* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Security Operations](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/)
* [Partner Integrations](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/category/partner-integrations/)
* Coordinating And Integrat...

# Coordinating And Integrating Security Platforms Gives Cyber Teams Superpowers

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsafebreach-cortex-xsoar-integration%2F)  
[](https://twitter.com/share?text=Coordinating+And+Integrating+Security+Platforms+Gives+Cyber+Teams+Superpowers&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsafebreach-cortex-xsoar-integration%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Fsafebreach-cortex-xsoar-integration%2F&title=Coordinating+And+Integrating+Security+Platforms+Gives+Cyber+Teams+Superpowers&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/safebreach-cortex-xsoar-integration/&ts=markdown)  
\[\](mailto:?subject=Coordinating And Integrating Security Platforms Gives Cyber Teams Superpowers)  
Link copied  
By [Corinna Krueger](https://www.paloaltonetworks.com/blog/author/corinna-krueger/?ts=markdown "Posts by Corinna Krueger")  
Sep 10, 2020  
3 minutes  
[Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown)  
[Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown)  
[security orchestration](https://www.paloaltonetworks.com/blog/tag/security-orchestration/?ts=markdown)  
[SOAR](https://www.paloaltonetworks.com/blog/tag/soar-2/?ts=markdown)  
[threat intelligence](https://www.paloaltonetworks.com/blog/tag/threat-intelligence/?ts=markdown)

In cybersecurity, coordination and information sharing is beyond important. Proper integration of the key systems required to maintain your security posture is what enables security teams to succeed in an increasingly complex threat environment. This is why we at SafeBreach^TM^ are so excited to have joined a select group as a launch partner for the Palo Alto Networks Cortex XSOAR^TM^ Marketplace. Security teams using Cortex XSOAR can validate their security controls with SafeBreach, and can stream relevant breach-and-attack simulation results and Indicators of Compromise (IoCs) from SafeBreach into Cortex XSOAR. The Cortex XSOAR platform can then automatically orchestrate remediation of low-level IoCs via integrated endpoint and network security solutions. Sharing information and working together in an integrated ecosystem gives our shared customers superpowers.

# How Integration Helps Security Teams Uplevel Security Posture

Consider the following scenario: A security analyst is notified by their threat intel system of a new series of attacks from APT29 that seem to be focused on companies in a related industry. They figure APT29 is going to come after their organization next. SafeBreach correlates the Threat Intelligence feeds to the current SafeBreach Hacker's Playbook, builds new attacks based on updated indicators, and triggers the most relevant attack methods to run across the analysts enterprise.

After running the simulations, SafeBreach identifies a handful of misconfigured controls and security gaps that need to be fixed to shore up the security stance against APT29. SafeBreach prescribes specific actions for the SecOps and vulnerability management teams. The fixes identified by SafeBreach are automatically streamed into Cortex XSOAR for automated remediation or to create a ticket and kick off a remediation workflow that requires human involvement.

This is a much faster and effective way to run SecOps. If these systems were not integrated, then the above process would likely be mostly manual and take months to complete. With Cortex XSOAR pulling insights from SafeBreach, low-level indicators can be immediately remediated; behavioral indicators can be examined and potentially remediated within hours. Overall, the integration provides SecOps teams with a fast metabolism to automate the easy analysis and remediation work while expediting the harder cases focused on less obvious behavioral indicators.

## Technology and Business Benefits: Manage Risks Smarter, Prevent Breaches

Working together, SafeBreach and Cortex XSOAR can help teams improve their security stance, cover the most important security ground faster, and reduce critical business cyber risk. More specifically, teams can radically improve efficiency and efficacy by:

* Discovering security gaps through continuous breach and attack simulation (SafeBreach)
* Automatically remediating and validating missed IOCs (Cortex XSOAR)
* Orchestrating remediation of behavioral IOCs (Cortex XSOAR)
* Maximizing the effectiveness of existing security controls (SafeBreach)

These benefits have potential to drive substantial tangible business impacts. For example, when security teams integrate BAS, SOAR, EDR/XDR and network controls they may:

* Reduce the likelihood of breaches
* Save time by moving from manual to automated workflows
* Improve compliance coverage and simplify IT security audits
* Allow CISOs to optimize and get the most bang for their buck from their security controls

The business and technology benefits of integration and a robust ecosystem of security technology partners are even more impactful in the current environment of economic distress. Security budgets are being cut and teams are looking to do more with less while still improving their capabilities. The best way to achieve this is cooperation, collaboration, and integration. Integrating the world's most widely used breach-and-attack-simulation platform with Cortex XSOAR and other detection and response and network controls solution partners is an easy way to give cybersecurity teams the superpowers that differentiate great security from merely good or adequate security.

*** ** * ** ***

## Related Blogs

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### Build a Champion SOC with Best in Class Threat Intelligence from VirusTotal and Cortex XSOAR](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/virustotal-welcome-xsoar-marketplace/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown)

[#### WootCloud Joins Palo Alto Networks' Cortex XSOAR Marketplace](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/wootcloud-joins-palo-alto-networks-cortex-xsoar-marketplace/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown)

[#### Deloitte's Cloud Migration Success: Transforming SecOps with Cortex XSOAR](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/deloittes-cloud-migration-success-transforming-secops-with-cortex-xsoar/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Introducing Cortex Canvas: Unleashing the Power of Visual Storytelling](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/introducing-cortex-canvas-unleashing-the-power-of-visual-storytelling/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Bootstrap Your Threat Intel Management Program With Free Feeds and IOC Enrichers](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/bootstrap-your-threat-intel-management-program-with-free-feeds-and-ioc-enrichers/)  
[#### Playbook of the Week: Microsoft Office and Windows HTML RCE CVE-2023-36884 Rapid Response](https://origin-researchcenter.paloaltonetworks.com/blog/security-operations/playbook-of-the-week-microsoft-office-and-windows-html-rce-cve-2023-36884-rapid-response/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language