Business Software for Cortex XSOAR

Top Software that integrates with Cortex XSOAR as of July 2025

Compare business software, products, and services to find the best solution for your business or organization. Use the filters on the left to drill down by category, pricing, features, organization size, organization type, region, user reviews, integrations, and more. View and sort the products and solutions that match your needs in the results below.

  • 1
    Cyberint Argos Platform
    Cyberint is a global threat intelligence provider focusing on helping its clients to proactively protect their businesses against cyber threats coming from beyond the traditional security perimeters. Manage exposure, prioritize threats, and reduce cyber risk with Argos, Cyberint’s Impactful Intelligence platform. Protect your organization from an array of external cyber risks with a single comprehensive solution. Continuously uncover known and unknown vulnerabilities and weaknesses. From exposed web Interfaces and cloud Storage exposure to email security issues and open ports, Argos’ autonomous discovery maps out your external exposures and prioritize for impactful remediation. Cyberint serves leading brands worldwide including Fortune 500 companies across industries such as finance, retail, ecommerce, gaming, media, and more.
  • 2
    Intezer Analyze
    Intezer automates Tier 1 SOC tasks, working like an extension of your team. Intezer can monitor incoming incidents from endpoint, email, or SIEM tools, then "autonomously" collects evidence, investigates, triages, triggers remediation action, and escalates only the the serious threats to your team for human intervention. Fast set up and integrations with your SOC and IR teams workflows (EDR, SOAR, SIEM, etc.) means you can starting filtering out false positives, get detailed analysis about every threat, and speed up your incident response time. Make sure every incident and artifact (such as files, URLs, endpoint memory, etc.) gets deeply analyzed, detecting malicious code in memory and other evasive threats.
    Starting Price: Free
  • 3
    urlscan.io

    urlscan.io

    urlscan.io

    urlscan.io is a free service to scan and analyze websites. When a URL is submitted to urlscan.io, an automated process will browse to the URL like a regular user and record the activity that this page navigation creates. This includes the domains and IPs contacted, the resources (JavaScript, CSS, etc.) requested from those domains, as well as additional information about the page itself. urlscan.io will take a screenshot of the page, and record the DOM content, JavaScript global variables, cookies created by the page, and a myriad of other observations. If the site is targeting the users of one of the more than 900 brands tracked by urlscan.io, it will be highlighted as potentially malicious in the scan results. Our mission is to allow anyone to easily and confidently analyze unknown and potentially malicious websites. Just like you would use a malware sandbox to analyze suspicious files, you can use urlscan.io to do the same thing but with URLs.
    Starting Price: $500 per month
  • 4
    Edge Delta

    Edge Delta

    Edge Delta

    Edge Delta is a new way to do observability that helps developers and operations teams monitor datasets and create telemetry pipelines. We process your log data as it's created and give you the freedom to route it anywhere. Our primary differentiator is our distributed architecture. We are the only observability provider that pushes data processing upstream to the infrastructure level, enabling users to process their logs and metrics as soon as they’re created at the source. We combine our distributed approach with a column-oriented backend to help users store and analyze massive data volumes without impacting performance or cost. By using Edge Delta, customers can reduce observability costs without sacrificing visibility. Additionally, they can surface insights and trigger alerts before data leaves their environment.
    Starting Price: $0.20 per GB
  • 5
    ANY.RUN

    ANY.RUN

    ANY.RUN

    ANY.RUN is an online interactive sandbox for DFIR/SOC investigations. The service gives access to fast malware analysis and detection of cybersecurity threats. The effectiveness of the solution has been proven by over 500,000 active users who find new threats with ANY.RUN daily. ANY.RUN provides an interactive sandbox for malware analysis, offering deep visibility into threat behavior in a secure, cloud-based environment with Windows, Linux, and Android support. It helps SOC teams accelerate monitoring, triage, DFIR, and threat hunting — enabling them to analyze more threats in a team and process more alerts in less time. Learn more at ANY.RUN's website.
  • 6
    Indent

