* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/)
* Unlock the Power of Threa...

# Unlock the Power of Threat Intelligence With Cortex XSOAR TIM 2.0

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F06%2Fpower-of-threat-intelligence-with-cortex-xsoar-tim-2-0%2F)  
[](https://twitter.com/share?text=Unlock+the+Power+of+Threat+Intelligence+With+Cortex+XSOAR+TIM+2.0&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F06%2Fpower-of-threat-intelligence-with-cortex-xsoar-tim-2-0%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2021%2F06%2Fpower-of-threat-intelligence-with-cortex-xsoar-tim-2-0%2F&title=Unlock+the+Power+of+Threat+Intelligence+With+Cortex+XSOAR+TIM+2.0&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2021/06/power-of-threat-intelligence-with-cortex-xsoar-tim-2-0/&ts=markdown)  
\[\](mailto:?subject=Unlock the Power of Threat Intelligence With Cortex XSOAR TIM 2.0)  
Link copied  
By [Dan Sarel](https://www.paloaltonetworks.com/blog/author/dan-sarel/?ts=markdown "Posts by Dan Sarel")  
Jun 03, 2021  
5 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Cortex](https://www.paloaltonetworks.com/blog/tag/cortex/?ts=markdown)  
[Cortex TIM](https://www.paloaltonetworks.com/blog/tag/cortex-tim/?ts=markdown)  
[next-generation threat intelligence cloud](https://www.paloaltonetworks.com/blog/tag/next-generation-threat-intelligence-cloud/?ts=markdown)  
[threat intelligence](https://www.paloaltonetworks.com/blog/tag/threat-intelligence/?ts=markdown)  
[threat intelligence sharing](https://www.paloaltonetworks.com/blog/tag/threat-intelligence-sharing/?ts=markdown)

## Power of Threat Intelligence

The closest thing you get to being a threat precog is probably the ability to harness intel within your threat feeds -- to anticipate and prevent future attacks. Unfortunately, just like in the movies, reality falls short of fiction. Today's management of threat feeds is part automation, part manual and part luck when it comes to identifying the critical and relevant threats specific to one's environment.

Threat intel teams spend hours sorting through feed data from various sources; correlating that data to incidents; and pushing only the relevant data to enforcement tools for action.

The true power of a [Threat Intelligence Platform](https://www.paloaltonetworks.com/cyberpedia/what-is-a-threat-intelligence-platform) lies in understanding how to make intelligence actionable and doing so before it is too late. This includes automatically mapping threat information to incidents happening in your network, quickly understanding the connections between threat actors and attack techniques previously unknown in your environment. We are delighted to release the second version of our [Threat Intelligence Management](https://www.paloaltonetworks.com/cortex/threat-intel-management) (TIM) module that assists customers in making the most of the Intelligence they have at their disposal.

## What's New in Cortex XSOAR TIM 2.0

[Cortex XSOAR TIM 2.0](https://live.paloaltonetworks.com/t5/blogs/what-s-new-with-cortex-xsoar-2-0-threat-intelligence-management/ba-p/410721) unlocks the power of your threat intelligence. The mission-control platform gives you full intelligence lifecycle management, with unmatched visibility into the global threat landscape; ties threat information to incidents in real-time; and automates the distribution of your threat intelligence at scale.

* *Central Threat Intelligence Library for Your Enterprise:* We bundle in threat intel from our [Unit 42](https://unit42.paloaltonetworks.com/) threat research team, so you have access to a huge repository of high-fidelity threat intel from Palo Alto Networks, in addition to your own collection from open source threat intel feeds.
* *Native Correlation Between Indicators, Incidents and Intel*: Not only do you see all the atomic indicators related to your incidents, but you also get enriched strategic intelligence, so your team has added insight into threat actors and attack techniques.
* *Easily Discover and Add New Threat Intel Sources* *Via Our Marketplace*: Since the launch of TIM last year, we've added 165 threat intel specific integrations. With a single click, you can instantly add a new feed integration and subscription.

## Batteries Included

When you deploy TIM 2.0, you get access to out-of-the-box, high-fidelity threat intelligence from the industry's largest footprint of network, endpoint and cloud intelligence sources (tens of millions of malware samples and firewall sessions collected and analyzed daily). This intel is further enriched with context from world-renowned Unit 42 threat researchers at Palo Alto Networks.

Combine this with the ability to correlate third-party intel and incidents happening internally, and you unlock a host of threat use cases previously unknown to your security team.

