Skip to content

technology integration

Incydr™ + Palo Alto Networks

Launch Live Demo

Speed detection and automate response to insider risk

Incydr integrates with Palo Alto Networks Cortex XSOAR (previously Demisto) to provide accelerated incident response and automated remediation to potential file exfiltration from insiders happening across endpoints, email, cloud and SaaS applications. The Incydr exfiltration playbook in Cortex XSOAR investigates potential file exfiltration and provides fast access to file events and metadata across physical and cloud environments.

Incydr together with Cortex XSOAR enables security teams to scale, standardize and accelerate their overall incident response process for Insider Risk, so they can quickly detect and respond to data risk when employees or contractors leave your organization.

Benefits of the Incydr + Palo Alto Networks Cortex XSOAR integration

Streamline alerts and automate workflows to reduce the time it takes to detect and respond to Insider Risk such as departing employees.

Quickly investigate file exposure or exfiltration across endpoints, email, cloud and SaaS apps – without leaving Cortex XSOAR.

Close incident tickets faster by automating response and remediation procedures via Cortex XSOAR.

Integration features

Automate workflows

Automate Insider Risk incident response by ingesting Incydr file exfiltration alerts into Cortex XSOAR to trigger Incydr playbooks or other security workflows.

Obtain complete incident context about exfiltrated files, including user, file and exposure type, file size, and data source.

Insider Risk Ecosystem

Leverage Incydr to establish Insider Risk processes and maximize the potential of your existing security investments.

Manage departing employees

Add or remove employees from the Incydr risk detection lens for departing employees from within Cortex XSOAR.

Actionable insights

Leverage hundreds of Cortex XSOAR third-party product integrations to coordinate response across security functions based on insights from Incydr.


Search risky file movement in Cortex XSOAR and get event details within seconds

Security teams that use Incydr and Cortex XSOAR can automate Insider Risk incident response and trigger playbooks by ingesting Incydr file exfiltration alerts into Cortex XSOAR. Furthermore, security teams can search file events and metadata within Cortex XSOAR to obtain additional details about the risky file movement in seconds, significantly reducing the time it takes to detect and respond to Insider Risk.

  • An R&D employee uploads source code to a personal Dropbox account.
  • Incydr alerts about this high severity event.
  • Cortex XSOAR removes Role-based Access Control permissions.
  • A security administrator reaches out to the user via Slack to request files be deleted from his personal Dropbox.
  • A security architect can also ensure that files are deleted during a live video call over Zoom.