    Indent

    Indent

    Good security is necessary, but it doesn't need to be slow or painful, faster access unlocks more revenue. Give on-demand access that’s faster and easier, without frustrating your team. Users request access to apps, managers approve or deny them from Slack, and it's all auditable. End the process of manually cat herding approvals. Every time access is granted, it's a potential security risk. Indent helps teams scale security and least privilege by shifting users to temporary access without slowing down. Automate spreadsheet-based workflows needed for SOC 2, SOX, ISO, and HITRUST with controls and policies baked directly into access request workflows. Only provide access when it's needed instead of issuing permanent access, reducing your license footprint. Indent delivers cost savings without adding friction for end users. When you’re leading a fast-growing company toward success, your team needs to take big risks to deliver big returns.
    Starting Price: $8 per month
  • 7
    Keepnet Labs

    Keepnet Labs

    Keepnet Labs

    Keepnet’s extended human risk management platform empowers organizations to build a security culture with AI-driven phishing simulations, adaptive training, and automated phishing response, helping you eliminate employee-driven threats, insider risks, and social engineering across your organization and beyond. Keepnet continuously assesses human behaviors through AI-driven phishing simulations across email, SMS, voice, QR codes, MFA, and callback phishing to reduce human-driven cyber risks. Keepnet's adaptive training paths are tailored to individual risk levels, roles, and cognitive behaviors, ensuring that secure behaviors are embedded to continuously reduce human cyber risk. Keepnet empowers employees to report threats instantly. Using AI-driven analysis and automated phishing responses, security admins respond 168x faster. Detects employees who frequently click phishing links, mishandle data, or ignore security policies.
    Starting Price: $1
  • 8
    Coralogix

    Coralogix

    Coralogix

    Coralogix is the leading stateful streaming platform providing modern engineering teams with real-time insights and long-term trend analysis with no reliance on storage or indexing. Ingest data from any source for a centralized platform to manage, monitor, and alert on your applications. As data is ingested, Coralogix instantly narrows millions of events down to common patterns for deeper insights and faster troubleshooting. Machine learning algorithms continuously observe data patterns and flows between system components and trigger dynamic alerts so you know when a pattern deviates from the norm without static thresholds or the need for pre-configurations. Connect any data, in any format, and view your insights anywhere including our purpose-built UI, Kibana, Grafana, SQL clients, Tableau, or using our CLI and full API support. Coralogix has successfully completed relevant security and privacy compliances by BDO including GDPR, SOC 2, PCI, HIPAA, and ISO 27001/27701.
  • 9
    XM Cyber

    XM Cyber

    XM Cyber

    Networks change constantly and that creates problems for IT and security operations. Gaps open exposing pathways that attackers can exploit. While enterprise security controls like firewalls, intrusion prevention, vulnerability management and endpoint tools attempt to secure your network, breaches are still possible. The last line of defense must include constant analysis of daily exposures caused by exploitable vulnerabilities, common configuration mistakes, mismanaged credentials and legitimate user activity that exposes systems to risk of attack. Why are hackers still successful despite significant investments in security controls? Several factors make securing your network difficult, mostly because of overwhelming alerts, never-ending software updates and patches, and numerous vulnerability notifications. Those responsible for security must research and evaluate piles of data without context. Risk reduction is almost impossible.
  • 10
    BreachRx

    BreachRx

    BreachRx

    BreachRx is the first intelligent cybersecurity incident response management (CIRM) platform. Fortune 500 companies, including leading transportation, financial, pharmaceutical, retail, telecom, and hospitality organizations, choose BreachRx to provide operational resilience across the entire enterprise during a cyber crisis. Its patented technology brings order to the chaos before, during, and after incidents by automatically generating tailored incident response plans and providing targeted guidance to relevant stakeholders through every step of the process. Integrated privileged communication channels and audit trails ensure compliance with rapidly evolving standards and proactively protect CISOs and executive leadership from personal liability.
  • 11
    Agari

