* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Playbook of the Week](https://www2.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/)
* Securing the Cloud with C...

# Securing the Cloud with Cortex XSOAR and Prisma Cloud

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsecuring-the-cloud-with-cortex-xsoar-and-prisma-cloud%2F)  
[](https://twitter.com/share?text=Securing+the+Cloud+with+Cortex+XSOAR+and+Prisma+Cloud&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsecuring-the-cloud-with-cortex-xsoar-and-prisma-cloud%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsecuring-the-cloud-with-cortex-xsoar-and-prisma-cloud%2F&title=Securing+the+Cloud+with+Cortex+XSOAR+and+Prisma+Cloud&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/securing-the-cloud-with-cortex-xsoar-and-prisma-cloud/&ts=markdown)  
\[\](mailto:?subject=Securing the Cloud with Cortex XSOAR and Prisma Cloud)  
Link copied  
By [Dmitry Zinger](https://www.paloaltonetworks.com/blog/author/dmitry-zinger/?ts=markdown "Posts by Dmitry Zinger")  
Dec 09, 2022  
4 minutes  
[Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)  
[CNAPP](https://www.paloaltonetworks.com/blog/tag/cnapp/?ts=markdown)  
[Content packs](https://www.paloaltonetworks.com/blog/tag/content-packs/?ts=markdown)  
[playbook of the week](https://www.paloaltonetworks.com/blog/tag/playbook-of-the-week/?ts=markdown)  
[Prisma Cloud](https://www.paloaltonetworks.com/blog/tag/prisma-cloud/?ts=markdown)  
[Security Automation](https://www.paloaltonetworks.com/blog/tag/security-automation/?ts=markdown)  
[security playbooks](https://www.paloaltonetworks.com/blog/tag/security-playbooks/?ts=markdown)  
[SOAR](https://www.paloaltonetworks.com/blog/tag/soar-2/?ts=markdown)  
[XSOAR](https://www.paloaltonetworks.com/blog/tag/xsoar/?ts=markdown)

Cloud computing provides a number of benefits to businesses including cost savings, network flexibility, scalability, and quick deployment. Almost everyone who touches a connected device uses the cloud. Individuals (ex: Google Photos), small businesses (ex: cloud storage), large enterprises (ex: Netflix), and even governments (see the [Nimbus Project](https://mr.gov.il/ilgstorefront/en/news/details/111222)) use companies like Amazon Web Services and Google Cloud for the provision of public-platform-based cloud services to the government ministries and additional governmental units.

The ease of use in the cloud can lead to unintended risks, including assets connected to an organization but not managed by security teams, errors in API use, or misconfigurations. All of these risks leave openings for malicious actors, whether with zero-day vulnerabilities in unknown assets, or exposed sensitive data and cause headaches for security.

A [wise man](https://en.wikipedia.org/wiki/Stan_Lee)once wrote, "With great power comes great responsibility." Storing all assets in the cloud is a large responsibility - and requires a lot of trust - because of the risks and threats associated with cloud environments. The cloud continues to be a big target, with just under [91% of all observed security issues present in cloud infrastructures.](https://start.paloaltonetworks.com/2022-asm-threat-report.html)

The number of risks and threats make securing cloud-based infrastructure, applications, and data extremely critical. Fortunately, [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud) was designed to secure infrastructure, workloads, and applications, across the entire cloud-native technology stack - throughout the development lifecycle and across hybrid and multi-cloud environments.

![Prisma Cloud capabilities](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/12/word-image-29.png)

### **What does Prisma Cloud do?**

Prisma Cloud leverages both agent-based and agentless approach to tap into the cloud providers' APIs for read-only access to your network traffic, user activity, and configuration of systems and services and correlates these disparate data sets to help the cloud compliance and security analytics teams prioritize risks and quickly respond to issues. It also uses [Prisma Cloud Defender](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/technology_overviews/defender_architecture) to enable micro-segmentation for workload isolation and to secure your host, container, and serverless computing environments against vulnerabilities, malware, and compliance violations.

