Code42 + Palo Alto Networks

Get Started

Speed detection and automate response to insider threats

Code42 integrates with Palo Alto Networks Cortex XSOAR (previously Demisto) to provide accelerated incident response and automated remediation to potential file exfiltration from insiders happening across endpoints, email, cloud and SaaS applications. The Code42 exfiltration playbook in Cortex XSOAR investigates potential file exfiltration and provides fast access to file events and metadata across physical and cloud environments.

Code42 together with Cortex XSOAR enables security teams to scale, standardize and accelerate their overall incident response process for insider threats, so they can quickly detect and respond to data risk when employees or temporary workers leave your organization.

Benefits of the Code42 + Palo Alto Networks Cortex XSOAR integration

Faster response


Streamline alerts and automate workflows to reduce the time it takes to detect and respond to insider threats such as departing employees.

Complete context


Quickly investigate file exposure or exfiltration across endpoints, email, cloud and SaaS apps – without leaving Cortex XSOAR.

Increased productivity


Close incident tickets faster by automating response and remediation procedures via Cortex XSOAR.

Integration features

Automate workflows

Automate insider threat incident response by ingesting Code42 file exfiltration alerts into Cortex XSOAR to trigger Code42 playbooks or other security workflows.

Manage departing employees

Add or remove employees from the Code42 risk detection lens for departing employees from within Cortex XSOAR.

Forensic search

Obtain complete incident context about exfiltrated files, including user, file and exposure type, file size, and data source.

Actionable insights

Leverage hundreds of Cortex XSOAR third-party product integrations to coordinate response across security functions based on insights from Code42.

Insider threat ecosystem

Leverage Code42 to establish insider threat processes and maximize the potential of your existing security investments.

Integration features

Automate workflows

Automate insider threat incident response by ingesting Code42 file exfiltration alerts into Cortex XSOAR to trigger Code42 playbooks or other security workflows.

Manage departing employees

Add or remove employees from the Code42 risk detection lens for departing employees from within Cortex XSOAR.

Forensic search

Obtain complete incident context about exfiltrated files, including user, file and exposure type, file size, and data source.

Actionable insights

Leverage hundreds of Cortex XSOAR third-party product integrations to coordinate response across security functions based on insights from Code42.

Insider threat ecosystem

Leverage Code42 to establish insider threat processes and maximize the potential of your existing security investments.

FEATURED USE CASE

Ingest File Exfiltration Alerts From Code42 Into Cortex XSOAR to Automate Response


Challenge: With disparate security tools, teams and processes, it is challenging to detect, investigate and respond to an insider threat incident due to fragmented information and lack of a centralized view.

Solution: Security teams that use Code42 and Cortex XSOAR can automate insider threat incident response and trigger playbooks by ingesting Code42 file exfiltration alerts into Cortex XSOAR. Furthermore, security teams can search file events and metadata within Cortex XSOAR to obtain additional details about the risky file movement in seconds, significantly reducing the time it takes to detect and respond to insider threats.

Benefit: Cortex XSOAR playbooks together with Code42 enables security teams to close incidents with speed and at scale by automating response actions and remediation procedures via Cortex XSOAR.