    Agari

    Fortra

    Use Trusted Email Identity to protect workers and customers from advanced email attacks. Advanced email attacks target a major security vulnerability that legacy email security controls do not address. Agari gives employees, customers, and partners the confidence to trust their inbox. Unique AI with over 300m daily machine learning model updates understands the good to protect you from the bad. Global intelligence powered by trillions of global email messages provide deep insights into behaviors and relationships. Years of experience defining the email security standards that have been adopted by Global 2000 companies.
  • 12
    Tenable One
    Tenable One radically unifies security visibility, insight and action across the attack surface, equipping modern organizations to isolate and eradicate priority cyber exposures from IT infrastructure to cloud environments to critical infrastructure and everywhere in between. The world’s only AI-powered exposure management platform. See every asset across your entire attack surface—from cloud environments to operational technologies, infrastructure to containers, and remote workers to modern web-apps with Tenable's market-leading vulnerability management sensors. With more than 20 trillion aspects of threat, vulnerability, misconfiguration and asset information, Tenable’s machine-learning powered predictions reduce remediation efforts by enabling you to focus first on the risks that matter most. Drive improvements required to reduce the probability of a business-impacting cyber event from occurring by communicating objective measures of risk.
  • 13
    PassiveTotal
    RiskIQ PassiveTotal aggregates data from the whole internet, absorbing intelligence to identify threats and attacker infrastructure, and leverages machine learning to scale threat hunting and response. With PassiveTotal, you get context on who is attacking you, their tools and systems, and indicators of compromise outside the firewall—enterprise and third party. Investigation can go fast, really fast. Find answers quickly with over 4,000 OSINT articles and artifacts. Along with 10+ years of mapping the internet, RiskIQ has the deepest and broadest security intelligence on earth. By absorbing web data like Passive DNS, WHOIS, SSL, hosts and host pairs, cookies, exposed services, ports, components, and code. With curated OSINT and proprietary security intelligence, you can see everything—from every angle—on the digital attack surface. Take charge of your digital presence and combat threats to your organization.
  • 14
    ARIA SDS Packet Intelligence

    ARIA SDS Packet Intelligence

    ARIA Cybersecurity Solutions

    The ARIA Packet Intelligence (PI) application gives OEMs, service providers, and security professionals a better way to use SmartNIC technology to support two important use cases: advanced packet-level network analytics and cyber-threat detection, response, and containment. Network analytics: ARIA PI provides complete visibility into all network traffic and feeds valuable analytics data to packet delivery accounting tools, quality of service systems, and SLA monitoring applications. All of this helps companies provide better service and maximize revenues tied to usage-based billing. Cyber-threat detection, response, and containment: ARIA PI also feeds metadata to threat detection tools for complete visibility into all network traffic, including east-west data flows. This improves the effectiveness of existing security solutions, such as SIEMs and IDS/IPS tools, and gives security teams a better way to detect, respond, contain, and remediate even the most advanced cyber threats.
  • 15
    Recorded Future

    Recorded Future

    Recorded Future

    Recorded Future is the world’s largest provider of intelligence for enterprise security. By combining persistent and pervasive automated data collection and analytics with human analysis, Recorded Future delivers intelligence that is timely, accurate, and actionable. In a world of ever-increasing chaos and uncertainty, Recorded Future empowers organizations with the visibility they need to identify and detect threats faster; take proactive action to disrupt adversaries; and protect their people, systems, and assets, so business can be conducted with confidence. Recorded Future is trusted by more than 1,000 businesses and government organizations around the world. The Recorded Future Security Intelligence Platform produces superior security intelligence that disrupts adversaries at scale. It combines analytics with human expertise to unite an unrivaled variety of open source, dark web, technical sources, and original research.
  • 16
    Qintel CrossLink
    When users first open CrossLink they are met with the words “Know More.” This ethos powers CrossLink. How can we help everyone, be it a SOC analyst, an investigator, or an incident responder, tell a better story around their own data? Search results from six synergistic verticals of network and actor-centric data quickly provide key information that can be assembled and shared across an organization with the click of a button. CrossLink was designed to address the deficiencies in the current marketplace by a team of analysts who have decades of hands-on experience investigating a full range of threats. Data verticals include an unparalleled range of actor profiles, communications, historical Internet registration records, IP reputation, digital currency records, and passive DNS telemetry that jump-start investigations into actors and incidents. CrossLink provides users with the ability to create alerts and lightweight management functions via shareable case folders.
  • 17
    SCADAfence

