IronNet | Marketplace

Details
Content
Dependencies
Version History

The IronDefense Integration allows users to interact with IronDefense alerts within Demisto. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, and to report observed bad activity.

Classifiers

Name	Description
IronDefense - Classifier	IronDefense Classifier
IronDefense - Incoming Mapper	IronDefense Mapper

Incident Fields

Name	Description
IronDefense Dst IP
IronDefense Category
IronDefense Event Count
IronDefense VUE URL
IronDefense Last event Created
IronDefense Dst Entity Attribute
IronDefense Secondary App Protocol
IronDefense App Domains
IronDefense Confidence
IronDefense Src IP
IronDefense Raw Data Format
IronDefense Status
IronDefense Dst Entity Attribute Type
IronDefense Analyst Expectation
IronDefense Created
IronDefense Primary App Protocol
IronDefense Src Entity Attribute Type
IronDefense Bytes In
IronDefense IronDome Category
IronDefense Alert ID
IronDefense Start Time
IronDefense Mismatch Details
IronDefense Severity Details
IronDefense Updated
IronDefense Severity
IronDefense Is Blacklisted
IronDefense Bytes Out
IronDefense Comment Details
IronDefense Severity Suspicious Details
IronDefense Severity Malicious Details
IronDefense High Cognitive System Details
IronDefense Total Bytes
IronDefense Is Whitelisted
IronDefense Src Network ID
IronDefense Event ID
IronDefense IronDome ID
IronDefense End Time
IronDefense Dome Shared Time
IronDefense First Event Created
IronDefense Src Entity Attribute
IronDefense Aggregation Criteria
IronDefense Dst Port
IronDefense Alert IDs
IronDefense SubCategory
IronDefense Dst Network ID
IronDefense Analyst Severity
IronDefense Dome Tags

Incident Types

Name	Description
IronDefense IronDome Notification
IronDefense Event Notification
IronDefense Alert Notification

Integrations

Name	Description
IronDefense (Partner Contribution)	The IronDefense Integration for Cortex XSOAR allows users to interact with IronDefense alerts within Cortex XSOAR. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, to report observed bad activity, get alerts, get events, and get IronDome information.

Layouts

Name	Description
IronDefense Alert Notification	IronDefense Alert Notification Layout
IronDefense IronDome Notification	IronDefense IronDome Notification Layout
IronDefense Event Notification	IronDefense Event Notification Layout

Classifiers

Name	Description
IronDefense - Classifier	IronDefense Classifier
IronDefense - Incoming Mapper	IronDefense Mapper

Incident Fields

Name	Description
IronDefense Confidence
IronDefense Secondary App Protocol
IronDefense Mismatch Details
IronDefense Bytes Out
IronDefense Bytes In
IronDefense Event ID
IronDefense High Cognitive System Details
IronDefense Severity Malicious Details
IronDefense Severity Suspicious Details
IronDefense Aggregation Criteria
IronDefense Dome Tags
IronDefense IronDome ID
IronDefense Severity
IronDefense Analyst Severity
IronDefense Is Whitelisted
IronDefense Raw Data Format
IronDefense Alert IDs
IronDefense Is Blacklisted
IronDefense Dst Entity Attribute Type
IronDefense SubCategory
IronDefense Dst Entity Attribute
IronDefense Start Time
IronDefense Comment Details
IronDefense End Time
IronDefense Dome Shared Time
IronDefense Alert ID
IronDefense Src Entity Attribute Type
IronDefense Last event Created
IronDefense Created
IronDefense Analyst Expectation
IronDefense Total Bytes
IronDefense App Domains
IronDefense VUE URL
IronDefense Updated
IronDefense Event Count
IronDefense Src Entity Attribute
IronDefense Status
IronDefense Severity Details

Incident Types

Name	Description
IronDefense Alert Notification
IronDefense IronDome Notification
IronDefense Event Notification

Integrations

Name	Description
IronDefense (Partner Contribution)	The IronDefense Integration for Cortex allows users to interact with IronDefense alerts within Cortex. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, to report observed bad activity, get alerts, get events, and get IronDome information.

Layoutrule

Name	Description
IronDefense Event Notification Layout Rule
IronDome Notification Layout Rule
IronDefense Alert Notification Layout Rule

Layouts

Name	Description
IronDefense IronDome Notification	IronDefense IronDome Notification Layout
IronDefense Event Notification	IronDefense Event Notification Layout
IronDefense Alert Notification	IronDefense Alert Notification Layout

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Common Types	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR

1.1.33 - R2988527 (March 26, 2025)

Integrations

IronDefense

Metadata and documentation improvements.

