palo alto networks logo

How Does Automation Help the SOC?

Cortex® XSOAR gives security teams of all sizes the best-in-class automation they need to respond rapidly to incidents, take action, and stay protected.

Take your Security Automation Tour
introduction

Automation that’s accessible for everyone

Security teams have plenty of challenges. Workflow automation shouldn’t be one of them. Cortex XSOAR puts automation in everyone’s hands, empowering security teams to free themselves from workflow complexity and do more, faster, with any use case.

Start your security automation journey

The journey to automating your security operations starts with a single use case. Below are common use cases curated from our SOAR user community. All of these come packaged with automation content packs and pre-built integrations to get you started quickly.

Explore our XSOAR Marketplace
Your browser does not support HTML5 video.
Your browser does not support HTML5 video.
Play video
Hide
01

The Possibilities of Security Automation

Our Palo Alto Networks Security Operations Center (SOC) provides services with a lean in-house team of 10 SOC analysts. Our SOC operates in a single shift during standard business hours. To ensure we aren’t late to respond to an attack after hours, we also have a 24/7 on-call rotation. How do we do it?

Take your Security Automation Tour View ROI stats
View Time Savings
50K endpoints Our SOC is tasked with protecting our 10K employees globally and a continuously expanding network of endpoints.
75K customers Our SOC also monitors security services that are consumed by our data centers and customers worldwide.
02

Automated Phishing Response

Nori used to spend 45 minutes on each phishing incident. Now she spends 8 minutes. And with XSOAR, she also deals with 75% less incidents.”

A typical phishing response involves multiple, manual steps that are repetitive and take up a significant amount of a security engineer’s time. With automation, the security engineer only needs to step in when a decision is needed.

A Typical phishing response

Q: How many of the steps can be automated?

A: All. However, you can also choose to have a security analyst review the incident (Step 5) to determine if it’s malicious. The XSOAR phishing playbook can then execute a series of actions based on that decision.

Read Watch
03

Automated Ransomware Response

When a breach happens, your team has to act fast. With Cortex XSOAR, you get a head start with best practices workflows and automated actions for isolating and remediating infected hosts.

Custom ransomware incident dashboard

When a ransomware attack is detected by Cortex XDR or other tool, a ransomware playbook is triggered to collect the required information from your environment, execute investigation steps, contain the incident, and present the data to you in a custom dashboard.

In 2020 we saw the average ransom demand increase to $847,000 and the average ransom paid was up to $312,000. And that’s almost double from the year before - Ryan Olson -VP of Threat Intelligence, Unit42®”

Get the Essential Guide to Ransomware Learn more on Ransomware Protection
04

Automated Threat Intelligence

Kris used to spend all day every Tuesday processing the latest threat intel data to make it useful for the rest of his security team. With Cortex XSOAR Threat Intel Management it now takes him less than 1 hour.”

Cortex XSOAR Threat Intel Management

  • Provides a central threat intelligence library for your enterprise
  • Automatically maps threat data to your incidents
  • Operationalizes (parse, prioritize, distribute) your threat intelligence
Read Join launch event Experience
Play video
05

Automated Malware Analysis

When a malware alert comes in, a security incident responder has to chase down related events, check threat intel sources, notify the end user, open tickets to have the user’s host machine reimaged and password reset.

What used to take Kasey 90 minutes is now fully automated. Multiply that by an average of 350 incidents per month, and Kasey gets 13 days back in her month.”

Your browser does not support HTML5 video.

Taking endpoint prevention to a whole new level, with our Cortex XDR integration, you also reduce the number of alerts you have to contend with by 98% with intelligent grouping and deduplication. Cortex XDR uses behavioral analytics and machine learning to continuously profile endpoint, network and user behavior to uncover the stealthiest attacks.

Read Watch
06

Automated Network Security operations

Through 2022, 99% of firewall breaches will be caused by firewall misconfigurations, not firewall flaws, according to Gartner research.”

While firewalls continue to be a critical part of enterprise security strategies, network security operations teams remain challenged by the lack of automation, network security complexity, and lack of overall visibility across siloed teams working on the same incidents.

