Security operations teams need better external context at the moment of investigation. As cloud services, third-party dependencies, and attacker- controlled infrastructure continue to change quickly, analysts are still forced to pivot across tools to determine whether an IP, domain, service, or certificate is benign, suspicious, or tied to broader risk.
Censys and Palo Alto Networks address that gap by bringing Censys Internet intelligence directly into Cortex XSOAR and Cortex XSIAM workflows where analysts can enrich suspicious observables, search related Internet-facing infrastructure, and incorporate actionable, evidence-based external context into automation and SOC workflows without leaving Cortex. The joint value is straightforward: faster triage, fewer manual enrichment steps, more consistent investigations, and stronger analyst confidence when responding to ambiguous or incomplete security alerts.
Joint Solution Overview
Censys and Palo Alto Networks enable a more effective and scalable security operations model by integrating external attack surface intelligence directly into Cortex XSIAM and Cortex XSOAR. Censys provides continuously updated visibility into Internet-facing assets and adversary-linked infrastructure, while Cortex delivers the analytics, automation, and operational workflows that power modern SOCs.
Together, they ensure that every alert, investigation, and response action is informed by both internal telemetry and external context without adding complexity or requiring analysts to leave their workflow. This integrated approach improves the accuracy of security decisions, standardizes investigations across the organization, and accelerates response to potential threats. The result is a SOC that operates with evidence-based insights, efficiency, and better equipped to reduce risk at scale.
Primary Use Cases
Accelerated Alert Triage with External Context
Security teams often lack visibility into the external infrastructure behind alerts, forcing tool-switching and slowing investigations. Integrating Censys with Cortex XSIAM and XSOAR provides instant, in-workflow context on IPs, domains, services, and certificates, eliminating manual lookups. This enables faster triage, reduced mean time to investigate (MTTI), and more accurate prioritization of high-risk alerts, while improving analyst confidence in distinguishing benign from malicious activity.
Scalable Investigation through Automated Enrichment
Manual enrichment introduces inconsistency and constrains a security team’s ability to scale effectively. By integrating Censys into Cortex XSOAR playbooks, every alert and indicator is automatically enriched with comprehensive, high-quality external intelligence, ensuring investigations are consistent, repeatable, and not dependent on individual analyst expertise or availability. This automation standardizes workflows across teams and shifts while reducing manual effort and investigation latency, enabling organizations to scale operations efficiently without the need to increase headcount.
Stronger CTI and SOC Alignment on Threat Infrastructure
Security operations and threat intelligence teams often operate with fragmented views, making it difficult to align on the significance and scope of suspicious activity. By combining Cortex’s internal telemetry and workflow orchestration with Censys’ external attack surface intelligence, organizations establish a shared, evidence-based understanding of adversary infrastructure. This unified context enables faster, more confident decision-making, improves cross-team collaboration and investigative alignment that drives more consistent, defensible reporting and threat assessments.
Why This Joint Solution Matters
Modern SOCs must move quickly, scale efficiently, and stay aligned across teams, yet limited visibility into external infrastructure continues to hinder investigations. Censys and Palo Alto Networks address this by integrating external attack surface intelligence directly into Cortex XSIAM and XSOAR workflows. Analysts gain immediate context during triage and investigation, enabling faster decisions, standardized and automated workflows, and stronger alignment between SOC and CTI teams. By embedding external intelligence into daily operations, this approach drives a more efficient, consistent, and collaborative security posture.
Customer Challenges
- Modern SOC programs are underpressure to consolidate tooling, automate repetitive investigationb tasks, and operate effectively across bcloud-first and hybrid environments.
- Alerts involving external IPs, domains, certificates, and services often arrive without enough context to validate exposure, understand related infrastructure, or prioritize risk accurately.
- Manual lookups across multiple tools create swivel-chair investigations, add delay to triage, and make case handling less repeatable across analysts and shifts.
- Security and CTI teams need a scalable way to bring external context into War Room investigations, playbooks, and platform-native SOC workflows rather than relying on ad hoc enrichment.
Key Business Outcomes
- Comprehensive, actionable security decisions. By enriching alerts and investigations with external attack surface intelligence, security teams gain a more complete understanding of suspicious infrastructure. This improves the accuracy of triage and escalation decisions, reducing the likelihood of missed threats and ensuring high-risk activity is prioritized appropriately.
- Consistent, evidence-based investigations at scale. Automated enrichment and standardized workflows ensure every alert is investigated with the same level of depth and rigor, regardless of analyst or shift. This reduces variability across the SOC and enables the organization to scale operations without compromising investigation quality.
- Reduced time to detect, understand, and respond to threats. Embedding external context directly into Cortex workflows accelerates how quickly teams can assess and act on potential threats. Faster validation and decision-making help reduce dwell time and improve overall response effectiveness.
- Improved operational efficiency and resource utilization. By eliminating repetitive manual enrichment tasks, security teams can focus on higher-value analysis and response activities. This allows organizations to maximize the impact of existing staff while controlling costs and avoiding unnecessary headcount expansion.
Schedule a Demo
Contact Censys for a joint solution demonstration.