The XDR Alliance

The XDR Alliance is a group of best-in-class security and information technology providers organized to help security teams easily design and implement effective threat detection, investigation, and response (TDIR) capabilities using the XDR approach.

About XDR

What is XDR?

XDR stands for Extended Detection and Response. It provides a simple, threat-centric approach to threat detection, investigation, and response (TDIR) using the data and capabilities from security products like endpoint, network, cloud, and more.

Why is XDR needed?

Building an effective TDIR workflow has become incredibly complex. It involves identifying and integrating dozens of best-in-class products into a functional security framework.

What we do

The XDR Alliance is a group of security and information technology providers who have organized to help customers more easily define, implement, and operate effective threat detection, investigation, and response (TDIR) programs and technology stacks. Our goal is to foster a more open approach to extended detection and response (XDR), inclusive of best-of-breed and native solutions, to enable organizations everywhere to better protect themselves against the growing number of cyberattacks, breaches, and intrusions.

XDR Alliance Charter


Define, promote, and evolve an inclusive and open XDR definition and architecture, that meets the needs of end users today and into the future

Create Awareness

Raise awareness of XDR approaches and best practices


Help drive improvements in XDR tools and services


Promote an open and inclusive approach to XDR via education and joint marketing activities


Today’s security teams are tasked with delivering an effective TDIR program based on a complex web of security products. The average SOC uses 19 tools and must integrate them into a centralized system and set of workflows. Add to this, there's a lot of confusion in the market about what XDR is and what XDR isn't. A core initiative of the XDR Alliance is to alleviate this and provide an open architectural view. This open XDR architecture supports native and best-of-breed technologies end users can deploy as part of their threat detection, investigation, and response (TDIR) effort.

Access the Common Information Model (CIM) on GitHub


Data Sources & Control Points
This tier is made up of best-in-class security solutions

This tier is the TDIR foundation for XDR platforms

This tier includes prescriptive, prepackaged content that enriches and drives TDIR workflows and outcomes

With this architecture, the XDR Alliance is providing the market a view into the security tools to monitor, generate security telemetry, and perform corrective actions as part of an incident response workflow. The architecture is open, inclusive of native and/or best-of-breed solutions, which combine to provide the TDIR capabilities needed to detect threats, guide investigations, and orchestrate responses within SOC operations.

XDR Alliance

Alliance members are spread across three types of security and information technology providers: XDR platforms, best-in-class security solutions that are part of the XDR technology stack, and service delivery partners that help customers implement and operationalize their XDR solutions.


Security Analytics/SIEM

CLM/Data Lake








Apply to Become a Member

Security and information technology providers that are interested in helping end users build more effective security programs using an XDR approach are invited to join us. If this sounds like your organization, come join us!

Member Eligibility Requirements

  • All members must be eligible to conduct business in the U.S.
  • All members must fall into one of the following categories:
    • Have an XDR solution or deliver at least one “component” of the XDR technology stack
    • Provide management, implementation, or tuning of an XDR solution on behalf of its end users (e.g., MSSP, MDR, systems integrator, a consulting partner, etc.)

XDR Alliance Resources


XDR Alliance Releases New Open-source API Specifications to Help Cybersecurity Vendors Improve Solution Integration

Read the Press Release

XDR Alliance Welcomes New MSSP and MDR Members Committed to Open XDR Framework in Cybersecurity

Read the Press Release

XDR Alliance Celebrates First Anniversary, Releases Open Source Common Information Model (CIM)

Read the Press Release

XDR Alliance Welcomes New Member VMware

Read the Press Release

XDR Alliance Welcomes New Members to Advance an Open XDR Framework

Read the Press Release

Exabeam Announces the XDR Alliance to Ensure Industrywide Collaborative Framework for Cybersecurity

Read the Press Release


Connecting The Dots With De-Facto Standards: How the XDR Alliance’s Open-Sourced CIM and API Specs Unify Best-of-Breed Tools

Read the Blog

Dazed and Confused by the XDR Telenovela?

Read the Blog

Introducing the XDR Alliance!

Read the Blog