* [Blog](https://www2.paloaltonetworks.com/blog) * [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/) * [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/) * Use VMRay Analyzer's Cont... # Use VMRay Analyzer's Contextual Threat Intelligence for Automated Threat Hunting in Cortex XSOAR [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fuse-vmray-analyzers-contextual-threat-intelligence-for-automated-threat-hunting-in-cortex-xsoar%2F) [](https://twitter.com/share?text=Use+VMRay+Analyzer%E2%80%99s+Contextual+Threat+Intelligence+for+Automated+Threat+Hunting+in+Cortex+XSOAR&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fuse-vmray-analyzers-contextual-threat-intelligence-for-automated-threat-hunting-in-cortex-xsoar%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fuse-vmray-analyzers-contextual-threat-intelligence-for-automated-threat-hunting-in-cortex-xsoar%2F&title=Use+VMRay+Analyzer%E2%80%99s+Contextual+Threat+Intelligence+for+Automated+Threat+Hunting+in+Cortex+XSOAR&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/use-vmray-analyzers-contextual-threat-intelligence-for-automated-threat-hunting-in-cortex-xsoar/&ts=markdown) \[\](mailto:?subject=Use VMRay Analyzer’s Contextual Threat Intelligence for Automated Threat Hunting in Cortex XSOAR) Link copied By [Melody Crosby](https://www.paloaltonetworks.com/blog/author/melody-crosby/?ts=markdown "Posts by Melody Crosby") Oct 20, 2022 3 minutes [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown) [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown) [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [Automated Malware Analysis](https://www.paloaltonetworks.com/blog/tag/automated-malware-analysis/?ts=markdown) [Automation Playbooks](https://www.paloaltonetworks.com/blog/tag/automation-playbooks/?ts=markdown) [Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown) [Cortex XSOAR Marketplace](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar-marketplace/?ts=markdown) [Malware Alert Investigation](https://www.paloaltonetworks.com/blog/tag/malware-alert-investigation/?ts=markdown) [Partner Integrations](https://www.paloaltonetworks.com/blog/tag/partner-integrations/?ts=markdown) [Sandboxing](https://www.paloaltonetworks.com/blog/tag/sandboxing/?ts=markdown) [Security Automation](https://www.paloaltonetworks.com/blog/tag/security-automation/?ts=markdown) [security orchestration](https://www.paloaltonetworks.com/blog/tag/security-orchestration/?ts=markdown) [SOAR content](https://www.paloaltonetworks.com/blog/tag/soar-content/?ts=markdown) [SOAR Innovation](https://www.paloaltonetworks.com/blog/tag/soar-innovation/?ts=markdown) [SOC](https://www.paloaltonetworks.com/blog/tag/soc/?ts=markdown) [VMRay Analyzer](https://www.paloaltonetworks.com/blog/tag/vmray-analyzer/?ts=markdown) ### **See how VMRay + Cortex XSOAR Accelerate Malware Investigation on our Upcoming Webinar!** The increasing number of previously unseen malware and malicious infrastructure (domains, URLs etc.) makes alert triage, validation, and enrichment very difficult. Security analysts spend a considerable amount of time investigating phishing and endpoint malware alerts. Gaining unmatched insights into the new threats requires a fresh approach to the threat analysis and investigation processes. To overcome these challenges, defenders need superpowers to rapidly detonate, analyze and extract actionable threat intelligence from unknown files or URLs tied to the alert. VMRay Analyzer is an agentless, hypervisor-based sandbox which uses intelligent monitoring to distinguish between malicious behavior and legitimate activity. Every interaction is monitored, and even the most evasive malware strains fully execute in the sandbox, capturing a complete and accurate record of threat behavior. The data from VMRay's automated malware analysis is fed into Cortex XSOAR, enriching detection, digital forensics, and threat intelligence, and enhancing incident response and threat hunting. The VMRay Analyzer pack is available on the Cortex XSOAR Marketplace and can easily be installed with the click of a button, providing Cortex XSOAR customers with next generation sandboxing capabilities by integrating automated malware analysis into XSOAR customer's playbooks. Designed to speed up alert investigation and enable autonomous response to critical malware incidents within Cortex XSOAR, the prebuilt content pack provides