSOAR.

Netskope

Cortex XSOAR integrates with Netskope for orchestration of cloud security incident response.

nmap logo

nmap

Cortex XSOAR integrates with nmap to run scans with the given parameters.

Okta Solution Brief

Okta

Cortex XSOAR integrates with Okta’s cloud based identity management service.

Open LDAP Logo

OpenLDAP

This integration enables you to automate and orchestrate OpenLDAP authentication management.

openphish logo

OpenPhish

OpenPhish uses proprietary AI algorithms to automatically identify zero-day phishing sites and provide actionable, real-time threat intelligence.

opsgenie logo

OpsGenie

Cortex XSOAR integrates with OpsGenie for alerting and incident management for Dev and Ops teams.

OPSWAT Metadefender

The Metadefender multi-scanning engine uses 30+ anti-malware engines to scan files for threats, significantly increasing malware detection.

osxcollector logo

OSXCollector

Collect rich forensics data from Mac OSX endpoints using the Cortex XSOAR and OSXCollector integration.

PacketMail Logo

PacketMail

This integration with Packetmail enables automation of intel lookups for IP addresses.

packetsled logo

Packetsled

Cortex XSOAR integrates with Packetsled for automated network visibility and packet captures.

PagerDuty Logo

PagerDuty

Get user on call or trigger pagerduty alerts from Cortex XSOAR.

Palo Alto Networks Logo

Palo Alto Networks Traps

Cortex XSOAR integrates with Traps for endpoint protection and automated incident response to stop threats on endpoints and coordinate enforcement across network and cloud security.

payload security logo

Payload Security

Cortex XSOAR integrates with VxStream Sandbox from Payload Security for fully automated malware analysis.

PCYSYS Logo

Pcysys Pentera

Corex XSOAR integrates with the Pcysys Pentera Penetration Testing solution to automate management of tests including alerts, status updates, and reports

Perception Point Logo

Perception Point

Cortex XSOAR integrates with Perception Point for email security incident response orchestration and quarantined email management.

Perch Logo

Perch

Cortex XSOAR integrates with Perch for automated threat detection and response.

phish ai logo

Phish.AI PhishProtect

Cortex XSOAR integrates with Phish.AI for automated threat intelligence for more effective phishing response.

Phish Labs Logo

PhishLabs IOC

This integration enables live IOC feeds from PhishLabs for automated enrichment of indicators.

Phish Labs Logo

PhishLabs IOC DRP

This enables live IOC from PhishLabs IOC DRP for automated enrichment of indicators.

phishtank logo

PhishTank

Cortex XSOAR integrates with PhishTank to check URL reputation.

pipl logo

Pipl

Automatically search for people details based on various attributes like email.

PolySwarm Logo

PolySwarm

Cortex XSOAR integrates with PolySwarm for automated data enrichment leveraging PolySwarm’s real-time, crowd-sourced threat intelligence.

postgre sql logo

PostgreSQL

This integration allows users to query the PostgreSQL database.

Prisma Cloud Solution Brief

Prisma Cloud

Cortex XSOAR partners with Prisma Cloud for automated cloud threat compliance and response.

Proofpoint Logo

Proofpoint Feed

Cortex XSOAR integrates with Proofpoint for threat intel management of domains and ips classified in different categories.

Proofpoint Logo

Proofpoint Server Protection

Cortex XSOAR integrates with Proofpoint Server Protection for the orchestration and automation of email security incident management.

Proofpoint Logo

Proofpoint TAP

This integration enables the ingestion and orchestration of TAP incidents within Cortex XSOAR.

ProtectWise

Cortex XSOAR playbooks use data collected by ProtectWise for hunting file, IP, domain and other indicators, enabling fast and accurate responses to incidents.

qradar logo

QRadar

QRadar from IBM Security is an integrated analytics platform that streamlines critical capabilities into common workflows and helps increase analyst efficiency.

Qualys

Cortex XSOAR integrates with Qualys for network security and vulnerability management.

RAN security logo

RAN Security

RAN Security is a Cortex XSOAR reseller covering Peru, Argentina, and Chile. They have over 26 years’ experience in corporate information security and management.

Rapid7 Nexpose

Collect vulnerability data and initiate incidents upon discovery of major vulnerabilities in sensitive systems.

Recorded Future Logo

Recorded Future

Centralize threat intelligence across sources in real-time and respond at machine speed.

Recorded Future Logo

Recorded Future risklists Feed

Cortex XSOAR integrates with Recorded Future risklists for threat intel management of IP, Domain, URL, and hash indicators from the feed.

