Skip to main content

Getting Started with XSOAR

Download With Dependencies

This wizard is designed to provide a step-by-step walkthough on getting started with XSOAR

The Getting Started with XSOAR content pack accelerates the onboarding process by providing sample incident data, automations, and workflows.

What Does This Pack Contain?

  • Sample Indicators of Compromise
  • Example Malware and Phishing incidents from a SEIM
  • Case workflows
  • SLA Timers
  • Optional Enrichment and Ticketing Integrations
  • Investigation Timelines
  • Built-in XSOAR Quick Actions and toolkits

Getting Started / How to Set up the Pack

For better user experience and easier onboarding, use the Deployment Wizard after installing the content pack on the Marketplace page in Cortex XSOAR (Available for version 6.8).

For manual configuration, it is recommended to configure your integration instance to use:

  • Primary Playbook: Case Management - Generic v2
  • Primary Incident Type: Case

image

For more information, visit our Cortex XSOAR Developer Docs.

Dependencies & Recommendations

Supported Integrations (Required):

  • Sample Incident Generator

Supported Sandboxes and Enrichment (Optional):

  • Palo Alto WildFire
  • CrowdStrike FalconX
  • Virus Total
  • Autofocus

Supported Case Management (Optional):

  • ServiceNow
  • Atlassian Jira

Supported Messaging and Email applications (Optional):

  • Mail Listener
  • Mail Sender
  • Microsoft Graph Mail
  • Gmail

Supported Threat Feeds (Optional):

  • Abuse.ch SSL Blacklist Feed
  • Office 365 Feed
  • Tor Exit Addresses Feed

Supported Network Security integrations (Optional):

  • PAN-OS by Palo Alto Networks

The Getting Started with XSOAR content pack accelerates the onboarding process by providing sample incident data, automations, and workflows.

What Does This Pack Contain?

  • Sample Indicators of Compromise
  • Example Malware and Phishing incidents from a SEIM
  • Case workflows
  • SLA Timers
  • Optional Enrichment and Ticketing Integrations
  • Investigation Timelines
  • Built-in XSOAR Quick Actions and toolkits

Getting Started / How to Set up the Pack

For better user experience and easier onboarding, use the Deployment Wizard after installing the content pack on the Marketplace page in Cortex XSIAM (Available for version 6.8).

For manual configuration, it is recommended to configure your integration instance to use:

  • Primary Playbook: Case Management - Generic v2
  • Primary Incident Type: Case

image

For more information, visit our Cortex XSIAM Developer Docs.

Dependencies & Recommendations

Supported Integrations (Required):

  • Sample Incident Generator

Supported Sandboxes and Enrichment (Optional):

  • Palo Alto WildFire
  • CrowdStrike FalconX
  • Virus Total
  • Autofocus

Supported Case Management (Optional):

  • ServiceNow
  • Atlassian Jira

Supported Messaging and Email applications (Optional):

  • Mail Listener
  • Mail Sender
  • Microsoft Graph Mail
  • Gmail

Supported Threat Feeds (Optional):

  • Abuse.ch SSL Blacklist Feed
  • Office 365 Feed
  • Tor Exit Addresses Feed

Supported Network Security integrations (Optional):

  • PAN-OS by Palo Alto Networks

PUBLISHER

Joe Cosgrove

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Supported ByCommunity
CreatedJuly 25, 2023
Last ReleaseJuly 25, 2023
Case Management
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.