    SCADAfence

    SCADAfence

    SCADAfence is the global technology leader in OT & IoT cyber security. SCADAfence offers a full suite of industrial cybersecurity products that provides full coverage of large-scale networks, offering best-in-class network monitoring, asset discovery, governance, remote access and IoT device security. SCADAfence offers a full suite of industrial cybersecurity products that provides full coverage of large-scale networks, offering best-in-class network monitoring, asset discovery, governance, remote access and IoT device security. Reduce your organization's mean time to detect (MTTD) and mean time to recovery (MTTR) by working with a team of seasoned veterans who are OT security subject matter experts. In your monthly OT security report, you will have a better understanding of each OT asset in your network while providing you with proper remediation of threats before the vulnerabilities can be exposed.
  • 18
    SCYTHE

    SCYTHE

    SCYTHE

    SCYTHE is an adversary emulation platform for the enterprise and cybersecurity consulting market. The SCYTHE platform enables Red, Blue, and Purple teams to build and emulate real-world adversarial campaigns in a matter of minutes. SCYTHE allows organizations to continuously assess their risk posture and exposure. SCYTHE moves beyond just assessing vulnerabilities. It facilitates the evolution from Common Vulnerabilities and Exposures (CVE) to Tactics, Techniques, and Procedures (TTPs). Organizations know they will be breached and should focus on assessing detective and alerting controls. Campaigns are mapped to the MITRE ATT&CK framework, the industry standard and common language between Cyber Threat Intelligence, Blue Teams, and Red Teams. Adversaries leverage multiple communication channels to communicate with compromised systems in your environment. SCYTHE allows you to test detective and preventive controls for various channels.
  • 19
    Joe Sandbox

    Joe Sandbox

    Joe Security

    Tired of high level malware analysis? Perform one of the deepest analysis possible - fully automated or manual - from static to dynamic, from dynamic to hybrid, from hybrid to graph analysis. Rather than focus on one, use the best of multiple technologies including hybrid analysis, instrumentation, hooking, hardware virtualization, emulation and machine learning / AI. Check out our reports to see the difference. Deeply analyze URLs to detect phishing, drive by downloads, tech scam and more. Joe Sandbox uses an advanced AI based algorithm including template matching, perptual hashing, ORB feature detection and more to detect the malicious use of legit brands on websites. Add your own logos and templates to extend the detection capabilities. Interact with the sandbox through Live Interaction - directly from your browser. Click through complex phishing campains or malware installers. Test your software against backdoors, information leakage and exploits (SAST and DAST).
  • 20
    IONIX

    IONIX

    IONIX

    Modern enterprises leverage countless partners and third-party solutions to enrich online services, improve operations, grow their business, and serve customers. In turn, each of these resources connect with countless more to create a growing and dynamic ecosystem of mostly unmonitored and unmanaged assets. These hyperconnected ecosystems represent a vast new attack surface that falls outside of the traditional security perimeter and enterprise risk management strategies. IONIX protects and secures enterprises from this new attack vector. IONIX is the only External Attack Surface Management platform that enables organizations to find and eliminate risks in their entire digital supply chain. Enterprises gain deep visibility and control of hidden risks stemming from Web, Cloud, PKI, DNS misconfigurations or vulnerabilities. Integrates via API or natively with Microsoft Azure Sentinel, Atlassian JIRA, Splunk, Cortex XSOAR, and more.
  • 21
    Phosphorus

