Cortex XSOAR, as the name suggests, is a security orchestration, automation, and response (SOAR) platform. It aims to be used as a comprehensive, unified platform that aggregates the various functions and workflows of an organisation's sec ops team. It focuses on case management, automation, threat management, and real-time collaboration.

What is the Cortex XSOAR Marketplace?

The Cortex XSOAR Marketplace is the central hub where users can browse, purchase, and deploy integrations between the main platform and third-party apps.

The ecosystem is particularly healthy, with the company claiming to house the largest integration repository supported by the largest SOAR community in the world. While that might seem like a boast, the numbers are in its favour as the marketplace includes over 850 native integrations and automation content packs supported by Palo Alto Networks, community coders, and their service partners.

What are the benefits of Cortex XSOAR Marketplace?

Some of the strengths of this marketplace include the wide range of integrations and supported apps right out of the box, the ease of connecting pre-built integrations to your systems, as well as the berth of content packs on offer.

The content packs on offer are pre-built bundles of various integrations, dashboards, playbooks, and services designed to support specific security orchestration use cases. Essentially, they are one-stop packages to help your organisation deal with specific issues or tasks that are frequently part of the day-to-day security operations.

What is the cost of using the Cortex XSOAR Marketplace?

The majority of the integrations housed in the marketplace are free. Out of the box, the bulk of what is available can be easily accessible and ported to your systems. Nevertheless, there has been a growing number of "Premium" integrations appearing since 2021, with pricing based on a case-by-case basis between your organisation and the provider.

Fortunately, most of the common use cases can be addressed with the Free integrations and content packs. However, if your organisation is more complex - and crucially larger than average in your sector - you will need to invest in a premium integration that can handle more tasks and offer your team more bandwidth.

Even then, it’s important to note that many of the Premium subscriptions come with limitations that may or may not impact your organisation depending on its needs. Ultimately, depending on your setup and data needs, seeking a custom solution may be both necessary and more expedient.

Considering venturing into high volume security automation and integration? Metron has experience integrating multiple SOAR platforms with third-party apps and systems, along with setting up automation components.

If you are considering any custom cybersecurity solution that focuses on the resources and needs of your organisation, please send a note to connect@metronlabs.com.