Palo Alto Networks Cortex XSOAR with Always-on Packet Capture

Accelerate incident response by integrating Cortex XSOAR with the always-on, full packet capture of EndaceProbes. 

Cortex XSOAR playbook integration automates data mining and retrieval of network evidence for any incident response workflow. The Endace XSOAR application lets you build full packet capture directly into your XSOAR playbooks so analysts can automatically extract rich packet-level forensic evidence from EndaceProbes on the network for fast, accurate incident response and proactive threat hunting.

Host VM-Series Firewalls on EndaceProbe to extend security coverage across your network without additional hardware installs or truck rolls.

See Cortex XSOAR Playbooks Preserving Network Forensics

Watch this video demo (06:16) to see easy it is to integrate Network History into Cortex XSOAR playbooks to accelerate investigation and response.

Capture every threat, breach and outage

Recall every network activity with perfect clarity. Always on packet capture means you always have the data you need.

Visibility across your entire hybrid network

Record weeks to months of traffic from across your distributed, on-premise, public and private cloud network.

Faster investigation and response

Rapid, centralized search and data-mining puts conclusive forensic evidence at your fingertips in seconds not hours.

Powerful forensics

Quickly and accurately reconstruct events, analyze pcap data and reassemble files with InvestigationManager.

Enterprise-class scalability

Your entire estate of EndaceProbes, physical and cloud, managed centrally, with network-wide investigations from a single pane-of-glass.

Fits the way you work

Endace’s prebuilt integration with Cortex XSOAR and other tools in your environment provides one-click access to full packet data for streamlined workflows.