Allow/Deny list
administration
more info
Allow/Deny list administration

With Cortex XSOAR, security teams have a central platform to ingest, parse, prioritize and automate the real-time distribution of threat intel to firewalls as well as perform CVE checks.

End user access
provisioning
more info
End user access provisioning

How much time do you spend on end user requests? Why not automate the process, such as providing self-service access and automated reputation validation to blocked sites?

Firewall updates
more info
Firewall updates

Updating firewall configurations is largely manual and a time sink. Automation can help eliminate guesswork and speed up the process.

07

Unparalleled Value and Return on Investment

When selecting a SOAR platform, you need to make sure it will serve your current automation needs as well as scale with you as you grow and evolve your security operations. Cortex XSOAR features:

  • Easy deployment with minimal to no in-house DevOps skills. Our wide range of integrations and automation packs are easily customizable with visual editors.
  • An open and extensible platform and SOAR ecosystem that scales and grows with your security operations.
  • Fully integrated case management designed for your security team, so they can manage the entire incident lifecycle in one place.
  • A central threat intel library integrated with your incidents so you get automatic mapping of external threat data as well as full visibility into external threats and – more importantly – context on how they impact your environment.
Gartner Market Guide for SOAR

Reviews and Testimonials

Find out what third-party testers, analysts and customers have to say.

All Encompassing.
AI-Driven.
Adaptive.

See industry validation

Request your Personal Cortex XSOAR Demo

The industry's first extended security orchestration, automation, and response platform

Cortex XSOAR allowed us to orchestrate all the activities we used to perform manually, resulting in the optimization of all the processes."

Enrico Picano, 
Head of Cyber Security Prevention and Transformation, 
BNL

Schedule your Cortex XSOAR Demo

Let’s explore ways to reduce alert volumes, reduce MTTR and eliminate busywork

By submitting this form, you agree to our Terms. View our Privacy Statement.

THANK YOU!

A Palo Alto Networks specialist will reach out to you shortly. We look forward to connecting with you!

Get the latest news, invites to events, and threat alerts

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.

Products and Services

  • AI-Powered Network Security Platform
  • Secure AI by Design
  • Prisma AIRS
  • AI Access Security
  • Cloud Delivered Security Services
  • Advanced Threat Prevention
  • Advanced URL Filtering
  • Advanced WildFire
  • Advanced DNS Security
  • Enterprise Data Loss Prevention
  • Enterprise IoT Security
  • Medical IoT Security
  • Industrial OT Security
  • SaaS Security
  • Next-Generation Firewalls
  • Hardware Firewalls
  • Software Firewalls
  • Strata Cloud Manager
  • SD-WAN for NGFW
  • PAN-OS
  • Panorama
  • Secure Access Service Edge
  • Prisma SASE
  • Application Acceleration
  • Autonomous Digital Experience Management
  • Enterprise DLP
  • Prisma Access
  • Prisma Access Browser
  • Prisma SD-WAN
  • Remote Browser Isolation
  • SaaS Security
  • AI-Driven Security Operations Platform
  • Cloud Security
  • Cortex Cloud
  • Application Security
  • Cloud Posture Security
  • Cloud Runtime Security
  • Prisma Cloud
  • AI-Driven SOC
  • Cortex XSIAM
  • Cortex XDR
  • Cortex XSOAR
  • Cortex Xpanse
  • Unit 42 Managed Detection & Response
  • Managed XSIAM
  • Threat Intel and Incident Response Services
  • Proactive Assessments
  • Incident Response
  • Transform Your Security Strategy
  • Discover Threat Intelligence

Company

  • About Us
  • Careers
  • Contact Us
  • Corporate Responsibility
  • Customers
  • Investor Relations
  • Location
  • Newsroom

Popular Links

  • Blog
  • Communities
  • Content Library
  • Cyberpedia
  • Event Center
  • Manage Email Preferences
  • Products A-Z
  • Product Certifications
  • Report a Vulnerability
  • Sitemap
  • Tech Docs
  • Unit 42
  • Do Not Sell or Share My Personal Information
PAN logo
  • Privacy
  • Trust Center
  • Terms of Use
  • Documents

Copyright © 2025 Palo Alto Networks. All Rights Reserved

  • Youtube
  • Podcast
  • Facebook
  • LinkedIn
  • Twitter
  • Select your language