## Self-Service via the Marketplace!

With over 650 content packs in the [Cortex XSOAR Marketplace](https://xsoar.pan.dev/marketplace), users can take advantage of threat intel feed automation packs and thousands of pre-built automation scripts for common and unique security-incident response use cases. If you feel your feeds are not covering enough threat territory, it's easy to peruse and add threat intel subscriptions directly from our marketplace. Our 100+ threat intelligence and data enrichment partner ecosystem includes our launch partners, VirusTotal, Flashpoint and Intel 471. Other key partners include AlienVault, APIvoid, Cisco Umbrella, Cofense, Crowdstrike Falcon, Cybersixgill, DHS, Domaintools, IPInfo, Recorded Future, RiskIQ, SafeBreach, URLScan, FireEye Threat Intelligence and more.

## More Details on the New Release

### Centralized Threat Intelligence Management:

With Cortex TIM 2.0, you now have a central threat intelligence repository for storing and managing tactical threat intel (indicators of compromise) and strategic intel reporting on actors and attack techniques. The ability to correlate these different sources of intel with incidents happening internally unlocks a host of threat use cases previously unknown to the security team.
![SolarStorm screenshot of threat actor details, relationships and threat actor descriptions.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/word-image-8.png)
Threat intelligence at work with SolarStorm.

### Strategic Threat Intelligence Relationships:

Threat Intel now supports structured relationships, enabling better alerts and context for SOC/IR. Intel analysts will be able to model their external threat landscape. Indicator layouts have been redesigned. Updates to popular threat intel integrations take advantage of the expanded data that includes STIX 2 objects, such as threat actor, tool, report, malware, attack patterns, campaign, course of action, infrastructure and intrusion sets.
![Golden Ticket screenshot showing the summary of attack pattern details and descriptions.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/word-image-9.png)
Results for Golden Ticket threat intelligence. ![The Canvas view identifying possible phishing, showing an example of the power of threat intelligence.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/Phishing-Canvas.png)
Canvas display of Dragonfly capabilities.

## TIP + SOAR = Better Together

From the beginning, we have taken the approach that current threat intel platforms (TIPs), while adept at aggregating, correlating and even sharing or distributing threat data, cannot address a critical piece of the threat intel management lifecycle. And that is how to help threat intel teams act on the data they consume. Marrying TIP to SOAR extends the workflow automation and case management capabilities to the process of managing threat intel. But more importantly, you now have one central repository for both your threat data (aka indicators) and incidents to allow for the correlation of external threats to what is happening in your network. It is this combination that truly allows us to enrich incidents with threat actors and attack campaign intel for a better understanding of impact, so we can fine-tune our defenses to deliver the right response at the right time.

## Time for a Deeper Dive

![Unlock the power of threat intel photo.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/word-image-11.png)
Join our virtual event.

Join us for a [LinkedIn Live event](https://www.linkedin.com/events/unlockingthepowerofthreatintell6805871915643748352/) to learn how our own Palo Alto Networks threat intel experts and Unit 42 research team approach threat hunting and threat intel management.

For those looking to see the use case in action, join us for the [webinar](https://urldefense.proofpoint.com/v2/url?u=https-3A__mailtrack.io_trace_link_62729edaef6f0a6c0e2cb324bf56413e7d035dae-3Furl-3Dhttps-253A-252F-252Fthreatpost.com-252Fwebinars-252Ftips-2Dand-2Dtactics-2Dfor-2Dbetter-2Dthreat-2Dhunting-252F-26userId-3D6851585-26signature-3D53e3362eaae44ee5&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=0DS-XjB80uW3_u2N6tTQmPvlstfecE1cI_K91V_YhDk&m=Qbm9KS7imkrokBEombZ0rELobvPWYF38q2xfcfJUOHY&s=Xo6VfcSqBuSg188Qd5rP-BygOvBjvsxG_6B-Yxkb-Pk&e=) hosted by [Threatpost](https://threatpost.com/) where we will walk you through a threat campaign and how we leverage automation to handle it.
![Threat post webinar flyer. Learn tips and tactics for better threat hunting.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/word-image.jpeg)
Join the Threatpost webinar.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Identity Protection That Spans the Entire Attack Lifecycle](https://www2.paloaltonetworks.com/blog/2024/08/identity-protection-that-spans-the-entire-attack-lifecycle/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### Unit 42 Strikes Oil in MITRE Engenuity Managed Services Evaluation](https://www2.paloaltonetworks.com/blog/2022/11/unit-42-mitre-managedservices-2022/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### On Fire! CRN Names PAN One of the 10 Hottest XDR Security Companies](https://www2.paloaltonetworks.com/blog/2022/02/one-of-the-10-hottest-xdr-security-companies/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Welcome to the Era of Autonomous Security](https://www2.paloaltonetworks.com/blog/2022/02/extended-security-intelligence-and-automation-management/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Unit 42 and Crypsis Combine to Offer Threat Intel, Incident Response](https://www2.paloaltonetworks.com/blog/2021/04/threat-intelligence-and-incident-response/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### A Joint Vision for Simplified SASE Management at Scale](https://www2.paloaltonetworks.com/blog/2026/02/joint-vision-simplified-sase-management-at-scale/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language