Red Canary Logo

Red Canary

This integration enables the orchestration of RedCanary endpoint data management actions within Cortex XSOAR.

rekall logo

Rekall

Conduct memory analysis using Rekall with real-time interactive ChatOps.

RemoteAccess

Use SSH and WMI to run actions on compromised endpoints via automated playbooks or from investigation war-room.

riskiq logo

RiskIQ PassiveTotal

Cortex XSOAR integrates with PassiveTotal from RiskIQ for threat infrastructure analysis from a variety of sources.

RiskSense Logo

RiskSense

Cortex XSOAR integrates with the RiskSense Vulnerabilty Management solution to automate workflow requests for detailed host information, findings, and updates

rsa logo

RSA Archer

Cortex XSOAR integrates with Archer for policy management.

rsa logo

RSA NetWitness

RSA and Cortex XSOAR provide an evolved SIEM and threat defense offering to overcome SOCs’ biggest challenges through automation and response.

S/MIME Integration Logo

S/MIME Messaging

This integration enables the use of S/MIME (Secure Multipurpose Internet Mail Extensions) in sending and receiving secure MIME data.

SafeBreach

Cortex XSOAR integrates with SafeBreach for orchestration of attack simulation and response.

Salesforce

Cortex XSOAR integrates with Salesforce CRM Services for object management.

saml logo

SAML

Single sign-on support for any SAML 2.0 supported provider.

SecBI Logo

SecBI

Cortex XSOAR integrates with SecBI orchestration and automation of NTA detection threat detection, investigation and response.

secureworks logo

SecureWorks

Cortex XSOAR integrates with SecureWorks to enable ticket management with Dell’s Counter Threat Operations Center.

Security Advisor Logo

SecurityAdvisor

This integration enables the automation of security coaching and awareness communications.

Securonix Logo

Securonix

Cortex XSOAR integrates with Securonix for the orchestration of SIEM alerts in data enrichment and incident response.

SentinelOne Logo

SentinelOne

Collect high severity alerts and run advanced queries against endpoints from Cortex XSOAR.

ServiceNow Logo

ServiceNow

Cortex XSOAR integrates with ServiceNow to enable IT ticketing service management.

shodan logo

Shodan

Shodan is a search engine for Internet-connected devices integrated with Cortex XSOAR for data enrichment.

Silverfort Logo

Silverfort

Cortex XSOAR integrates with the Silverfort Authentication Platform to automate retrieving and updating user risk severity levels and includes a playbook for qualifying and blocking risky users.

Sixgill Logo

SixGill

Cortex XSOAR integrates with SixGill for automation of data enrichment and threat intelligence management.

Skyformation logo

Skyformation

Cortex XSOAR integrates with Skyformation for orchestration of cloud application security.

slack logo

Slack

Send notifications to Slack (direct messages and channels) for new incidents, assigned incidents and assigned tasks from Cortex XSOAR.

SlashNext Logo

SlashNext Phishing IR

This integration enables users to fully automate the phishing incident response process such as the analysis of suspicious URLs.

Smokescreen Logo

Smokescreen IllusionBLACK

Cortex XSOAR integrates with Smokescreen IllusionBLACK, a deception-based threat defense platform to enable real-time detection of targeted threats including reconnaissance, lateral movement, malware-less attacks, social engineering, Man-in-the-Middle attacks, and ransomware.

SNDBOX Logo

SNDBOX

Cortex XSOAR integrates with SNDBOX for automated AI-driven malware analysis and response.

splunk logo

Splunk

Splunk and Cortex XSOAR have partnered to provide customers with the unique capability of automating investigations including quick and effective collection of data from endpoints and immediate response that includes enforcement on the endpoints.

Sumo Logic Logo

Sumo Logic

Cortex XSOAR integrates with Sumo Logic to provide a cloud-based service for logs and metrics management.

Symantec Logo

Symantec

Cortex XSOAR integrates with Symantec to provide ATP, Endpoint Protection, and Webpulse site review.

Symantec Logo

Symantec Endpoint Protection

Artificial intelligence fused with critical endpoint technologies deliver the most complete endpoint security on the planet.

Symantec Logo

Symantec Messaging Gateway

Symantec Messaging Gateway protects against spam, malware, and targeted attacks through email encryption and advanced content filtering.

Symantec Logo

Symantec MSS

Leverage the power of Symantec Managed Security Services for continual threat monitoring and 24×7 customized guidance.

Symantec Logo

Symantec WebPulse

Cortex XSOAR integrates with WebPulse site request for domain categorization and authentication.