Related pull requests:
- 38986

Download

1.1.32 - 1958116 (January 9, 2025)

Integrations

IronDefense

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 38059

Download

1.1.31 - 1748140 (December 4, 2024)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37528
- 37524
- 37525
- 37526
- 37527

Download

1.1.30 - R828628 (February 14, 2024)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 32816

Download

1.1.29 - 762016 (January 14, 2024)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32183

Download

1.1.28 - 722180 (December 28, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31828

Download

1.1.27 - 6299513 (September 12, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.73190.

Related pull requests:
- 29597

Download

1.1.26 - 6139598 (August 24, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29188

Download

1.1.25 - 5987442 (August 8, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.67728.

Related pull requests:
- 28833

Download

1.1.24 - 5851647 (July 24, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.65389.

Related pull requests:
- 28434

Download

1.1.23 - R5801668 (July 18, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27848

Download

1.1.22 - 5546375 (June 16, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.62631.

Related pull requests:
- 27334

Download

1.1.21 - 5363095 (May 25, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 26993

Download

1.1.20 - 5226855 (May 9, 2023)

Integrations

IronDefense

Fixed a library incompatibility by downgrading the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 26405

Download

1.1.19 - 5208997 (May 7, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.11.57293.

Related pull requests:
- 26347

Download

1.1.18 - R5170573 (May 2, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 26019

Download

1.1.17 - 4906551 (March 27, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.10.50695.

Related pull requests:
- 25528

Download

1.1.16 - R4718798 (March 1, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24921

Download

1.1.15 - R4646022 (February 19, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 23481

Download

1.1.14 - 3379905 (August 2, 2022)

Incident Fields

IronDefense IronDome Category
IronDefense Category

Related pull requests:
- 20257

Download

1.1.13 - 2380698 (February 8, 2022)

Incident Fields

IronDefense Category
IronDefense IronDome Category

Download

1.1.12 - 2355875 (February 3, 2022)

Incident Fields

IronDefense Category
IronDefense Dst Network ID
IronDefense IronDome Category
IronDefense Primary App Protocol

Download

1.1.11 - 2353377 (February 3, 2022)

Incident Fields

IronDefense First Event Created
IronDefense Src Network ID

Download

1.1.10 - 2303329 (January 25, 2022)

Incident Fields

Maintenance and stability enhancements for the following fields:
- IronDefense Src IP
- IronDefense Dst Port
- IronDefense Dst IP

Download

1.1.9 - R2146019 (December 21, 2021)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.9.8.24399.

Download

1.1.8 - 1959372 (November 16, 2021)

Incident Fields

IronDefense IronDome Category
- Maintenance and stability enhancements.

Download

1.1.7 - 7561139 (September 12, 2021)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.9.7.24076.

Download

1.1.6 - R400461 (July 20, 2021)

Integrations

IronDefense

Upgraded the Docker image to: demisto/python3:3.9.5.21272.

Download

1.1.5 - 379915 (June 7, 2021)

Integrations

IronDefense

Upgraded the Docker image to: demisto/python3:3.9.5.20958.

Download

1.1.4 - R264879 (January 10, 2021)

Layouts

layout-details-IronDefense_Event_Notification.json
Maintenance and stability enhancements.

Download

1.1.3 - R229790 (December 22, 2020)

Integrations

IronDefense

Upgraded the Docker image to demisto/python3:3.8.6.13358.

Download

1.1.2 - R180529 (November 9, 2020)

Integrations

IronDefense

Updated the pack support information.

Download

1.1.1 - 95977 (August 26, 2020)

Integrations

IronDefense

Updated the pack support information.

Download

1.1.0 - 95316 (August 26, 2020)

Integrations

IronDefense

Added ability to retrieve IronDefense alerts and events.
Improving descriptions.

