* [Blog](https://www2.paloaltonetworks.com/blog) * [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/) * [Must-Read Articles](https://www2.paloaltonetworks.com/blog/security-operations/category/must-read-articles/) * Leveraging XM Cyber's Att... # Leveraging XM Cyber's Attack Simulation Context in Cortex XSOAR [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fxm-cyber-marketplace-integration%2F) [](https://twitter.com/share?text=Leveraging+XM+Cyber%E2%80%99s+Attack+Simulation+Context+in+Cortex+XSOAR&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fxm-cyber-marketplace-integration%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fxm-cyber-marketplace-integration%2F&title=Leveraging+XM+Cyber%E2%80%99s+Attack+Simulation+Context+in+Cortex+XSOAR&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/xm-cyber-marketplace-integration/&ts=markdown) \[\](mailto:?subject=Leveraging XM Cyber’s Attack Simulation Context in Cortex XSOAR) Link copied By [Emily Laufer](https://www.paloaltonetworks.com/blog/author/emily-laufer/?ts=markdown "Posts by Emily Laufer") and [Alyssa VanNice](https://www.paloaltonetworks.com/blog/author/alyssa-vannice/?ts=markdown "Posts by Alyssa VanNice") May 05, 2021 3 minutes [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown) [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [acepp](https://www.paloaltonetworks.com/blog/tag/acepp/?ts=markdown) [attack centric](https://www.paloaltonetworks.com/blog/tag/attack-centric/?ts=markdown) [attack context](https://www.paloaltonetworks.com/blog/tag/attack-context/?ts=markdown) [Automation Playbooks](https://www.paloaltonetworks.com/blog/tag/automation-playbooks/?ts=markdown) [Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown) [Cortex XSOAR Marketplace](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar-marketplace/?ts=markdown) [discover attack paths](https://www.paloaltonetworks.com/blog/tag/discover-attack-paths/?ts=markdown) [identify key assets](https://www.paloaltonetworks.com/blog/tag/identify-key-assets/?ts=markdown) [prioritize remediation](https://www.paloaltonetworks.com/blog/tag/prioritize-remediation/?ts=markdown) [protect your assets](https://www.paloaltonetworks.com/blog/tag/protect-your-assets/?ts=markdown) [security orchestration](https://www.paloaltonetworks.com/blog/tag/security-orchestration/?ts=markdown) [SOAR content](https://www.paloaltonetworks.com/blog/tag/soar-content/?ts=markdown) [SOAR Innovation](https://www.paloaltonetworks.com/blog/tag/soar-innovation/?ts=markdown) [SOC](https://www.paloaltonetworks.com/blog/tag/soc/?ts=markdown) [train your ecosystem](https://www.paloaltonetworks.com/blog/tag/train-your-ecosystem/?ts=markdown) [XM Cyber](https://www.paloaltonetworks.com/blog/tag/xm-cyber/?ts=markdown) Security and network teams struggle with the high volume of alerts due to insufficient context and automation to help cut through the noise, especially when they lack information on how to respond and mitigate common incidents. When the SOC is unable to keep up with the volume of incoming alerts, the ability to separate low risk and high risk incidents becomes necessary to ensure the organization maintains security around critical data and devices. Security teams simulate attacks to test signature-based security controls and overall system response. It is imperative for attack simulations to reflect your environment and prioritize real exposures in your network. To best leverage remediation techniques, your security team needs to fully understand the context of the attack. To help security teams understand their alerts and test security controls, the XM Cyber content pack, available in the Cortex XSOAR Marketplace, automates continuous discovery of network exposures and simulates new attack paths to critical assets within Cortex XSOAR. ### **Let's take a look at how this combination can help your security program** Together, XM Cyber and Cortex XSOAR enable your security and IT Teams to chart the attack paths associated with new exploits and identify the impacted assets. XM Cyber provides a graphic representation of the attack steps with the ability to drill down from each stage to the remediation context, and prioritization information needed to respond quickly and effectively. **![Figure 1: XM’s Cyber “Battleground” appears a bit like a combat wargaming model, with geometrical shapes representing assets and arrows representing threats. This simulation has a movie-like feel and users can control it by using fast-forward, rewind and pause. When an asset is breached, users can see all paths taken by the simulated hacker and the vulnerabilities exploited along those paths. All of this is informed by data ingested from the network XM is protecting. Once tests are finished, XM ranks vulnerabilities based on importance and ease of remediation.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/05/word-image-12.png)** *Figure 1:* *XM's Cyber "Battleground" appears a bit like a combat wargaming model, with geometrical shapes representing assets and arrows representing threats. This simulation has a movie-like feel and users can control it by using fast-forward, rewind and pause. When an asset is breached, users can see all paths taken by the simulated hacker and the vulnerabilities exploited along those paths. All of this is informed by data ingested from the network XM is protecting. Once tests are finished, XM ranks vulnerabilities based on importance and ease of remediation.* ### **Enrich Cortex XSOAR workflows with XM Cyber contextual attack information** Your analysts rely on Cortex XSOAR for the best security incident orchestration possible. By adding the XM Cyber Attack-Centric Exposure Prioritization Platform (ACEPP) content pack, your team will gain insightful information for each incident, including: * Detailed information on the prioritized risk of business critical assets * Identification of key assets centralized between many attack paths * Contextual insight on the operating exploit or attack agent, including a list of assets that may be directly or indirectly compromised * Remediation advice ranked in order of importance that requires minimal effort from your security team Effective exposure risk management requires context for the highest level of remediation. Increase your teams efficacy against attacks, with the ability to continuously calculate every possible attack path and leverage a visual representation that includes critical asset details and attacker techniques. By applying actual risk factors associated with your live environment, your security and IT operations teams can improve the speed at which they are able to identify and remediate the right risks in the right order. Utilize the integrated content pack for XM Cyber with Cortex XSOAR to increase the efficiency of your team and strengthen the security posture of your organization. ### **Learn more** Build out your security ecosystem with the XM Cyber content pack, available now on the [Cortex XSOAR Marketplace](https://www.paloaltonetworks.com/cortex/xsoar/marketplace). Learn about and leverage over [650 different integrations](https://www.paloaltonetworks.com/cortex/xsoar-ecosystem) for the market leading security orchestration, automation, and response (SOAR) platform. Click[here](http://www.xmcyber.com/) to find out more about XM Cyber. Don't have Cortex XSOAR? [Download the Community Edition](https://start.paloaltonetworks.com/sign-up-for-community-edition.html) to get started. *** ** * ** *** ## Related Blogs ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Auto-Quarantine Phishing Threats with Cortex XSOAR and Cofense Vision](https://www2.paloaltonetworks.com/blog/security-operations/auto-quarantine-phishing-threats-with-cortex-xsoar-and-cofense-vision/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Use VMRay Analyzer's Contextual Threat Intelligence for Automated Threat Hunting in Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/use-vmray-analyzers-contextual-threat-intelligence-for-automated-threat-hunting-in-cortex-xsoar/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [#### It's All About the Future - A Cortex XSOAR Marketplace Update](https://www2.paloaltonetworks.com/blog/security-operations/its-all-about-the-future-a-cortex-xsoar-marketplace-update/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [#### Titaniam Protect Ransomware Extortion Defense with Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/titaniam-xsoar-marketplace/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown) [#### Automate Security Validation with Cortex XSOAR and Pentera](https://www2.paloaltonetworks.com/blog/security-operations/automate-security-validation-with-cortex-xsoar-and-pentera/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [#### Elevate Your SIEM Workflows for Splunk and QRadar in Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/siem-splunk-qradar-xsoar/) ### Subscribe to Security Operations Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language