immediate value for security teams. Our joint customers can use this powerful integration to improve threat detection, accelerate incident response and gain actionable threat intelligence to block future threats. ### **Let's take a look at why this is so important for your security program** In a fast-evolving threat landscape, VMRay and Cortex XSOAR allow your security team to filter out the noise and respond to the real malware threats faster. Contextual threat intelligence provided by VMRay Analyzer also allows you to start automated threat hunting in seconds. The VMRay content pack enables you to: * Streamline phishing and malware alert investigation to protect your business. * Empower your analysts to make better informed decisions with actionable and accurate threat intelligence. * Automatically get in-depth malware analysis reports with high-fidelity [IOCs](https://www.vmray.com/cyber-security-blog/indicators-of-compromise-artifacts-whats-the-difference/) including command-and-control addresses. ![Diagram of Cortex XSOAR and VMRay](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/10/graphical-user-interface-application-description.png) ### **VMRay Analyzer + Palo Alto Networks Cortex XSOAR Malware Analysis** **Join us** and discover how to accelerate malware investigations and extract actionable threat intelligence with VMRay Analyzer and optimize your Cortex XSOAR incident response workflows during VMray's Autonomous Response to Critical Malware Alerts webinar hosted live on November 8th at 8 AM PT/11 AM ET - [Register now](https://bit.ly/3ec3AHv)! ![Webinar announcement](https://www.paloaltonetworks.com/blog/wp-content/uploads/2022/10/graphical-user-interface-application-description.jpeg) ### **Learn More** Build out your security program with the VMRay content pack, available now on the [Cortex XSOAR Marketplace](https://www.paloaltonetworks.com/cortex/xsoar/marketplace). Look up pre-built integrations for your top security tools with over [900 content packs](https://www.paloaltonetworks.com/cortex/xsoar-ecosystem) available for Cortex XSOAR, the market's leading SOAR platform. Not yet a VMRay Analyzer [Enterprise](https://xsoar.pan.dev/marketplace/details/VMRayEnterprise) or [Standard](https://xsoar.pan.dev/marketplace/details/VMRayStandard) customer? Looking for better results from your existing sandbox? Easily activate a free 30 day trial or inquire about a Private Offer right in the XSOAR Marketplace. Don't have Cortex XSOAR? [Download the Community Edition](https://start.paloaltonetworks.com/sign-up-for-community-edition.html) to get started. Learn more about [VMRay Analyzer](https://www.vmray.com/products/analyzer-malware-phishing-sandbox/) or see the VMRay [pack](https://xsoar.pan.dev/marketplace/details/VMRay) on the XSOAR Marketplace. *** ** * ** *** ## Related Blogs ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Auto-Quarantine Phishing Threats with Cortex XSOAR and Cofense Vision](https://www2.paloaltonetworks.com/blog/security-operations/auto-quarantine-phishing-threats-with-cortex-xsoar-and-cofense-vision/) ### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown) [#### Automate Email Incident Response with Armorblox in Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/automate-email-incident-response-with-armorblox-in-cortex-xsoar/) ### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown) [#### Build a Champion SOC with Best in Class Threat Intelligence from VirusTotal and Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/virustotal-welcome-xsoar-marketplace/) ### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown) [#### Farewell to 2021! A Look Back on the Cortex XSOAR Marketplace](https://www2.paloaltonetworks.com/blog/security-operations/farewell-to-2021-a-look-back-on-the-cortex-xsoar-marketplace/) ### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [#### Extend Threat Intelligence with Information Processing from Cortex XSOAR and SOCRadar XTI](https://www2.paloaltonetworks.com/blog/security-operations/extend-threat-intelligence-with-information-processing-from-cortex-xsoar-and-socradar-xti/) ### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown) [#### Accelerate Ransomware Recovery with Druva Cloud and Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/druva-cloud-xsoar-marketplace/) ### Subscribe to Security Operations Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language