Layouts

layout-details-IronDefense_IronDome_Notification.json

Create layout for notificationtype

layout-details-IronDefense_Event_Notification.json

Create layout for notificationtype

layout-details-IronDefense_Alert_Notification.json

Create layout for notificationtype

Incident Fields

IronDefense VUE URL

Add field

IronDefense Updated

Add field

IronDefense Total Bytes

Add field

IronDefense SubCategory

Add field

IronDefense Status

Add field

IronDefense Start Time

Add field

IronDefense Src Network ID

Add field

IronDefense Src IP

Add field

IronDefense Src Entity Attribute Type

Add field

IronDefense Src Entity Attribute

Add field

IronDefense Severity Suspicious Details

Add field

IronDefense Severity Malicious Details

Add field

IronDefense Severity Details

Add field

IronDefense Severity

Add field

IronDefense Secondary App Protocol

Add field

IronDefense Raw Data Format

Add field

IronDefense Primary App Protocol

Add field

IronDefense Mismatch Details

Add field

IronDefense Last event Created

Add field

IronDefense Is Whitelisted

Add field

IronDefense Is Blacklisted

Add field

Incident Types

IronDefense IronDome Notification

add incident type

IronDefense IronDome ID

Add field

IronDefense IronDome Category

Add field

IronDefense High Cognitive System Details

Add field

IronDefense First Event Created

Add field

IronDefense Event Notification

%add incident type

IronDefense Event ID

Add field

IronDefense Event Count

Add field

IronDefense End Time

Add field

IronDefense Dst Port

Add field

IronDefense Dst Network ID

Add field

IronDefense Dst IP

Add field

IronDefense Dst Entity Attribute Type

Add field

IronDefense Dst Entity Attribute

Add field

IronDefense Dome Tags

Add field

IronDefense Dome Shared Time

Add field

IronDefense Created

Add field

IronDefense Confidence

Add field

IronDefense Comment Details

Add field

IronDefense Category

Add field

IronDefense Bytes Out

Add field

IronDefense Bytes In

Add field

IronDefense App Domains

Add field

IronDefense Analyst Severity

Add field

IronDefense Analyst Expectation

Add field

IronDefense Alert Notification

add incident type

IronDefense Alert IDs

Add field

IronDefense Alert ID

Add field

IronDefense Aggregation Criteria

Add field

Classifiers

IronDefense

Added new Classifier

IronDefense - Incoming Mapper

Added new incoming mapper

IronDefense - Classifier

Added new Classifier

Download

1.0.0 - 60526 (June 30, 2020)

Download

1.1.33 - R2988527 (March 26, 2025)

Integrations

IronDefense

Metadata and documentation improvements.

Related pull requests:
- 38986

Download

1.1.32 - 1958116 (January 9, 2025)

Integrations

IronDefense

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 38059

Download

1.1.31 - 1748140 (December 4, 2024)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37528
- 37524
- 37525
- 37526
- 37527

Download

1.1.30 - R828628 (February 14, 2024)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 32816

Download

1.1.29 - 762016 (January 14, 2024)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32183

Download

1.1.28 - 722180 (December 28, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31828

Download

1.1.27 - 6299513 (September 12, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.73190.

Related pull requests:
- 29597

Download

1.1.26 - 6139598 (August 24, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29188

Download

1.1.25 - 5991552 (August 8, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.67728.

Related pull requests:
- 28833

Download

1.1.24 - 5855604 (July 24, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.65389.

Related pull requests:
- 28434

Download

1.1.23 - 5692327 (July 5, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27848

Download

1.1.22 - 5546375 (June 16, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.62631.

Related pull requests:
- 27334

Download

1.1.21 - 5363095 (May 25, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 26993

Download

1.1.20 - 5226855 (May 9, 2023)

Integrations

IronDefense

Fixed a library incompatibility by downgrading the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 26405

Download

1.1.19 - 5208997 (May 7, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.11.57293.

Related pull requests:
- 26347

Download

1.1.18 - R5170573 (May 2, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 26019

Download

1.1.17 - 4906551 (March 27, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.10.50695.

Related pull requests:
- 25528

Download

1.1.16 - R4718798 (March 1, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24921

Download

1.1.15 - R4646022 (February 19, 2023)

Layout Rules

New: IronDome Notification Layout Rule

Added support for layouts and layout rules in XSIAM.

New: IronDefense Alert Notification Layout Rule

Added support for layouts and layout rules in XSIAM.

New: IronDefense Event Notification Layout Rule

Added support for layouts and layout rules in XSIAM.

