MDR on Cortex XDR: Palo Alto-native detection, governed by senior analysts.
The Fortgale European SOC 24·7·365 on the Cortex XDR console. Causality chain for automatic kill-chain reconstruction, <30 min median containment, native Palo Alto response.
European SOC 24·7·365L2/L3 analysts · direct interaction
Fortgale
◇
Multi-domain AI tier-zeroNoise reduced >90% by day 30
Fortgale
⚡
Native Cortex responseHost isolation in seconds
Live
◈
Proprietary intelligence34,000+ IoCs per week · European actors
Fortgale
MDR live, Cortex + Fortgale SOC active
Compliance
ISO/IEC 27001
NIS2 ready
DORA aligned
GDPR · ENISA
Technology partnership
Cortex XDR · Palo Alto Networks
MITRE ATT&CK aligned
OpenCTI
Why Fortgale + Palo Alto Cortex
Cortex XDR + Palo Alto firewalls, operated with proprietary CTI.
Cortex XDR is the Palo Alto Networks XDR with native NGFW telemetry integration. Particularly effective for customers already on the Palo Alto stack. Fortgale operates it with European analysts who tune detection on European TTPs.
01 ·
Cortex XDR · Palo Alto-native
Endpoint, network, cloud on single platform. Native ingestion from PAN-OS NGFW, Prisma Access SASE, Prisma Cloud CWP. Causality chain for automatic kill-chain reconstruction. Fortgale delivers detection and response on the platform modules Cortex XDR · Cortex XSIAM · Cortex XSOAR · Cortex Xpanse.
02 ·
European SOC 24·7·365
L2/L3 analysts specialised on Cortex XDR. Triage <15 min on Cortex alerts. Custom XQL detection rules tuned on European TTPs. 34,000+ IoCs per week applied as IoC rules.
03 ·
Native response + IR
Containment via Cortex XDR Response: Live Terminal, endpoint isolation, process kill, file quarantine. Direct escalation to Fortgale IR. Full NIS2 national CSIRT notification support.
How it works · architecture
Four blocks, one MDR cycle on Cortex XDR.
From PAN-OS + Cortex telemetry to Live Terminal response, all governed by Fortgale with European analysts and proprietary CTI on European markets.
01 ·
01 · Ingestion
Cortex agent + PAN-OS active
Cortex XDR agent on endpoints, native ingestion from PAN-OS NGFW, Prisma Access, Prisma Cloud, third-party sources. Telemetry normalised in Cortex Data Lake.
02 ·
02 · Tier-zero
Causality chain + custom XQL
Causality chain reconstructs kill-chains automatically. Fortgale develops custom XQL rules tuned on European actor TTPs. False positives reduced by over 90%.
03 ·
03 · Analysts
Our L2/L3 on Cortex
European SOC specialised on Cortex XDR. Triage on causality, hunting via XQL, attribution to actor. Decisions in your business language.
04 ·
04 · Response
Cortex Live Terminal + IR
Containment via Cortex Response: Live Terminal for forensic investigation, endpoint isolation, process kill, file quarantine. Direct escalation to Fortgale IR for critical incidents.
Proof · service metrics
Four numbers that hold MDR on Cortex up.
Metrics measured on real customer telemetry, Q1 2026, updated quarterly.
<30 min
Median containment from confirmed Cortex alert
>90 %
Noise reduced by causality chain + AI
Native
PAN-OS + Cortex integrated telemetry
10 days
Full onboarding Cortex XDR + PAN-OS
The problems MDR must solve
Five reasons Cortex alone is not enough.
The platform produces telemetry. What is missing is the people who read it around the clock, prioritise it and turn it into decisions.
01 ·
Alert fatigue
Tier-zero AI filters, analysts decide: noise reduced >90% by day 30. Every alert that reaches you is already a qualified case.
02 ·
Cortex expertise
L2/L3 analysts who operate the Cortex console every day: detection tuning, MITRE-mapped runbooks, native response on your platform.
03 ·
Operational experience
European SOC, headquartered in Milan since 2017, 24·7·365: median TTD <15 minutes, median TTC <30 minutes.
Proprietary CTI on 287 tracked adversary groups and attack tools: advisories, IOCs and actor profiles feed directly into detection on your platform.
Threat intelligence · attacks detected on Cortex
C2 beacons and ransomware contained on Cortex XDR + Palo Alto NGFW.
Selection of network + endpoint threats observed on Fortgale customers with Cortex. Cortex's automatic stitching unifies NGFW, endpoint and cloud events into the same incident.
Detection · Cortex Cortex XDR Behavioral Threat Protection + WildFire sandbox + anomalous DNS query correlation via DNS Security.
What the service includes
MDR on Cortex XDR, in detail.
Every component designed to leverage Cortex XDR + Palo Alto stack with European SOC governance and proprietary CTI.
01
Managed Cortex XDR
Cortex XDR licensing (or existing instance). Endpoint agent, NGFW data ingestion, Prisma integrations managed by Fortgale. Continuous tuning per environment.
