IronNet | Marketplace

Details
Content
Dependencies
Version History

The IronDefense Integration allows users to interact with IronDefense alerts within Demisto. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, and to report observed bad activity.

Classifiers

Name	Description
IronDefense - Classifier	IronDefense Classifier
IronDefense - Incoming Mapper	IronDefense Mapper

Incident Fields

Name	Description
IronDefense Category
IronDefense Aggregation Criteria
IronDefense Status
IronDefense Src Entity Attribute
IronDefense IronDome Category
IronDefense Comment Details
IronDefense Dst Entity Attribute Type
IronDefense Primary App Protocol
IronDefense Mismatch Details
IronDefense Bytes In
IronDefense SubCategory
IronDefense Bytes Out
IronDefense Secondary App Protocol
IronDefense Severity Malicious Details
IronDefense Dome Tags
IronDefense Dst Entity Attribute
IronDefense Is Whitelisted
IronDefense Dst Network ID
IronDefense Severity Details
IronDefense Severity Suspicious Details
IronDefense Src Entity Attribute Type
IronDefense Updated
IronDefense Is Blacklisted
IronDefense Start Time
IronDefense App Domains
IronDefense Src IP
IronDefense End Time
IronDefense Confidence
IronDefense Src Network ID
IronDefense High Cognitive System Details
IronDefense Event ID
IronDefense Event Count
IronDefense First Event Created
IronDefense Created
IronDefense Analyst Expectation
IronDefense VUE URL
IronDefense Analyst Severity
IronDefense IronDome ID
IronDefense Total Bytes
IronDefense Severity
IronDefense Last event Created
IronDefense Dst IP
IronDefense Alert ID
IronDefense Dst Port
IronDefense Raw Data Format
IronDefense Alert IDs
IronDefense Dome Shared Time

Incident Types

Name	Description
IronDefense Alert Notification
IronDefense IronDome Notification
IronDefense Event Notification

Integrations

Name	Description
IronDefense (Partner Contribution)	The IronDefense Integration for Cortex XSOAR allows users to interact with IronDefense alerts within Cortex XSOAR. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, to report observed bad activity, get alerts, get events, and get IronDome information.

Layouts

Name	Description
IronDefense Alert Notification	IronDefense Alert Notification Layout
IronDefense Event Notification	IronDefense Event Notification Layout
IronDefense IronDome Notification	IronDefense IronDome Notification Layout

Classifiers

Name	Description
IronDefense - Classifier	IronDefense Classifier
IronDefense - Incoming Mapper	IronDefense Mapper

Incident Fields

Name	Description
IronDefense Bytes In
IronDefense Created
IronDefense Dome Tags
IronDefense Bytes Out
IronDefense Analyst Severity
IronDefense Src Entity Attribute
IronDefense Analyst Expectation
IronDefense Total Bytes
IronDefense Mismatch Details
IronDefense Dome Shared Time
IronDefense Alert ID
IronDefense High Cognitive System Details
IronDefense End Time
IronDefense IronDome ID
IronDefense Severity
IronDefense Src Entity Attribute Type
IronDefense Last event Created
IronDefense Raw Data Format
IronDefense Dst Entity Attribute
IronDefense Event Count
IronDefense App Domains
IronDefense Dst Entity Attribute Type
IronDefense Severity Suspicious Details
IronDefense Event ID
IronDefense Status
IronDefense Updated
IronDefense Confidence
IronDefense Is Blacklisted
IronDefense Aggregation Criteria
IronDefense Secondary App Protocol
IronDefense Is Whitelisted
IronDefense Severity Malicious Details
IronDefense VUE URL
IronDefense SubCategory
IronDefense Alert IDs
IronDefense Comment Details
IronDefense Severity Details
IronDefense Start Time

Incident Types

Name	Description
IronDefense Alert Notification
IronDefense IronDome Notification
IronDefense Event Notification

Integrations

Name	Description
IronDefense (Partner Contribution)	The IronDefense Integration for Cortex allows users to interact with IronDefense alerts within Cortex. The Integration provides the ability to rate alerts, update alert statuses, add comments to alerts, to report observed bad activity, get alerts, get events, and get IronDome information.

Layoutrule

Name	Description
IronDefense Event Notification Layout Rule
IronDome Notification Layout Rule
IronDefense Alert Notification Layout Rule

Layouts

Name	Description
IronDefense IronDome Notification	IronDefense IronDome Notification Layout
IronDefense Event Notification	IronDefense Event Notification Layout
IronDefense Alert Notification	IronDefense Alert Notification Layout

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Common Types	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR

1.1.33 - R3340687 (May 7, 2025)

Integrations

IronDefense

Metadata and documentation improvements.

