A self-hosted alternative to Palo Alto Cortex XSOAR for analyzing security observables. It orchestrates over 100 analyzers (like VirusTotal and Shodan) through a single API to enrich incident data for SOC teams.
Tech Stack
ScalaSecurity & Passwords
Why Cortex?
• Massive library of analyzers
• Seamless TheHive integration
• Dockerized deployment
Limitations
• Resource intensive (Elasticsearch)
• Complex configuration
• Requires API keys for analyzers
1/12/2026
Last Update
252
Forks
164
Issues
AGPL-3.0
License
Financial Leak Detected
Stop the "SaaS Tax"
Your team could be burning cash. Switching to Cortex instantly boosts your runway.
