* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* What's New in Cortex

# What's New in Cortex

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fwhats-new-in-cortex%2F)  
[](https://twitter.com/share?text=What%E2%80%99s+New+in+Cortex&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fwhats-new-in-cortex%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fwhats-new-in-cortex%2F&title=What%E2%80%99s+New+in+Cortex&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/whats-new-in-cortex/&ts=markdown)  
\[\](mailto:?subject=What’s New in Cortex)  
Link copied  
By [Scott Simkin](https://www.paloaltonetworks.com/blog/author/scott-simkin/?ts=markdown "Posts by Scott Simkin")  
Nov 18, 2025  
5 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Agentic AI](https://www.paloaltonetworks.com/blog/tag/agentic-ai/?ts=markdown)  
[ASM](https://www.paloaltonetworks.com/blog/tag/asm/?ts=markdown)  
[Attack Surface Management](https://www.paloaltonetworks.com/blog/tag/attack-surface-management/?ts=markdown)  
[Automation](https://www.paloaltonetworks.com/blog/tag/automation/?ts=markdown)  
[Cortex](https://www.paloaltonetworks.com/blog/tag/cortex/?ts=markdown)  
[cybersecurity](https://www.paloaltonetworks.com/blog/tag/cybersecurity/?ts=markdown)  
[EDR](https://www.paloaltonetworks.com/blog/tag/edr/?ts=markdown)  
[SecOps](https://www.paloaltonetworks.com/blog/tag/secops/?ts=markdown)  
[Security Agents](https://www.paloaltonetworks.com/blog/tag/security-agents/?ts=markdown)  
[security operations](https://www.paloaltonetworks.com/blog/tag/security-operations/?ts=markdown)  
[Security Operations Center](https://www.paloaltonetworks.com/blog/tag/security-operations-center/?ts=markdown)  
[SIEM](https://www.paloaltonetworks.com/blog/tag/siem/?ts=markdown)  
[SOAR](https://www.paloaltonetworks.com/blog/tag/soar-2/?ts=markdown)  
[SOC](https://www.paloaltonetworks.com/blog/tag/soc/?ts=markdown)  
[XDR](https://www.paloaltonetworks.com/blog/tag/xdr/?ts=markdown)  
[Xpanse](https://www.paloaltonetworks.com/blog/tag/xpanse/?ts=markdown)  
[XSIAM](https://www.paloaltonetworks.com/blog/tag/xsiam/?ts=markdown)  
[XSOAR](https://www.paloaltonetworks.com/blog/tag/xsoar/?ts=markdown)

## Transforming Security Operations with Groundbreaking Agentic AI Capabilities Across the Cortex Platform (Nov '25 Release)

We're thrilled to announce the release of Cortex XSIAM 3.3, which natively embeds [Agentic AI throughout](https://www.paloaltonetworks.com/blog/2025/10/agentic-ai-platform-for-agentic-workforce-future/) our industry-leading security operations platform for unprecedented speed and efficiency gains. This release also dramatically enhances your data management capabilities with the debut of federated search across all major cloud data repositories, along with other major updates across the portfolio.

## **[Cortex XSIAM 3.3](https://www.paloaltonetworks.com/cortex/cortex-xsiam): Meet Your AI Agent Workforce**

\&amp;lt;span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce\_SELRES\_start"\&amp;gt;﻿\&amp;lt;/span\&amp;gt;

The latest version of Cortex XSIAM introduces Cortex [**AgentiX**](https://www.paloaltonetworks.com/cortex/agentix) - the industry's most secure platform to build, deploy and govern the AI agent workforce of the future. AgentiX delivers dynamic incident response capabilities by leveraging autonomous agents, trained on over 1.2 billion real-world executions and protected by robust guardrails. These autonomous agents can dynamically plan, reason, and take action to resolve security challenges, accelerating your incident response like never before.

In conjunction with AgentiX, the new [**Cortex MCP Server**](https://www.paloaltonetworks.com/blog/security-operations/introducing-the-cortex-mcp-server/) makes it easy to leverage Cortex's powerful features directly into your Large Language Model (LLM) apps. It uses the Model Context Protocol (MCP), a standard for how AI models work with other applications and tools, enabling you to communicate with your Cortex tenant using natural language.

### **Federated Search in Cortex Extended Data Lake (XDL)**

**Federated Search in [Cortex XDL](https://www.paloaltonetworks.com/resources/techbriefs/cortex-extended-data-lake)** allows customers to easily query external datasets stored in AWS, GCP, or Azure. This feature enables users to search and analyze remote data directly from XSIAM using XQL, without the need to ingest the data or incur additional storage costs.

Federated Search cuts overhead by letting security teams query massive volumes of data directly from external storage (AWS, GCP, Azure) using XQL from the Cortex console. This capability ensures critical long-term compliance and data retention by keeping years of historical audit data accessible at an economic cost. Best of all, it supercharges investigations over extended time spans, enabling analysts to run ad-hoc queries spanning months or years for comprehensive incident response.
![Federated Search in Cortex XSIAM](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/11/screenshot-2025-10-16-at-3-26-07-pm-png.png)
Federated Search in Cortex XSIAM

### **Expanded Investigation and Detection Flexibility**

Cortex XSIAM and XDR now provide comprehensive support for investigations with **Forensics for Linux**, allowing forensic customers to run complete investigations with deeper artifact collection and analysis across endpoints that run on Windows, macOS, and Linux operating systems, ensuring deeper artifact collection and analysis from Linux endpoints.