Related pull requests:
- 23481

Download

1.1.14 - 3440760 (August 11, 2022)

Related pull requests:
- 20257

Download

1.1.13 - 2384610 (February 9, 2022)

Incident Fields

IronDefense Category
IronDefense IronDome Category

Download

1.1.12 - 2364310 (February 5, 2022)

Incident Fields

IronDefense First Event Created
IronDefense Src Network ID
IronDefense Category
IronDefense Dst Network ID
IronDefense IronDome Category
IronDefense Primary App Protocol

Download

1.1.10 - 2316504 (January 27, 2022)

Incident Fields

Maintenance and stability enhancements for the following fields:
- IronDefense Src IP
- IronDefense Dst Port
- IronDefense Dst IP

Download

1.1.9 - R2146019 (December 21, 2021)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.9.8.24399.

Download

1.1.8 - 1959372 (November 16, 2021)

Incident Fields

IronDefense IronDome Category
- Maintenance and stability enhancements.

Download

1.1.7 - 7561139 (September 12, 2021)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.9.7.24076.

Download

1.1.6 - R400461 (July 20, 2021)

Integrations

IronDefense

Upgraded the Docker image to: demisto/python3:3.9.5.21272.

Download

1.1.5 - 379915 (June 7, 2021)

Integrations

IronDefense

Upgraded the Docker image to: demisto/python3:3.9.5.20958.

Download

1.1.4 - R264879 (January 10, 2021)

Layouts

layout-details-IronDefense_Event_Notification.json
Maintenance and stability enhancements.

Download

1.1.3 - R229790 (December 22, 2020)

Integrations

IronDefense

Upgraded the Docker image to demisto/python3:3.8.6.13358.

Download

1.1.2 - R180529 (November 9, 2020)

Integrations

IronDefense

Updated the pack support information.

Download

1.1.1 - 95977 (August 26, 2020)

Integrations

IronDefense

Updated the pack support information.

Download

1.1.0 - 95316 (August 26, 2020)

Integrations

IronDefense

Added ability to retrieve IronDefense alerts and events.
Improving descriptions.

Layouts

layout-details-IronDefense_IronDome_Notification.json

Create layout for notificationtype

layout-details-IronDefense_Event_Notification.json

Create layout for notificationtype

layout-details-IronDefense_Alert_Notification.json

Create layout for notificationtype

Incident Fields

IronDefense VUE URL

Add field

IronDefense Updated

Add field

IronDefense Total Bytes

Add field

IronDefense SubCategory

Add field

IronDefense Status

Add field

IronDefense Start Time

Add field

IronDefense Src Network ID

Add field

IronDefense Src IP

Add field

IronDefense Src Entity Attribute Type

Add field

IronDefense Src Entity Attribute

Add field

IronDefense Severity Suspicious Details

Add field

IronDefense Severity Malicious Details

Add field

IronDefense Severity Details

Add field

IronDefense Severity

Add field

IronDefense Secondary App Protocol

Add field

IronDefense Raw Data Format

Add field

IronDefense Primary App Protocol

Add field

IronDefense Mismatch Details

Add field

IronDefense Last event Created

Add field

IronDefense Is Whitelisted

Add field

IronDefense Is Blacklisted

Add field

Incident Types

IronDefense IronDome Notification

add incident type

IronDefense IronDome ID

Add field

IronDefense IronDome Category

Add field

IronDefense High Cognitive System Details

Add field

IronDefense First Event Created

Add field

IronDefense Event Notification

%add incident type

IronDefense Event ID

Add field

IronDefense Event Count

Add field

IronDefense End Time

Add field

IronDefense Dst Port

Add field

IronDefense Dst Network ID

Add field

IronDefense Dst IP

Add field

IronDefense Dst Entity Attribute Type

Add field

IronDefense Dst Entity Attribute

Add field

IronDefense Dome Tags

Add field

IronDefense Dome Shared Time

Add field

IronDefense Created

Add field

IronDefense Confidence

Add field

IronDefense Comment Details

Add field

IronDefense Category

Add field

IronDefense Bytes Out

Add field

IronDefense Bytes In

Add field

IronDefense App Domains

Add field

IronDefense Analyst Severity

Add field

IronDefense Analyst Expectation

Add field

IronDefense Alert Notification

add incident type

IronDefense Alert IDs

Add field

IronDefense Alert ID

Add field

IronDefense Aggregation Criteria

Add field

Classifiers

IronDefense

Added new Classifier

IronDefense - Incoming Mapper

Added new incoming mapper

IronDefense - Classifier

Added new Classifier

Download

1.0.0 - 60526 (June 30, 2020)

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	June 30, 2020
Last Release	March 26, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.