Case Study: Esri achieves 95% fewer weekly alerts and higher analyst productivity with Palo Alto Networks Cortex XSOAR

How Esri reduced its alert barrage, increased productivity, and reduced risk with Cortex XSOAR

Esri, a global leader in geospatial software serving about 350,000 customers (including over 75% of the Fortune 500), was overwhelmed by security noise: more than 10,000 alerts per week handled by just five analysts, distributed and complex threat-indicator processes, and difficulty identifying false positives and duplicate incidents—leading to alert fatigue, wasted resources, and increased business risk.

Esri deployed Cortex XSOAR alongside its SIEM and network monitoring, using custom automated playbooks, historical cross-correlation for duplicate/false‑positive detection, and the War Room for collaborative investigations. Centralizing alerts and ticketing cut weekly alerts by roughly 95% (from ~10,000 to ~500), increased analyst productivity and satisfaction, freed analysts for strategic work, and reduced organizational risk.

Esri