* [Blog](https://www2.paloaltonetworks.com/blog) * [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/) * [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/) * Turn Insight Into Action ... # Turn Insight Into Action With Coralogix and Cortex XSOAR [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcoralogix-and-cortex-xsoar%2F) [](https://twitter.com/share?text=Turn+Insight+Into+Action+With+Coralogix+and+Cortex+XSOAR&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcoralogix-and-cortex-xsoar%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fcoralogix-and-cortex-xsoar%2F&title=Turn+Insight+Into+Action+With+Coralogix+and+Cortex+XSOAR&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/coralogix-and-cortex-xsoar/&ts=markdown) \[\](mailto:?subject=Turn Insight Into Action With Coralogix and Cortex XSOAR) Link copied By [Yuval Khalifa](https://www.paloaltonetworks.com/blog/author/yuval-khalifa/?ts=markdown "Posts by Yuval Khalifa") Dec 18, 2020 5 minutes [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown) [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown) [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [Automation](https://www.paloaltonetworks.com/blog/tag/automation/?ts=markdown) [Coralogix](https://www.paloaltonetworks.com/blog/tag/coralogix/?ts=markdown) [Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown) [logs](https://www.paloaltonetworks.com/blog/tag/logs/?ts=markdown) [security](https://www.paloaltonetworks.com/blog/tag/security/?ts=markdown) Let's look at security automation in three levels of maturity. The first level is the creation of helpful tools that humans use to optimize their vulnerability scanning. The second level is automatic threat detection without any human intervention. The third level is automatic *threat* *resolution*, where bugs are discovered and removed without asking for permission. Traditionally, the third level takes years of learning and engineering. What if we could jump straight to level three? ## **First, you need to grow your insights** There are many complex issues that underpin automatic threat resolution. Gathering information about your system is, alone, a difficult challenge. There are many disparate sources of information, with new services being updated, created, and removed on a daily basis. Keeping track of all of this is something that organizations have struggled with for years. ##### But how do you manage all of this data? If you do manage to create a system that can scrape data from all of your services, you're then encumbered with a new challenge. Where do you put all of this data? A solution to this only spawns further obstacles, leading to the questions: What is the most efficient format? How do you control costs? How do you keep queries fast? ##### There's the long route to creating insights You can begin with the implementation of a scalable logging solution. This means deploying, maintaining, patching, scanning, and monitoring your own infrastructure and all required software. This requires specialist knowledge and, most importantly, takes time. Security and operational procedures need to be reasoned, networking limitations need to be avoided, storage space needs to be optimized, and much more. Building and running your own observability stack is a huge challenge. Even with expert development and specialist operational support, you'll still be regularly maintaining and scaling your stack. ##### And then there's the shortcut - Coralogix Your logs contain a hidden wealth of operational insight. However, logs are naturally disordered. Coralogix specializes in this arena. Rather than building and deploying your own ELK stack, inheriting the burden that comes with this solution, Coralogix provides a managed ELK stack with integrations into all of your favorite tooling. You can immediately consume data from thousands of disparate sources and visualize them in a cost-effective, simple, flexible, and powerful user interface. ## **Now you have insights, how do you create action?** Coralogix can report on the data you have, but what you need now is action. This is where Cortex XSOAR steps in. Coralogix has a direct integration with Cortex XSOAR, so your data can be immediately utilized. ##### What types of actions are we talking about? The flexible nature of the integration between Coralogix and Cortex XSOAR opens up a new array of modern security capabilities. ##### Automated incident enrichment and response By implementing a playbook in Cortex XSOAR, you can configure a series of behaviors. For example, if an IP address is already associated with a security incident, you may wish to block that IP address and raise an alert. This is simple. Coralogix can notify Cortex XSOAR of a potential security issue and, by reading access logs, Cortex XSOAR can automatically detect activity from this new IP address. Cortex XSOAR can then block the IP address and send an alert. ##### Track changes as they happen ![Screenshot of the XSOAR Platform with Coralogix search results](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/12/word-image-7.png) The most common question when a new vulnerability appears in a system is "when was the last deployment?" Without Coralogix and Cortex XSOAR working together, you'll need to navigate disparate systems to piece together the current truth of the situation. If Coralogix is integrated into your CI/CD pipeline, the data is easily accessible within Cortex XSOAR. Cortex XSOAR supports direct queries to Coralogix. No need to context switch away from Cortex XSOAR and waste precious time across multiple systems. Get the answers you need, right away. ##### Immediately surface relevant moments ![Screenshot of security timeline to immediately surface relevant moments](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/12/word-image-8.png) Coralogix supports tagging key moments in your timeline. This capability opens up a new avenue of collaboration between your security and operational teams. Rather than drawing up complex reports that detail each relevant moment, you can overlay this information directly in Cortex XSOAR. This integration allows you to build an active, responsive map in real-time, that gives your security team total ownership of the information. This centralized approach to information gathering brings all of the knowledge into one place where it can be discussed and form the basis for a data-driven decision. ## **Conclusion** By bringing together the insights of Coralogix with the sophistication of Cortex XSOAR, you gain access to a pipeline of powerful data, fed directly into an intelligent engine that can directly solve security problems for you. This level of automation creates a safety net for your engineers. Product iterations can proceed at pace, secure in the knowledge that if something does go wrong, Coralogix and Cortex XSOAR are on hand, to patch your vulnerabilities and deploy into production with confidence. Visit our [Cortex XSOAR Ecosystem](https://www.paloaltonetworks.com/cortex/xsoar-ecosystem) to learn about other Cortex XSOAR integrations, or get started today with the free [Cortex XSOAR Community Edition](https://start.paloaltonetworks.com/sign-up-for-community-edition.html). *** ** * ** *** ## Related Blogs ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown) [#### Automation: The Key to Consistent Security for Kubernetes](https://www2.paloaltonetworks.com/blog/security-operations/automation-for-kubernetes/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [#### Automating Identity Lifecycle Management](https://www2.paloaltonetworks.com/blog/security-operations/automating-ilm/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [#### Deloitte's Cloud Migration Success: Transforming SecOps with Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/deloittes-cloud-migration-success-transforming-secops-with-cortex-xsoar/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown) [#### Cortex XSOAR Marketplace's Top Contributors for April - June 2023!](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xsoar-marketplaces-top-contributors-for-april-june-2023/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Use VMRay Analyzer's Contextual Threat Intelligence for Automated Threat Hunting in Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/use-vmray-analyzers-contextual-threat-intelligence-for-automated-threat-hunting-in-cortex-xsoar/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown) [#### Cortex XSOAR for SolarStorm Breach Rapid Response](https://www2.paloaltonetworks.com/blog/security-operations/cortex-xsoar-solarstorm-sunburst/) ### Subscribe to Security Operations Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language