MDR partner · Cortex XDR · Palo Alto Networks

MDR on Cortex XDR: Palo Alto-native detection, governed by senior analysts.

The Fortgale European SOC 24·7·365 on the Cortex XDR console. Causality chain for automatic kill-chain reconstruction, ~11 min median containment, native Palo Alto response.

Request the Report How it works
~11 minMedian containment
24·7·365European SOC
CausalityAuto kill-chain
Fortgale × Cortex
MDR · live
Cortex sensor activeEndpoint · cloud · identity telemetry
Cortex
European SOC 24·7·365L2/L3 analysts · direct interaction
Fortgale
Multi-domain AI tier-zeroNoise reduced by 94%
Fortgale
Native Cortex responseMedian host isolation ~8 s
Live
Proprietary intelligence34,000+ IoCs per week · European actors
Fortgale
MDR live — Cortex + Fortgale SOC active
Compliance
ISO/IEC 27001
NIS2 ready
DORA aligned
GDPR · ENISA
Technology partnership
Cortex XDR · Palo Alto Networks
MITRE ATT&CK aligned
OpenCTI
Why Fortgale + Palo Alto Cortex

Cortex XDR + Palo Alto firewalls, operated with proprietary CTI.

Cortex XDR is the Palo Alto Networks XDR with native NGFW telemetry integration. Particularly effective for customers already on the Palo Alto stack. Fortgale operates it with European analysts who tune detection on European TTPs.

01 ·

Cortex XDR · Palo Alto-native

Endpoint, network, cloud on single platform. Native ingestion from PAN-OS NGFW, Prisma Access SASE, Prisma Cloud CWP. Causality chain for automatic kill-chain reconstruction.

02 ·

European SOC 24·7·365

L2/L3 analysts specialised on Cortex XDR. Triage <15 min on Cortex alerts. Custom XQL detection rules tuned on European TTPs. 34,000+ IoCs per week applied as IoC rules.

03 ·

Native response + IR

Containment via Cortex XDR Response: Live Terminal, endpoint isolation, process kill, file quarantine. Direct escalation to Fortgale IR. Full NIS2 national CSIRT notification support.

How it works · architecture

Four blocks, one MDR cycle on Cortex XDR.

From PAN-OS + Cortex telemetry to Live Terminal response — all governed by Fortgale with European analysts and proprietary CTI on European markets.

01 ·
01 · Ingestion

Cortex agent + PAN-OS active

Cortex XDR agent on endpoints, native ingestion from PAN-OS NGFW, Prisma Access, Prisma Cloud, third-party sources. Telemetry normalised in Cortex Data Lake.

02 ·
02 · Tier-zero

Causality chain + custom XQL

Causality chain reconstructs kill-chains automatically. Fortgale develops custom XQL rules tuned on European actor TTPs. False positives reduced by 94%.

03 ·
03 · Analysts

Our L2/L3 on Cortex

European SOC specialised on Cortex XDR. Triage on causality, hunting via XQL, attribution to actor. Decisions in your business language.

04 ·
04 · Response

Cortex Live Terminal + IR

Containment via Cortex Response: Live Terminal for forensic investigation, endpoint isolation, process kill, file quarantine. Direct escalation to Fortgale IR for critical incidents.

Proof · service metrics

Four numbers that hold MDR on Cortex up.

Metrics measured on real customer telemetry — Q1 2026, updated quarterly.

~11 min
Median containment
from confirmed Cortex alert
94 %
Noise reduced
by causality chain + AI
Native
PAN-OS + Cortex
integrated telemetry
10 days
Full onboarding
Cortex XDR + PAN-OS
What the service includes

MDR on Cortex XDR, in detail.

Every component designed to leverage Cortex XDR + Palo Alto stack with European SOC governance and proprietary CTI.

01

Managed Cortex XDR

Cortex XDR licensing (or existing instance). Endpoint agent, NGFW data ingestion, Prisma integrations managed by Fortgale. Continuous tuning per environment.