    Phosphorus

    Phosphorus Cybersecurity

    Phosphorus is the backbone tool to secure the rapidly growing and often unmonitored enterprise IoT landscape. Providing visibility down to the device model and firmware version, Phosphorus gives you full, granular visibility into all embedded devices on your network. Phosphorus’s patented capabilities allow you to update all of your IoT devices to the latest firmware and rotate credentials at the click of a button. Unlike traditional scanners that search for vulnerabilities or require expensive Spanports, Phosphorus’s scanner provides light-touch detection of all IP-enabled IoT devices on your network without “knocking them over”. Gain full enterprise protection with our solutions. Audit IoT inventories. Meet compliance requirements and industry regulations. Automate key tasks like policy enforcement and patching updates – all at a fraction of the cost.
  • 22
    Google Digital Risk Protection
    Learn what a digital risk protection solution is and how it can help you be better prepared by understanding who is targeting you, what they’re after, and how they plan to compromise you. Google Digital Risk Protection delivers a broad digital risk protection solution either via stand-alone self-managed SaaS products or a comprehensive service. Both options give security professionals visibility outside their organization, the ability to identify high-risk attack vectors, malicious orchestration from the deep and dark web, and attack campaigns on the open web.  The Google Digital Risk Protection solution also provides contextual information on threat actors and their tactics, techniques, and procedures to provide a more secure cyber threat profile. Gain visibility into risk factors impacting the extended enterprise and supply chain by mapping your attack surface and monitoring deep and dark web activity.
  • 23
    ShadowPlex

    ShadowPlex

    Acalvio Technologies

    Organizations are turning to active defense solutions based on advanced deception because they are low-risk to deploy and avoid the false-positive issues of alternative approaches. Acalvio’s offering, ShadowPlex, has been architected to set a new standard for APT, ransomware, and malware mitigation, ShadowPlex centralizes the process. In the case of decoys (fake hosts or honeypots) they are hosted in a single area and then are strategically projected across the enterprise network, where they appear as realistic local assets. Furthermore, we change the complexity of a decoy on the fly in response to attacker engagement. This unique method of resource efficiency allows ShadowPlex to deliver both high-scale and depth of decoy realism. ShadowPlex automates and simplifies the configuration and deployment of deception objects. Combining pre-defined playbooks with an AI-based recommendation engine, the system self-generates and places the appropriate deception objects.
  • 24
    Longbow

    Longbow

    Longbow

    Longbow automates the analysis and correlation of issues from Application Security Testing (AST) tools, closing the gap between security teams and remediation teams and providing the best next actions to reduce the most risk with the least amount of investment. Longbow stands at the forefront of automatically analyzing and prioritizing security issues and remediation, from AST tools to VM, CNAPP tools, and more. Our product excels in identifying and addressing the root causes of security issues, offering tailored remediation solutions that can be immediately actioned. This capability is crucial in an industry inundated with disparate vendor ecosystems and a lack of clear direction for addressing security concerns. Our product is designed to empower security, application, and DevOps teams, enabling them to efficiently mitigate risks at scale. We seamlessly integrate, normalize, and unify cross-service contexts across all of your cloud security tools.
  • 25
    Filigran