02
Custom XQL detection
Custom XQL rules MITRE ATT&CK-mapped, tuned on European actor TTPs. Causality chain enrichment. New rules deployed monthly.
03
Proprietary CTI in Cortex
34,000+ IoCs per week from Fortgale OpenCTI imported as Cortex XDR IoC rules. Native enrichment of causality chain alerts.
04
Native Cortex response
Containment via Cortex Response: Live Terminal forensics, endpoint isolation, process kill, file quarantine, AD lockout. Cross-tool playbooks via Cortex XSOAR.
Cortex XSOAR available as add-on for advanced playbook orchestration: cross-tool response, automatic enrichment, ticketing. Custom playbooks developed by Fortgale.
For whom · two angles
Same MDR on Cortex, two angles.
The CISO decides on risk. The IT lead decides on the runbook. Fortgale MDR produces evidence for both.
For the CISO
A named runbook per actor, on the Cortex stack.
Each month the CISO receives the profile of the 3 most likely actors against their sector, with the Fortgale MDR runbook already mapped to the Cortex XDR · Palo Alto Networks telemetry.
Monthly threat briefingActors, observed TTPs, campaigns in progress on your sector.
Cortex runbookLive MITRE-mapped playbooks, executable on the Cortex XDR · Palo Alto Networks console.
Board-ready reportingRisk · impact · decision. No slideware technology.
Zero translator handover. European analysts on your Cortex console.
When the Cortex alert is real, decision time is containment time. Our L2/L3 analysts know the Cortex XDR · Palo Alto Networks console and have a mandate to decide.
Median containment ~11 minFrom confirmed alert to remediation in production.
Everything to know before talking to our analysts.
What is the Fortgale MDR service on Cortex XDR?
Combines Cortex XDR from Palo Alto Networks (endpoint, network, cloud) with the Fortgale European SOC 24·7·365. L2/L3 analysts monitor the Cortex console, leverage causality chain for triage and trigger native response (Live Terminal, isolation, process kill).
Is Cortex XDR compatible with existing PAN firewalls?
Yes. Cortex XDR natively ingests telemetry from Palo Alto Networks NGFW (PAN-OS), Prisma Access (SASE), Prisma Cloud (CWP), in addition to third-party sources. Particularly effective for customers already on Palo Alto.
Do I need to already have Cortex XDR?
No. Fortgale handles the full cycle: licensing, Cortex XDR agent deployment, data ingestion configuration (NGFW, third-party), rules tuning. Available both on existing instance or as part of the service.
Is the service NIS2-compliant?
Yes. We support NIS2 transposition requirements: continuous monitoring, IoC collection for national CSIRT notification within 24 hours, technical documentation for 72-hour notifications.
What does the Cortex XDR causality chain do?
Cortex XDR automatically reconstructs the causality chain (cause-effect chain) of every alert by linking processes, files, network, registry. Drastically reduces triage time by letting analysts see the entire attack context in a single graph.
Talk to the outpost
One meeting. One NDA. One real runbook on Cortex.
We bring you the Report on your sector with the most likely actors and a concrete MDR runbook on your Cortex XDR · Palo Alto Networks console.
Outlook Bookings · Fortgale
Book a meeting
Loading calendar…
Response · 1 business day
Speak with our analysts.
No nurturing sequences, no auto-replies. One of our analysts calls you back within one business day.
Document · Fortgale
PDF preview
Loading PDF…
Request · Fortgale Threat Intelligence Report
Request the Report
The full Report (executive summary · operational IoCs · technical runbook) is restricted. Share two details and one of our analysts contacts you with access and a short technical briefing.
See a real attack
IR · 24·7·365
Are you under attack?
Response in 30 minutes, containment in 1–4 hours. Even if you are not a Fortgale customer.
We use essential cookies required for site functionality and, with your consent, analytics and marketing cookies to measure traffic and personalise content. You can accept all cookies, reject them, or customise your preferences. For more details see the Cookie Policy and Privacy Policy.
Cookie preferences · Fortgale
Manage your preferences
Choose which cookies to allow. Essential cookies are required for the site to work and cannot be disabled. For the others, consent is always free, specific and revocable at any time.
EssentialAlways on
Required for the site to function (session, security, cookie preferences). The legal basis is the controller's legitimate interest (Art. 6(1)(f) GDPR). Without these cookies the site does not work correctly.
AnalyticsWe measure what works
Aggregated statistical cookies to understand how users browse the site (page views, session duration, traffic source). EU-friendly or anonymised providers. Legal basis: consent (Art. 6(1)(a) GDPR).
MarketingPersonalisation and remarketing
Third-party cookies (LinkedIn Insight Tag, possible campaign pixels) to measure ad campaign effectiveness and show relevant content. Legal basis: consent (Art. 6(1)(a) GDPR). Disabled by default.
You can change these choices at any time from the Cookie Policy page or by clicking the Cookie preferences link in the footer.