![Prisma Cloud Native Security Platform 2.0](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/12/word-image.jpeg)

Even with the robust functionality and protection that Prisma Cloud provides, organizations still need a dedicated team of security operations center (SOC) analysts to identify issues or threats to cloud deployments and respond to prioritized risks to maintain agility and operational efficiency.

But does the SOC team need to perform these tasks manually? No!

### **Automating Incident Response with the Prisma Cloud content pack**

Cortex XSOAR integrates with Prisma Cloud to automate and unify security incident response across cloud environments, maintaining the right balance of machine-powered security automation and human intervention. The [Prisma Cloud content pack](https://cortex.marketplace.pan.dev/marketplace/details/PrismaCloud/) includes playbooks that automate Prisma Cloud alert response and custom incident fields, views, and layouts to facilitate analyst investigation. The remediation playbooks orchestrate across multiple native cloud integrations (AWS, GCP, Azure) to automate actions like changing policies, revoking access, and creating new rules.

The playbooks within this pack help to:

* Take action on, remediate, and resolve incidents/alerts from Prisma Cloud.
* Track configuration issues across all your cloud environments.
* Ensure your cloud environments are compliant and up to date with the latest compliance standards.
* Configure your cloud environments using industry best practices.

Integrations also enable the fetching of alerts from Prisma Cloud into Cortex XSOAR incidents and also include mirroring (if an incident is closed in Cortex XSOAR, the associated alert will be dismissed/closed in Prisma Cloud).

With this content pack, you can significantly reduce the time your security analysts/cloud operations team spends on cloud security alerts and standardize the way you manage misconfiguration incidents.

### **Using the Prisma Cloud content pack**

Once you configure the Prisma Cloud integration to fetch incidents, all incidents that are created in Cortex XSOAR are classified and mapped into the Prisma Cloud generic incident type unless a specific incident type for this alert is already supported. This incident type shows all of the generic alert information from Prisma Cloud but does not trigger any playbook.

For all other supported incident types, the incident triggers the parent playbook that is assigned with this incident type. The analyst can decide whether to use the automatic remediation path in the playbook or to handle the policy violation manually using the recommendations given in the layout.

Each incident type and assigned playbook can remediate several policy violations that are relevant to the use case based on the policy ID mapped from the incident.
![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/12/word-image-30.png)
Prisma Cloud Remediation - GCP VPC Network Misconfiguration Playbook

For more information on the Prisma Cloud by Palo Alto Networks Content Pack, visit our [Cortex XSOAR Developer Docs](https://xsoar.pan.dev/docs/reference/packs/prisma-cloud) reference page.

To learn more about how you can automate security operations with Cortex XSOAR, check out our virtual self-guided [XSOAR Product Tour](https://www.paloaltonetworks.com/resources/infographics/xsoar-product-tour)

We also host virtual and in-person events, so check [here](https://www.paloaltonetworks.com/resources/cortex-events) for upcoming ones.

*** ** * ** ***

## Related Blogs

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Playbook of the Week: Automating the Prioritization of Prisma Cloud Virtual Machine Alerts](https://www2.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-automating-the-prioritization-of-prisma-cloud-virtual-machine-alerts/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Playbook of the Week: Malware Investigation and Response - The Sequel](https://www2.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-malware-investigation-and-response-the-sequel/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Playbook of the Week: Automating EDL Management](https://www2.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-automating-edl-management/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### What's New for Cortex and Cortex Cloud (Apr '25)](https://www2.paloaltonetworks.com/blog/security-operations/whats-new-for-cortex-and-cortex-cloud-apr-25/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Playbook Creation Reimagined: The Intuitive Approach to Security Automation](https://www2.paloaltonetworks.com/blog/security-operations/playbook-creation-reimagined-the-intuitive-approach-to-security-automation/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Creating an Automated Workflow for Account Lockout Resolution](https://www2.paloaltonetworks.com/blog/security-operations/creating-an-automated-workflow-for-account-lockout-resolution/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language