    Filigran

    Filigran

    Embrace a proactive approach with end-to-end cyber threat management, from anticipation to response. Tailored to elevate cybersecurity through comprehensive threat intelligence, advanced adversary simulation, and strategic cyber risk management solutions. Get a holistic view of your threat environment and improved decision-making for faster incident response. Organize your cyber threat intelligence knowledge to enhance and disseminate actionable insights. Access consolidated view of threat data from multiple sources. Transform raw data into actionable insights. Enhance sharing and actionable insights dissemination across teams and tools. Streamline incident response with powerful case management capabilities. Create dynamic attack scenarios, ensuring accurate, timely, and effective response during real-world incidents. Build both simple and intricate scenarios tailored to various industry needs. Improve team dynamics with instant feedback on responses.
  • 26
    IPQS Device Fingerprinting
    Access over 25 data points for device fingerprinting details to analyze risk and device info. Device Fingerprinting by IPQS offers an unparalleled fraud detection solution capable of detecting even the most advanced fraudsters, bad actors, and cyber criminals. Scan over 300 data points (like operating system, screen resolution, fonts) to accurately identify fake devices, location spoofing, and high-risk behavior in a user's online fingerprint. Identify bots, automated behavior, device spoofing, & other high-confidence signals that the user is likely to engage in fraudulent behavior. Deploy JavaScript device fingerprinting for web devices or use our SDKs for mobile devices on iOS or Android. Robust risk scoring will accurately identify fake accounts, chargebacks, credential stuffing, bot behavior, and similar abuse. IPQS Device Fingerprinting can reveal advanced fraud techniques including the latest emulator software.
  • 27
    Sepio

    Sepio

    Sepio

    Detect, accurately identify, and manage your asset risks based on existence, not behavior. Augmented by OSINT data sources and internal cyber research, Sepio provides up-to-date intelligence on known asset vulnerabilities, so you don’t have to chase them. Granular parameters allow you to create and customize multiple differentiated policies that govern your entire ecosystem of IT, OT, and IoT assets so you have flexibility when it comes to managing your risks. Automated policy enforcement ensures immediate and uniformly applied action saving you from manual intervention so you can respond to asset risks and threats faster. Integration with third-party tools allows for expanded policy actions. Complete visibility to all of your assets, whether connected as a peripheral or a network element. Mitigate risks from uncontrolled or spoofing assets. Easy to operate, requiring low maintenance and minimal human intervention.
  • 28
    Polarity

    Polarity

    Polarity

    Polarity is a free-floating overlay that automatically searches unlimited sources in parallel to speed up analysis by enriching every tool and workflow. It allows users to add and enrich any information so they and their entire team or organization can stay on the same page and avoid duplicate work. When a user makes an annotation on any data today, their teammate will see that note when they see the same data in the future. Polarity enables users to search once and know everything their enterprise knows about a piece of data, both internally and externally. What used to take 50 tabs and most of your time now takes just 1 tab and 2 seconds, so you can focus on getting the job done, not searching for context. Users can connect Polarity to over 200 different tools inside of their environment or to external open-source tools. With Polarity’s flexible integration framework, anyone can develop a custom integration quickly and get visibility to any dataset.
  • 29
    Baits

    Baits

    MokN

    Baits is an innovative deception-based security solution designed to detect and neutralize credential theft before attackers can exploit stolen identities. By deploying realistic decoy authentication portals (e.g., VPN SSL, webmail), Baits tricks attackers into revealing compromised credentials, providing organizations with real-time threat intelligence and enabling them to act before a breach occurs. Unlike traditional monitoring solutions, Baits intercepts credentials that aren’t found on the dark web, as attackers often use them directly. The platform integrates seamlessly into security operations, helping organizations detect, track, and neutralize credential-based threats. Baits is ideal for enterprises looking to enhance proactive threat detection, strengthen identity security, and stay ahead of attackers.
  • 30
    TYCHON

    TYCHON

    TYCHON

    Tychon is an advanced endpoint analytics and remediation platform designed to provide comprehensive visibility and control over enterprise endpoints. It enables organizations to search, visualize, remediate, and monitor security compliance across all endpoints within a unified interface. Key features include real-time monitoring, historical data tracking, and rapid query capabilities, allowing for instant identification of threats and vulnerabilities. It offers dynamic dashboards that provide insights into critical cybersecurity violations and a centralized view of vital security areas. Tychon supports compliance with various standards, including STIG, CVE/IAVA, and endpoint protection, and integrates seamlessly with existing investments. It is lightweight and serverless, deploying through Intune/MECM, and is designed to operate in both cloud and on-premises environments.
  • Previous
  • You're on page 1
  • 2
  • Next