Skip to main content

Covalence For Security Providers

Download With Dependencies

Triggers by any alert from endpoint, cloud, and network security monitoring, with mitigation steps where applicable. Query Covalence for more detail.

Threats can come from many sources, both externally and internally, and are often the result of vulnerable software, improperly configured devices and systems, or human error. To achieve maximum protection, you need to consider your vulnerabilities, monitor across the entire threat surface, and apply an attacker's mindset in order to create a proactive security posture rather than a solely reactive one.

Covalence monitors across your customers endpoints, cloud and network, correlating information across all three, identifying threats, and helping you protect them from attacks and vulnerabilities.

This pack collects the alerts generated, which are generated as incidents within XSOAR. I also allows you to query online the Covalence for additional information.

What does this pack do ?

  • Runs in direct or broker mode. Direct is applicable for an single organization instance, whereby broker is for a security provider servicing multiple organizations
  • Gathers all security alerts from endpoint, cloud, and network security monitoring generated by Covalence, included raw alerts and triaged AROs
  • Converts alerts into XSOAR incidents
  • Allows you to manage the incident through its lifecycle within XSOAR, from its generation through to close
  • Lists monitored organization, of interest for MSPs or equivalent who are managing alerts for multiple organizations
  • Within the XSOAR War Room, you can query Covalence for its configuration, including internal networks and sensors
  • Query Covalence for information about the network, endpoints and alerts, specifically:
    • Alerts (in and ad-hoc manner - this is in addition to the automatic generation of incidents from alerts) allowing you to see a list of alerts by status, for example
    • Connections summary by IP or port
    • DNS resolutions
  • Query Covalence for additional detail about a user or process of interest

Note this pack should not be executed alongside the Covalence Managed Security pack, or duplicate incidents will be generated.


Field Effect Security


Cortex XSOARCortex XSIAM


CertificationRead more
Supported ByPartner
CreatedJuly 13, 2021
Last ReleaseMarch 1, 2023

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.