Free Community Edition

Cortex XSOAR Introduces Industry’s First Machine Learning Incident Response Platform that Gets Smarter with Every Analyst Action


Dan Spalding

(408) 960-9297

Cortex XSOAR Introduces Industry’s First Machine Learning Incident Response Platform that Gets Smarter with Every Analyst Action


Cortex XSOAR Learns from Dynamic Customer Environments and Analyst Actions to Optimize Incident Response and Help Train the Next Wave of Security Analysts

CUPERTINO, Calif. — June 28, 2017 — Cortex XSOAR, Inc., an innovator in Security Automation and Orchestration technology, today introduced the industry’s first Security Operations Platform that learns from analysts’ actions used to resolve incidents to optimize future incident response. The new machine learning-based technology, called “Cortex XSOAR Insights” and available in the latest version of Cortex XSOAR, helps analysts during an investigation by suggesting the best methods to resolve an incident. Such machine learning technology marks the first time in the security industry when a solution learns from experts rather than relying only on past historical security data.

The security industry faces a significant shortage of skilled incident response (IR) analysts. While automation is being used to help analysts reduce manual work, organizations need to be able to learn from experienced analysts’ actions to help educate and train younger analysts to solve problems faster. With this new release, Cortex XSOAR offers the industry’s most comprehensive Security Operations Platform with pre-built automation playbooks, more than one hundred integrations, incident case management, threat feed aggregation and correlation with incidents, and now machine learning that improves the analysts’ productivity.

“Like Cylance, Cortex XSOAR is applying machine learning and automation to today’s overly complex incident response process,” said Steve Mancini, senior director of information security at Cylance. “The Cortex XSOAR platform is redefining how my team approaches internal investigations through the use of machine learning, collaboration and historical threat feed correlation to save time, ensure consistency, and reduce risk.”

“Cortex XSOAR Insights” collects key findings from analysts as they resolve incidents. Using unique machine learning technology it also suggests the best team members to handle the incident, and best next steps to resolve the incident that will continually enhance playbooks. This type of machine learning is unique in the industry because the Cortex XSOAR platform learns from analysts’ and SOC managers’ actions which are high fidelity signals rather than static security product data. This model enables accurate results for each customer as Cortex XSOAR learns the unique customer environment rather than generic security data.

“Cortex XSOAR was already leading the industry in helping organizations with significant cost and security risk reduction during the incident management life cycle by leveraging our unique automation and collaboration features,” said Dan Sarel, Cortex XSOAR co-founder and VP Products. “With these new enhancements, we now extend the value delivered by the platform to make it even easier and faster for analysts to respond to incidents. The platform significantly reduces adoption time and time to value with our new machine learning capabilities and updated graphical interface.”

The latest release of Cortex XSOAR enhances the playbook authoring interface and also provides a live runtime review of the playbook execution. In addition, a new language called “Cortex XSOAR Transform” has been introduced which helps IR analysts build complex playbooks for automation much faster and without writing any code. All these capabilities enhance the experience of security analysts by making it even easier to build automations and to review the results of the investigation. The platform highlights the findings in a single, improved view to give analysts all the details needed for decision making.

In addition, Cortex XSOAR’s new release offers numerous product integrations as well as 50 additional enhancements. For example, Cortex XSOAR’s new and improved incidents page helps SOC managers have a better view of the SOC status and allows them to more easily manage their teams. Also, the new incident summary page delivers a quick view of the main findings in each incident, helping managers get a quick view of the ongoing events and helping analysts who join an investigation get quickly oriented. For a complete list of Cortex XSOAR’s new integrations and release enhancements, see

Pricing and Availability
Cortex XSOAR’s new Enterprise Security Operations Platform is generally available today, with annual pricing starting at $100,000 for up to two analysts. A fully multi-tenant Cortex XSOAR solution for MSSP that provides SOC-as-a-Service is also available from Cortex XSOAR. For more information, see

About Cortex XSOAR
Cortex XSOAR is the first and only comprehensive Security Operations Platform to combine security orchestration, incident management, machine learning from analyst activities, and interactive investigation. Cortex XSOAR’s orchestration engine automates security product tasks and weaves in the human analyst tasks and workflows. Cortex XSOAR enables security teams to reduce mean time to resolution (MTTR), create consistent incident management process, and increase analyst productivity. Cortex XSOAR is backed by Accel and other prominent investors and has offices in Silicon Valley and Tel Aviv. For more information, visit or email


Cortex XSOAR is a registered trademark of Cortex XSOAR in the United States and other countries. All rights reserved. All other company and product names are either trademarks or registered trademarks of their respective companies.