Related pull requests:
- 38986

Download

1.1.32 - 1958116 (January 9, 2025)

Integrations

IronDefense

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 38059

Download

1.1.31 - 1748140 (December 4, 2024)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37528
- 37524
- 37525
- 37526
- 37527

Download

1.1.30 - R828628 (February 14, 2024)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 32816

Download

1.1.29 - 762016 (January 14, 2024)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32183

Download

1.1.28 - 722180 (December 28, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31828

Download

1.1.27 - 6299513 (September 12, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.73190.

Related pull requests:
- 29597

Download

1.1.26 - 6139598 (August 24, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29188

Download

1.1.25 - 5987442 (August 8, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.67728.

Related pull requests:
- 28833

Download

1.1.24 - 5851647 (July 24, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.65389.

Related pull requests:
- 28434

Download

1.1.23 - R5801668 (July 18, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27848

Download

1.1.22 - 5546375 (June 16, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.62631.

Related pull requests:
- 27334

Download

1.1.21 - 5363095 (May 25, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 26993

Download

1.1.20 - 5226855 (May 9, 2023)

Integrations

IronDefense

Fixed a library incompatibility by downgrading the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 26405

Download

1.1.19 - 5208997 (May 7, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.11.57293.

Related pull requests:
- 26347

Download

1.1.18 - R5170573 (May 2, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 26019

Download

1.1.17 - 4906551 (March 27, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.10.50695.

Related pull requests:
- 25528

Download

1.1.16 - R4718798 (March 1, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24921

Download

1.1.15 - R4646022 (February 19, 2023)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 23481

Download

1.1.14 - 3379905 (August 2, 2022)

Incident Fields

IronDefense IronDome Category
IronDefense Category

Related pull requests:
- 20257

Download

1.1.13 - 2380698 (February 8, 2022)

Incident Fields

IronDefense Category
IronDefense IronDome Category

Download

1.1.12 - 2355875 (February 3, 2022)

Incident Fields

IronDefense Category
IronDefense Dst Network ID
IronDefense IronDome Category
IronDefense Primary App Protocol

Download

1.1.11 - 2353377 (February 3, 2022)

Incident Fields

IronDefense First Event Created
IronDefense Src Network ID

Download

1.1.10 - 2303329 (January 25, 2022)

Incident Fields

Maintenance and stability enhancements for the following fields:
- IronDefense Src IP
- IronDefense Dst Port
- IronDefense Dst IP

Download

1.1.9 - R2146019 (December 21, 2021)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.9.8.24399.

Download

1.1.8 - 1959372 (November 16, 2021)

Incident Fields

IronDefense IronDome Category
- Maintenance and stability enhancements.

Download

1.1.7 - 7561139 (September 12, 2021)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.9.7.24076.

Download

1.1.6 - R400461 (July 20, 2021)

Integrations

IronDefense

Upgraded the Docker image to: demisto/python3:3.9.5.21272.

Download

1.1.5 - 379915 (June 7, 2021)

Integrations

IronDefense

Upgraded the Docker image to: demisto/python3:3.9.5.20958.

Download

1.1.4 - R264879 (January 10, 2021)

Layouts

layout-details-IronDefense_Event_Notification.json
Maintenance and stability enhancements.

Download

1.1.3 - R229790 (December 22, 2020)

Integrations

IronDefense

Upgraded the Docker image to demisto/python3:3.8.6.13358.

Download

1.1.2 - R180529 (November 9, 2020)

Integrations

IronDefense

Updated the pack support information.

Download

1.1.1 - 95977 (August 26, 2020)

Integrations

IronDefense

Updated the pack support information.

Download

1.1.0 - 95316 (August 26, 2020)

Integrations

IronDefense

Added ability to retrieve IronDefense alerts and events.
Improving descriptions.