Furthermore, the platform offers **Flexible Customization for Analytics Rules**, enabling security teams to align detection rules precisely with their organization's unique risk profile by easily adjusting the severity of alerts generated by the powerful, built-in analytics engine.

## **[Cortex XDR 4.3](https://www.paloaltonetworks.com/cortex/cortex-xdr): Strengthen Defenses Against Advanced Attacks**

We're excited to announce the release of Cortex XDR 4.3, featuring new defenses against advanced attack techniques, deeper customization for analytics, and extended security coverage for more operating systems and hardware architectures.

### Flexible Customization for Analytics Rules

Flexible customization for analytics rules allows customers to easily adjust the severity of alerts generated by powerful, built-in analytics rules, thereby enabling them to align detection rules with their organization's unique risk profile. This also helps security teams align detection rules precisely with their organization's unique risk profile, ensuring generated alerts are relevant to their specific business context. The simplified adjustment of alert severity for built-in analytics rules achieves this alignment, which results in the ability to prioritize threats based on their unique risk profile and environment.
![Flexible Customization for Analytics Rules](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/11/XDR-analytics.gif)
Flexible Customization for Analytics Rules

![analytics.gif](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/11/analytics-gif.png)

### New Defenses, Extended Coverage, and Real-Time Threat Prevention

Cortex XDR 4.3 introduces the **XDR Agent for Windows on ARM64** , extending industry-leading prevention and detection to Windows devices running on ARM processors. **ML-Based JScript File Examination** enhances defense against advanced threats; this new machine-learning module analyzes and blocks malicious JScript files before execution. Furthermore, for customers with the ITDR add-on, **Malicious LDAP Query Protection** enables the XDR agent to provide real-time prevention against reconnaissance activities, such as those performed by tools like BloodHound's SharpHound collector, that target Windows Domain Controllers.

## **[Xpanse 2.11](https://www.paloaltonetworks.com/cortex/cortex-xpanse): Improve Attack Surface Control with AI Infrastructure Detections**

The Cortex Xpanse 2.11 release introduces powerful new capabilities that help you understand and control your digital attack surface. We enhanced visibility with new AI infrastructure detections, added deeper attack surface testing capabilities, and streamlined workflows through improved alert management and bulk actions.

Attack surface control improvements start with new **attack surface testing intrusiveness levels** that allow users to safely test and adjust the intensity of exposure checks across environments. To keep pace with modern infrastructure, the release also **adds AI infrastructure detections** for MCP Servers, MCP Inspector, and more.
![Attack Surface Testing - Configurable Intrusiveness](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/11/word-image-348547-4.png)
Attack Surface Testing - Configurable Intrusiveness

Cortex Xpanse 2.11 streamlines workflow and triage using **faster triage with bulk actions** to manage alerts and assets more efficiently. It also improves visibility by displaying **misconfiguration and enumeration alerts in the Threat Response Center** for single-view prioritization, and complements this with new **service version enumeration and filtering** to quickly isolate software for hygiene work.

## **[Cortex XSOAR 8.12](https://www.paloaltonetworks.com/cortex/cortex-xsoar): Optimize and Streamline Workflows**

Cortex XSOAR 8.12 focuses on optimizing collaboration and threat intelligence integration by introducing **conflict-free playbook editing** , which prevents concurrent modifications and ensures smooth team development of automation workflows. Clarity within playbooks boosts **unique task logos** that help users quickly distinguish between different action types like integration commands and custom scripts. Finally, a new **Unit 42 Threat Intelligence content pack** consolidates and replaces several deprecated packs, providing high-value integrations that leverage Unit 42's world-class research and analysis.
![Conflict-Free Playbook Editing in Cortex XSOAR](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/11/word-image-348547-5.png)
Conflict-Free Playbook Editing in Cortex XSOAR

These are just the highlights from a feature-packed month. For a detailed breakdown of the latest features and enhancements across the Cortex portfolio, please refer to the [full release notes](https://docs-cortex.paloaltonetworks.com/). To learn more about these and other innovations across the Cortex portfolio, visit [https://www.paloaltonetworks.com/cortex](https://www.paloaltonetworks.com/cortex).

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### How Cortex Defends Against Microsoft SharePoint "ToolShell" Exploits](https://www2.paloaltonetworks.com/blog/security-operations/how-cortex-defends-against-microsoft-sharepoint-toolshell-exploits/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### What's Next in Cortex: New Innovations for Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/whats-next-in-cortex-new-innovations-for-security-operations/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### Defending against Phantom Taurus with Cortex](https://www2.paloaltonetworks.com/blog/security-operations/the-rise-of-phantom-taurus-unmasking-a-stealthy-new-threat-to-global-security-with-cortex/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### What's New in Cortex: The Latest Innovations for the World's #1 SecOps Platform (Feb '25 Release)](https://www2.paloaltonetworks.com/blog/security-operations/whats-new-in-cortex-the-latest-innovations-for-the-worlds-1-secops-platform-feb-25-release/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### What's New for Cortex and Cortex Cloud (Apr '25)](https://www2.paloaltonetworks.com/blog/security-operations/whats-new-for-cortex-and-cortex-cloud-apr-25/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Optimize Analyst Workflows with Cortex Copilot](https://www2.paloaltonetworks.com/blog/security-operations/optimize-analyst-workflows-with-cortex-copilot/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language