* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/)
* Cortex XDR Gets Smarter w...

# Cortex XDR Gets Smarter with Stronger Insights and Broader Visibility

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F02%2Fcortex-xdr-incident-scoring%2F)  
[](https://twitter.com/share?text=Cortex+XDR+Gets+Smarter+with+Stronger+Insights+and+Broader+Visibility&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F02%2Fcortex-xdr-incident-scoring%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F02%2Fcortex-xdr-incident-scoring%2F&title=Cortex+XDR+Gets+Smarter+with+Stronger+Insights+and+Broader+Visibility&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2021/02/cortex-xdr-incident-scoring/&ts=markdown)  
\[\](mailto:?subject=Cortex XDR Gets Smarter with Stronger Insights and Broader Visibility)  
Link copied  
By [Kasey Cross](https://www.paloaltonetworks.com/blog/author/kasey-cross/?ts=markdown "Posts by Kasey Cross")  
Feb 01, 2021  
5 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[incident scoring](https://www.paloaltonetworks.com/blog/tag/incident-scoring/?ts=markdown)  
[security operations](https://www.paloaltonetworks.com/blog/tag/security-operations/?ts=markdown)

*Supercharge your investigations with intelligent incident scoring, enhanced search visualization and support for the richest set of data sources ever.*

Today, we released Cortex XDR 2.7 and Cortex XDR Agent 7.3, which, together, deliver a huge set of highly anticipated features that speed up investigations and boost the defenses of the Cortex XDR endpoint agent. These new capabilities not only block fast-moving endpoint attacks and help you reduce the mean-time-to-respond (MTTR) to incidents, they help deliver, in conjunction with [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/xsoar), an integrated platform for all your SecOps needs.

## Incident Scoring Lets You Focus on What Matters

Security teams face today an endless deluge of alerts -- to the tune of [11,000 alerts per week](https://start.paloaltonetworks.com/forrester-2020-state-of-secops.html) on average. Our innovative Incident Management feature, introduced in 2019, alleviates alert fatigue by grouping related alerts from multiple data sources into incidents, cutting the number of individual events to review by 98%.

In Cortex XDR 2.7, we've taken Incident Management to the next level with the introduction of incident scoring. A highly sought-out feature for customers, incident scoring lets you rank and prioritize high-risk incidents to swiftly zero in on the most critical threats. You can create incident scores based on over a dozen alert attributes, including the users or hosts in an alert. To simplify rule creation, you can upload a list of high-priority assets. With incident scoring, you can quickly home in on incidents that involve sensitive servers, for example, or prioritize attacks targeting your executive leadership team.
![Incident Management reaches the next level with the introduction of incident scoring. The screenshot here shows how incident scores reveal high-risk threats in Cortex XDR 2.7.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/01/word-image-25.png)
Incident scores reveal high-risk threats.

## Flexible Insights Supercharge Your Investigations

Collecting the right data is the first step for effective detection and response. But all too often, SOC analysts end up drowning in the expansive data lakes they've built. To investigate threats, analysts need to quickly find the answers they're looking for and decipher investigative clues in a snap by reviewing charts rather than scrolling through neverending tables. Reducing incident response time requires [better search](https://www.paloaltonetworks.com/blog/2020/11/cortex-xdr-2-6/) insights and more flexible queries.

With Cortex XDR 2.7, the search for exceptional search is over. To better visualize search results, Cortex XDR automatically generates graphical histograms for every field in a query. New search options let you analyze more types of data, while query language enhancements, such as optional case-insensitive searches, let you hunt down threats with ease.

You can now display search results using a wide array of charts and visualization options including:

* Pie charts.
* Area graphs.
* Bubble graphs.
* Scatter graphs.
* Gauge graphs.
* Single value totals and tables, in standard text, JSON and tree view formats.