Layouts

layout-details-IronDefense_IronDome_Notification.json

Create layout for notificationtype

layout-details-IronDefense_Event_Notification.json

Create layout for notificationtype

layout-details-IronDefense_Alert_Notification.json

Create layout for notificationtype

Incident Fields

IronDefense VUE URL

Add field

IronDefense Updated

Add field

IronDefense Total Bytes

Add field

IronDefense SubCategory

Add field

IronDefense Status

Add field

IronDefense Start Time

Add field

IronDefense Src Network ID

Add field

IronDefense Src IP

Add field

IronDefense Src Entity Attribute Type

Add field

IronDefense Src Entity Attribute

Add field

IronDefense Severity Suspicious Details

Add field

IronDefense Severity Malicious Details

Add field

IronDefense Severity Details

Add field

IronDefense Severity

Add field

IronDefense Secondary App Protocol

Add field

IronDefense Raw Data Format

Add field

IronDefense Primary App Protocol

Add field

IronDefense Mismatch Details

Add field

IronDefense Last event Created

Add field

IronDefense Is Whitelisted

Add field

IronDefense Is Blacklisted

Add field

Incident Types

IronDefense IronDome Notification

add incident type

IronDefense IronDome ID

Add field

IronDefense IronDome Category

Add field

IronDefense High Cognitive System Details

Add field

IronDefense First Event Created

Add field

IronDefense Event Notification

%add incident type

IronDefense Event ID

Add field

IronDefense Event Count

Add field

IronDefense End Time

Add field

IronDefense Dst Port

Add field

IronDefense Dst Network ID

Add field

IronDefense Dst IP

Add field

IronDefense Dst Entity Attribute Type

Add field

IronDefense Dst Entity Attribute

Add field

IronDefense Dome Tags

Add field

IronDefense Dome Shared Time

Add field

IronDefense Created

Add field

IronDefense Confidence

Add field

IronDefense Comment Details

Add field

IronDefense Category

Add field

IronDefense Bytes Out

Add field

IronDefense Bytes In

Add field

IronDefense App Domains

Add field

IronDefense Analyst Severity

Add field

IronDefense Analyst Expectation

Add field

IronDefense Alert Notification

add incident type

IronDefense Alert IDs

Add field

IronDefense Alert ID

Add field

IronDefense Aggregation Criteria

Add field

Classifiers

IronDefense

Added new Classifier

IronDefense - Incoming Mapper

Added new incoming mapper

IronDefense - Classifier

Added new Classifier

Download

1.0.0 - 60526 (June 30, 2020)

Download

1.1.33 - R3340687 (May 7, 2025)

Integrations

IronDefense

Metadata and documentation improvements.

Related pull requests:
- 38986

Download

1.1.32 - 1958116 (January 9, 2025)

Integrations

IronDefense

Code functionality improvements.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Related pull requests:
- 38059

Download

1.1.31 - 1748140 (December 4, 2024)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37528
- 37524
- 37525
- 37526
- 37527

Download

1.1.30 - R828628 (February 14, 2024)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 32816

Download

1.1.29 - 762016 (January 14, 2024)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32183

Download

1.1.28 - 722180 (December 28, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31828

Download

1.1.27 - 6299513 (September 12, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.13.73190.

Related pull requests:
- 29597

Download

1.1.26 - 6139598 (August 24, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29188

Download

1.1.25 - 5991552 (August 8, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.67728.

Related pull requests:
- 28833

Download

1.1.24 - 5855604 (July 24, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.65389.

Related pull requests:
- 28434

Download

1.1.23 - 5692327 (July 5, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27848

Download

1.1.22 - 5546375 (June 16, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.12.62631.

Related pull requests:
- 27334

Download

1.1.21 - 5363095 (May 25, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 26993

Download

1.1.20 - 5226855 (May 9, 2023)

Integrations

IronDefense

Fixed a library incompatibility by downgrading the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 26405

Download

1.1.19 - 5208997 (May 7, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.11.57293.

Related pull requests:
- 26347

Download

1.1.18 - R5170573 (May 2, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 26019

Download

1.1.17 - 4906551 (March 27, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.10.50695.

Related pull requests:
- 25528

Download

1.1.16 - R4718798 (March 1, 2023)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24921

Download

1.1.15 - R4646022 (February 19, 2023)

Layout Rules

New: IronDome Notification Layout Rule

Added support for layouts and layout rules in XSIAM.

New: IronDefense Alert Notification Layout Rule

Added support for layouts and layout rules in XSIAM.

New: IronDefense Event Notification Layout Rule

Added support for layouts and layout rules in XSIAM.