Tanium

Search and run queries against Tanium server from playbooks or via ChatOps enabled war-room within Cortex XSOAR.

TAXII Logo

TAXII Feed

Cortex XSOAR integrates with TAXII Feeds for threat intel management of indicators from any TAXII feed.

tcell logo

tCell

tCell and Cortex XSOAR have partnered to provide customers with the unique capability of automating investigations including quick and effective collection of data from endpoints and immediate response that includes enforcement on the endpoints.

tcpiputils logo

TCPIPUtils

Cortex XSOAR integrates with TCPIPUtils for comprehensive enrichment and reputation checks for domains, IPs, and providers.

Tenable Logo for Solution Brief

Tenable

Cortex XSOAR integrates with Tenable.io, Tenable.sc and Nessus for vulnerability management orchestration.

Thinkst Canary Logo

Thinkst Canary

This integration enables the automated ingestion of Canary events and IP queries for incident response.

micro focus logo

Threat Central

Automatically enrich incidents with latest intelligence from Threat Central for IP address, URL and other indicators.

Threat Crowd Logo

Threat Crowd

The integration with Threat Crowd enables report queries on a wide variety of indicators.

ThreatConnect

Cortex XSOAR integrates with ThreatConnect to find threats, evaluate risk, and mitigate harm to your organization.

ThreatMiner Logo

ThreatMiner

This integration enables the automated retrieval of domain, IP and file data from ThreatMiner.

Threatquotient logo

ThreatQuotient

Cortex XSOAR integrates with ThreatQ, a threat intelligence platform that collects and interprets intelligence data from open sources, for orchestration and automation of incident data enrichment.

ThreatX Logo

ThreatX

Cortex XSOAR integrates with ThreatX for automated web security enforcement and incident response.

Tor Logo

Tor Exit Addresses Feed

Cortex XSOAR integrates with Tor for threat intel management of network traffic indicators from the feed.

tren micro logo

Trend Micro

Cortex XSOAR integrates with Trend Micro to help eliminate security gaps across any user activity and endpoint.

tren micro logo

Trend Micro Apex Central

Cortex XSOAR integrates with Trend Micro Apex Central for the orchestration and automation of endpoint agent and user-defined object management.

Tufin Logo - Solution Brief

Tufin

Cortex XSOAR integrates with Tufin SecureTrack for automated security policy management.

twilio logo

Twilio

Twilio is a cloud communication platform for building messages applications at scale.

TXT Logo

TXT

Cortex XSOAR integrates with TXTs for threat intel management of indicators from a plain text feed.

Uptycs Logo

Uptycs

Cortex XSOAR integrates with Uptycs for orchestration of endpoint system and security analytics as part of incident response.

URLHaus Logo

URLHaus

Cortex XSOAR integrates with URLHaus for ingestion of enriched data on malicious URLs for malware distribution.

urlscan logo

urlscan.io

Cortex XSOAR integrates with urlscan.io to help scan websites for reputation.

vectra logo

Vectra

Vectra and Cortex XSOAR have partnered to provide customers with the unique capability of automating investigations including quick and effective collection of data from endpoints and immediate response that includes enforcement on the endpoints.

venafi logo

Venafi

Cortex XSOAR integrates with Venafi for key management and certificate management actions.

verodin logo

Verodin

This integration allows users to manage Verodin simulations and topology.

Virus Total

Check for reputation of IP addresses, URL and files using VirusTotal database from automated playbooks and war-room.

VMRay

Cortex XSOAR integrates with VMRay for agentless threat analysis and detection.

vmware logo

VMware vCenter Server

VMware vCenter Server is a centralized management application that lets you manage virtual machines and ESXi hosts centrally.

volatility foundation

Volatility

Use volatility to analyze memory dumps for infected systems as part of playbook automations or interactive ChatOps commands.

VulnDB Solution Brief Logo

VulnDB

Cortex XSOAR integrates with VulnDB for the latest vulnerabilities in end user software and third party libraries.

What's My Browser - Logo

What’sMyBrowser

Cortex XSOAR integrates with What’sMyBrowser to automate the parsing of user agents and determine if they are malicious as well as enrich information about the agent.

whois logo

Whois

Enrich all the indicators related to an incident with the relevant whois information automatically.

Zabbix Logo

Zabbix

Allow integration with Zabbix to enable gathering events, host information, and triggers, and for executing comands.

ZeroFox Logo

ZeroFOX

Cortex XSOAR integrates with ZeroFOX for orchestration of social media and digital platform threat detection and investigation.

Zoom Logo

Zoom

This integration enables the automation of Zoom user and meeting management from within Cortex XSOAR.