02

Custom XQL detection

Custom XQL rules MITRE ATT&CK-mapped, tuned on European actor TTPs. Causality chain enrichment. New rules deployed monthly.

03

Proprietary CTI in Cortex

34,000+ IoCs per week from Fortgale OpenCTI imported as Cortex XDR IoC rules. Native enrichment of causality chain alerts.

04

Native Cortex response

Containment via Cortex Response: Live Terminal forensics, endpoint isolation, process kill, file quarantine, AD lockout. Cross-tool playbooks via Cortex XSOAR.

05

Reporting & governance

Executive reports with MTTD, MTTR, alert volume, causality trend. Custom Cortex XDR dashboards. NIS2/ISO 27001/GDPR audit documentation.

06

Cortex XSOAR (optional)

Cortex XSOAR available as add-on for advanced playbook orchestration: cross-tool response, automatic enrichment, ticketing. Custom playbooks developed by Fortgale.

For whom · two angles

Same MDR on Cortex, two angles.

The CISO decides on risk. The IT lead decides on the runbook. Fortgale MDR produces evidence for both.

For the CISO

A named runbook per actor, on the Cortex stack.

Each month the CISO receives the profile of the 3 most likely actors against their sector, with the Fortgale MDR runbook already mapped to the Cortex XDR · Palo Alto Networks telemetry.

  • Monthly threat briefingActors, observed TTPs, campaigns in progress on your sector.
  • Cortex runbookLive MITRE-mapped playbooks, executable on the Cortex XDR · Palo Alto Networks console.
  • Board-ready reportingRisk · impact · decision. No slideware technology.
Request the threat briefing →
For the IT lead

Zero translator handover. European analysts on your Cortex console.

When the Cortex alert is real, decision time is containment time. Our L2/L3 analysts know the Cortex XDR · Palo Alto Networks console and have a mandate to decide.

  • Median containment ~11 minFrom confirmed alert to remediation in production.
  • Native Cortex responseProcess kill, host isolation, network containment via Cortex XDR · Palo Alto Networks API.
  • End-to-end integrationCortex telemetry ingested into our multi-domain data fabric.
See a real runbook →
FAQ · frequently asked

Everything to know before talking to our analysts.

What is the Fortgale MDR service on Cortex XDR?

Combines Cortex XDR from Palo Alto Networks (endpoint, network, cloud) with the Fortgale European SOC 24·7·365. L2/L3 analysts monitor the Cortex console, leverage causality chain for triage and trigger native response (Live Terminal, isolation, process kill).

Is Cortex XDR compatible with existing PAN firewalls?

Yes. Cortex XDR natively ingests telemetry from Palo Alto Networks NGFW (PAN-OS), Prisma Access (SASE), Prisma Cloud (CWP), in addition to third-party sources. Particularly effective for customers already on Palo Alto.

Do I need to already have Cortex XDR?

No. Fortgale handles the full cycle: licensing, Cortex XDR agent deployment, data ingestion configuration (NGFW, third-party), rules tuning. Available both on existing instance or as part of the service.

Is the service NIS2-compliant?

Yes. We support NIS2 transposition requirements: continuous monitoring, IoC collection for national CSIRT notification within 24 hours, technical documentation for 72-hour notifications.

What does the Cortex XDR causality chain do?

Cortex XDR automatically reconstructs the causality chain (cause-effect chain) of every alert by linking processes, files, network, registry. Drastically reduces triage time by letting analysts see the entire attack context in a single graph.

Talk to the outpost

One meeting. One NDA. One real runbook on Cortex.

We bring you the Report on your sector with the most likely actors and a concrete MDR runbook on your Cortex XDR · Palo Alto Networks console.

Tempo di risposta: < 1 giorno lavorativo.

Questo sito è protetto da reCAPTCHA e si applicano la Privacy Policy e i Termini di servizio di Google.