There’s no rulebook for managing cloud security
Team silos Managing and responding to security incidents involves end users, Cloud Ops teams, the SOC, IT and other stakeholders
No defined process Coordinating across security tools involves shifting context, leading to rework and fragmented documentation
Inefficient threat management Security teams lack the time, flexibility and centralized data to prioritize alerts and track relevant metrics and performance
Cortex XSOAR for cloud security automation


To manage cloud security, you need to meet constantly changing infrastructures and expanded threat surfaces with agility and flexibility. You also have to coordinate with distributed teams across your organization.

Cortex™ XSOAR primes your team for fast, standardized cloud security through multi-source ingestion of cloud data and playbooks that coordinate and automate incident response actions across your product stack. As a result, you get better time to detect (TTD) and faster, more scalable response.


Cloud security orchestration use cases
Use case 1: Incident workflow management

Automate the management and distribution of your cloud alerts to all stakeholders in your organization.
Use case 2: Cloud misconfiguration auto-remediation

Integration with the cloud monitoring and compliance capabilities of Prisma™ Cloud delivers end-to-end auto-remediation for cloud misconfiguration alerts.

Use case 3: Cloud threat alert remediation

Moving on from routine misconfigurations or hygiene issues in your cloud infrastructure, anomalies such as access key compromise or port scans/sweeps need to be remediated as quickly as possible.

In Cortex XSOAR, you can build fully or semi-automated playbooks to gather more context and respond accordingly. For example, in the case of access key compromise, it’s important to find out user information, where the anomaly was triggered from, and exactly how it was triggered.

Use case 4: Combine your cloud and on-premises incident response

Our orchestration platform executes workflows that coordinate across cloud and on-premise security environments.

For example, when a phishing alert comes in, a Cortex XSOAR playbook can automatically extract indicators of compromise (IOCs) and perform reputation checks before pushing those IOCs to block lists across both cloud and on-premises environments.
Cortex XSOAR cloud security ecosystem


We work closely with cloud service providers to provide out-of-the-box integrations that make it easy for you to automate and orchestrate actions across your cloud stack.