* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog) * [Security Operations](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/) * [Must-Read Articles](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/category/must-read-articles/) * Automate Gurucul Behavior... # Automate Gurucul Behavior Analytics Threat Detection and Response Workflows [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fautomate-gurucul-behavior-analytics-threat-detection-and-response-workflows%2F) [](https://twitter.com/share?text=Automate+Gurucul+Behavior+Analytics+Threat+Detection+and+Response+Workflows&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fautomate-gurucul-behavior-analytics-threat-detection-and-response-workflows%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fautomate-gurucul-behavior-analytics-threat-detection-and-response-workflows%2F&title=Automate+Gurucul+Behavior+Analytics+Threat+Detection+and+Response+Workflows&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/automate-gurucul-behavior-analytics-threat-detection-and-response-workflows/&ts=markdown) \[\](mailto:?subject=Automate Gurucul Behavior Analytics Threat Detection and Response Workflows) Link copied By [Emily Laufer](https://www.paloaltonetworks.com/blog/author/emily-laufer/?ts=markdown "Posts by Emily Laufer") Apr 20, 2021 2 minutes [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown) [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [behavior analytics](https://www.paloaltonetworks.com/blog/tag/behavior-analytics/?ts=markdown) [Cortex XSOAR Marketplace](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar-marketplace/?ts=markdown) [Detection](https://www.paloaltonetworks.com/blog/tag/detection/?ts=markdown) [Gurucul](https://www.paloaltonetworks.com/blog/tag/gurucul/?ts=markdown) [high risk](https://www.paloaltonetworks.com/blog/tag/high-risk/?ts=markdown) [high risk devices](https://www.paloaltonetworks.com/blog/tag/high-risk-devices/?ts=markdown) [high risk users](https://www.paloaltonetworks.com/blog/tag/high-risk-users/?ts=markdown) [improve accuracy](https://www.paloaltonetworks.com/blog/tag/improve-accuracy/?ts=markdown) [incident prioritization](https://www.paloaltonetworks.com/blog/tag/incident-prioritization/?ts=markdown) [marketplace](https://www.paloaltonetworks.com/blog/tag/marketplace/?ts=markdown) [network analytics](https://www.paloaltonetworks.com/blog/tag/network-analytics/?ts=markdown) [reduce cyber risk](https://www.paloaltonetworks.com/blog/tag/reduce-cyber-risk/?ts=markdown) [reduce false positives](https://www.paloaltonetworks.com/blog/tag/reduce-false-positives/?ts=markdown) [Response](https://www.paloaltonetworks.com/blog/tag/response/?ts=markdown) [risk based approach](https://www.paloaltonetworks.com/blog/tag/risk-based-approach/?ts=markdown) [Security Automation](https://www.paloaltonetworks.com/blog/tag/security-automation/?ts=markdown) [security operations](https://www.paloaltonetworks.com/blog/tag/security-operations/?ts=markdown) [SOAR content](https://www.paloaltonetworks.com/blog/tag/soar-content/?ts=markdown) [SOAR playbooks](https://www.paloaltonetworks.com/blog/tag/soar-playbooks/?ts=markdown) [threat](https://www.paloaltonetworks.com/blog/tag/threat/?ts=markdown) [unified security and risk analytics](https://www.paloaltonetworks.com/blog/tag/unified-security-and-risk-analytics/?ts=markdown) Existing cybersecurity point solutions like Firewalls, DLP tools, and traditional SIEMs don't provide actionable context about risks they may detect. These sorts of conventional technologies focus on events and deliver a flood of information and alerts. This pervasive paradigm presents events and incidents without the context necessary to remediate threats efficiently at scale. Gurucul uses a risk-based approach to help analysts prioritize the right incident that will make the most impact for investigation. This has enabled customers to achieve a 99.5% efficiency rate for true positive incidents and improve the accuracy of investigations. These savings are delivered by leveraging Gurucul's comprehensive risk engine that performs continuous behavioral risk scoring on vendor agnostic data lakes and a library of more than 2,000 pre-packaged machine learning models aligned with key use cases, telemetry, industry verticals, and threat and compliance frameworks including MITRE ATT\&CK, PCI-DSS, and more. Now available in the Cortex XSOAR Marketplace, Gurucul's integrated content pack delivers end-to-end workflow automation for anomalous, high risk users and entities or devices. Gurucul's Unified Security and Risk Analytics platform automates context gathering and enriches Cortex XSOAR data with historical information about users, entities, and accounts to significantly improve the speed of threat investigations and time to resolution. Gurucul content pack for Cortex XSOAR enables you to: * Automatically sync incidents between the Cortex XSOAR and Gurucul platforms * Trigger fully automated remediation playbooks in Cortex XSOAR instantly from Gurucul incidents to reduce response times * Assign a risk score to anomalous users and entities and enrich events with metadata including threat indicators, behavior baselines, and event details for prioritized incident analysis in Cortex XSOAR * Leverage the full power and features of Cortex XSOAR for your Gurucul workflows * Address key Gurucul network and user behavior analytics use cases across your automated security workflows including insider threats, data exfiltration, account compromise, privileged access abuse, cloud security access, zero-day exploits, malware, and IoT threats The Gurucul Unified Security and Risk Analytics platform drives high efficacy threat detection and automated response with machine learning based behavior analytics. There are hundreds of use cases, all focused on predicting and detecting risky anomalous behavior before a malicious insider or cybercriminal can do harm. For more information on the Gurucul use cases, please visit: [https://gurucul.com](https://gurucul.com). To learn more about the Cortex XSOAR Marketplace and download the Gurucul content pack, visit [https://www.paloaltonetworks.com/cortex/xsoar/marketplace](https://www.paloaltonetworks.com/cortex/xsoar/marketplace). *** ** * ** *** ## Related Blogs ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [#### Mitigate Risk and Increase Identity Awareness with Cortex XSOAR and SailPoint](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/sailpoint-xsoar-partnership/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [#### Building a Cyber Immune Company Culture with Cortex XSOAR and SecurityAdvisor](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/security-advisor-xsoar/) ### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [#### Alert Investigation and Response Just Got Easier with the Digital Shadows Threat Intelligence Pack Available Now via the Cortex XSOAR Marketplace](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/alert-investigation-and-response-just-got-easier-with-the-digital-shadows-threat-intelligence-pack-available-now-via-the-cortex-xsoar-marketplace/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown) [#### Protect Your Network from IoT Devices By Using Cortex XSOAR and Sepio Systems](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/security-operations-sepiosystems-xsoar/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Auto-Quarantine Phishing Threats with Cortex XSOAR and Cofense Vision](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/auto-quarantine-phishing-threats-with-cortex-xsoar-and-cofense-vision/) ### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown) [#### Use VMRay Analyzer's Contextual Threat Intelligence for Automated Threat Hunting in Cortex XSOAR](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/use-vmray-analyzers-contextual-threat-intelligence-for-automated-threat-hunting-in-cortex-xsoar/) ### Subscribe to Security Operations Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language