Related pull requests:
- 23481

Download

1.1.14 - 3440760 (August 11, 2022)

Related pull requests:
- 20257

Download

1.1.13 - 2384610 (February 9, 2022)

Incident Fields

IronDefense Category
IronDefense IronDome Category

Download

1.1.12 - 2364310 (February 5, 2022)

Incident Fields

IronDefense First Event Created
IronDefense Src Network ID
IronDefense Category
IronDefense Dst Network ID
IronDefense IronDome Category
IronDefense Primary App Protocol

Download

1.1.10 - 2316504 (January 27, 2022)

Incident Fields

Maintenance and stability enhancements for the following fields:
- IronDefense Src IP
- IronDefense Dst Port
- IronDefense Dst IP

Download

1.1.9 - R2146019 (December 21, 2021)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.9.8.24399.

Download

1.1.8 - 1959372 (November 16, 2021)

Incident Fields

IronDefense IronDome Category
- Maintenance and stability enhancements.

Download

1.1.7 - 7561139 (September 12, 2021)

Integrations

IronDefense

Updated the Docker image to: demisto/python3:3.9.7.24076.

Download

1.1.6 - R400461 (July 20, 2021)

Integrations

IronDefense

Upgraded the Docker image to: demisto/python3:3.9.5.21272.

Download

1.1.5 - 379915 (June 7, 2021)

Integrations

IronDefense

Upgraded the Docker image to: demisto/python3:3.9.5.20958.

Download

1.1.4 - R264879 (January 10, 2021)

Layouts

layout-details-IronDefense_Event_Notification.json
Maintenance and stability enhancements.

Download

1.1.3 - R229790 (December 22, 2020)

Integrations

IronDefense

Upgraded the Docker image to demisto/python3:3.8.6.13358.

Download

1.1.2 - R180529 (November 9, 2020)

Integrations

IronDefense

Updated the pack support information.

Download

1.1.1 - 95977 (August 26, 2020)

Integrations

IronDefense

Updated the pack support information.

Download

1.1.0 - 95316 (August 26, 2020)

Integrations

IronDefense

Added ability to retrieve IronDefense alerts and events.
Improving descriptions.

Layouts

layout-details-IronDefense_IronDome_Notification.json

Create layout for notificationtype

layout-details-IronDefense_Event_Notification.json

Create layout for notificationtype

layout-details-IronDefense_Alert_Notification.json

Create layout for notificationtype

Incident Fields

IronDefense VUE URL

Add field

IronDefense Updated

Add field

IronDefense Total Bytes

Add field

IronDefense SubCategory

Add field

IronDefense Status

Add field

IronDefense Start Time

Add field

IronDefense Src Network ID

Add field

IronDefense Src IP

Add field

IronDefense Src Entity Attribute Type

Add field

IronDefense Src Entity Attribute

Add field

IronDefense Severity Suspicious Details

Add field

IronDefense Severity Malicious Details

Add field

IronDefense Severity Details

Add field

IronDefense Severity

Add field

IronDefense Secondary App Protocol

Add field

IronDefense Raw Data Format

Add field

IronDefense Primary App Protocol

Add field

IronDefense Mismatch Details

Add field

IronDefense Last event Created

Add field

IronDefense Is Whitelisted

Add field

IronDefense Is Blacklisted

Add field

Incident Types

IronDefense IronDome Notification

add incident type

IronDefense IronDome ID

Add field

IronDefense IronDome Category

Add field

IronDefense High Cognitive System Details

Add field

IronDefense First Event Created

Add field

IronDefense Event Notification

%add incident type

IronDefense Event ID

Add field

IronDefense Event Count

Add field

IronDefense End Time

Add field

IronDefense Dst Port

Add field

IronDefense Dst Network ID

Add field

IronDefense Dst IP

Add field

IronDefense Dst Entity Attribute Type

Add field

IronDefense Dst Entity Attribute

Add field

IronDefense Dome Tags

Add field

IronDefense Dome Shared Time

Add field

IronDefense Created

Add field

IronDefense Confidence

Add field

IronDefense Comment Details

Add field

IronDefense Category

Add field

IronDefense Bytes Out

Add field

IronDefense Bytes In

Add field

IronDefense App Domains

Add field

IronDefense Analyst Severity

Add field

IronDefense Analyst Expectation

Add field

IronDefense Alert Notification

add incident type

IronDefense Alert IDs

Add field

IronDefense Alert ID

Add field

IronDefense Aggregation Criteria

Add field

Classifiers

IronDefense

Added new Classifier

IronDefense - Incoming Mapper

Added new incoming mapper

IronDefense - Classifier

Added new Classifier

Download

1.0.0 - 60526 (June 30, 2020)

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	June 30, 2020
Last Release	May 7, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.