A new widget library allows you to save your personalized charts and use them in dashboards, reports and search results. The widget library is your one-stop shop for all customized charts and graphs.
![Cortex XDR 2.7 includes bubble charts that let you assess search results by showing you three dimensions of data at once, as shown in this screenshot of the interface.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/01/a-screenshot-of-a-computer-description-automatica.png)
Bubble charts let you quickly assess search results by showing you three dimensions of data at once. ![Cortex XDR 2.7 now includes custom pie charts, as shown in this screenshot, that help analysts quickly identify top search results, easing investigations.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/01/word-image-26.png)
Custom pie charts help analysts quickly identify top search results, easing investigations. ![XQL-QUERY-59, an example of Cortex XDR 2.7 in action, breaks down search results by search field in a histogram.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/01/graphical-user-interface-application-teams-desc.png)
Histograms show the breakdown of search results by search field.

## Visibility Across Even More Data Sources Eliminates Blind Spots

Two years ago, we launched the industry's first extended detection and response platform to empower organizations to hunt down and eliminate threats across siloed data sources. In Cortex XDR 2.7, we are continuing to fulfill this promise by adding new data sources and log formats that expand our visibility, allowing your team to protect an unprecedented number of assets and stop more threats than ever.

Cortex XDR has added support for new log formats, including LEEF and Elastic Filebeat, and can ingest additional types of log files, including AWS® CloudTrail, Amazon CloudWatch, Google Kubernetes® Engine and PingFederate®.

## Endpoint Agent Enhancements

To keep you fully protected from modern endpoint attacks, we have introduced the Cortex XDR agent 7.3. This release improves feature parity across operating systems and adds new defenses to block vulnerable drivers and stop attacks originating from malicious remote hosts. Key enhancements include:

* **Expanded response options for macOS® endpoints,** including Search and Destroy and network isolation, let you instantly stop the spread of malware and swiftly contain threats.
* **Peer-to-peer updates for macOS and Linux**allow you to reduce internet bandwidth usage by retrieving updates from other endpoints, such as the existing peer-to-peer content distribution for Windows endpoints.
* **Device Control for virtual desktops** enables you to granularly control USB access to virtual desktop infrastructure (VDI) clients and prevent data loss and threats from unsanctioned USB devices.

For a complete list of new features, check out the [Cortex XDR release notes](https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-release-notes/release-information/features-introduced/features-introduced-in-2021.html). You can also read about our latest updates to neutralize [SolarStorm, variants and imitators](https://www.paloaltonetworks.com/blog/2020/12/cortex-solarstorm-variants-imitators/), as part of our unceasing effort to protect customers from the latest threats.

|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Join us for the webinar, "[Cortex XDR 2.7: Supercharged Investigations](https://register.paloaltonetworks.com/introducingcortexxdr27-superchargedinvestigationsi)," on Feb. 10 at 10 a.m. PST. |

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

[#### A Leader in the 2025 Gartner Magic Quadrant for EPP --- 3 Years Running](https://www2.paloaltonetworks.com/blog/2025/07/named-a-leader-gartner-magic-quadrant/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

[#### MITRE ATT\&CK Evaluations --- Cortex XDR Among Elite in Endpoint Security](https://www2.paloaltonetworks.com/blog/2025/02/mitre-attck-evaluations-cortex-xdr-among-elite-endpoint-security/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Excels in MITRE Managed Services Evaluation](https://www2.paloaltonetworks.com/blog/2024/06/unit-42-mdr-in-mitre-managed-services-evaluation/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Forrester Names Palo Alto Networks a Leader in XDR](https://www2.paloaltonetworks.com/blog/2024/06/forrester-names-palo-alto-networks-a-leader-in-xdr/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Recognized as a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP)](https://www2.paloaltonetworks.com/blog/2024/01/palo-alto-networks-recognized-as-a-leader-in-the-2023-gartner-magic-quadrant-for-endpoint-protection-platforms-epp/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### ONLY Cortex Delivers 100% Protection and Detection in MITRE Engenuity](https://www2.paloaltonetworks.com/blog/2023/09/mitre-engenuity-attck-evaluations-results/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language