Skip to main content

IoT by Palo Alto Networks

Download With Dependencies

Palo Alto Networks IoT

Palo Alto Networks IoT Content Pack

This content pack enables XSOAR to integrate with Palo Alto Networks IoT solution. It includes one integration and four automation scripts.

Palo Alto Networks IoT Integration

Wrap around the IoT Security Portal APIs for

  • getting a device detail by an ID
  • listing devices
  • listing alerts and vulnerabilities
  • resolving alert and vulnerability

This integration can be used for the incident response purpose.

RACI model calculation

Based on a mapping defined in the Settings > Advanced > Lists, the device attributes and the alert/vulnerability fields, this automation script can evalute the "R" and "I" in RACI (Responsible and Informed). This is useful when you have a requirement of assigning incidents to different departments in a large company.

ServiceNow ticket check

The way this pack works with ServiceNow is persisting the new ticket ID in a custom field "ServiceNow Record ID". This automation script is to loop all the opened IoT alerts and vulnerabilities in XSOAR, and query ServiceNow for the ticket status. If the status is "CLOSED", the corresponding XSOAR incident will be closed.

Alert and Vulnerability resolution post-processing script

For resolving the IoT security portal incidents in the post-processing XSOAR stage.

Pack Contributors:


  • Masahiko Inoue

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Palo Alto Networks IoT Content Pack

This content pack enables XSOAR to integrate with Palo Alto Networks IoT solution. It includes one integration and four automation scripts.

Palo Alto Networks IoT Integration

Wrap around the IoT Security Portal APIs for

  • getting a device detail by an ID
  • listing devices
  • listing alerts and vulnerabilities
  • resolving alert and vulnerability

This integration can be used for the incident response purpose.

RACI model calculation

Based on a mapping defined in the Settings > Advanced > Lists, the device attributes and the alert/vulnerability fields, this automation script can evalute the "R" and "I" in RACI (Responsible and Informed). This is useful when you have a requirement of assigning incidents to different departments in a large company.

ServiceNow ticket check

The way this pack works with ServiceNow is persisting the new ticket ID in a custom field "ServiceNow Record ID". This automation script is to loop all the opened IoT alerts and vulnerabilities in XSOAR, and query ServiceNow for the ticket status. If the status is "CLOSED", the corresponding XSOAR incident will be closed.

Alert and Vulnerability resolution post-processing script

For resolving the IoT security portal incidents in the post-processing XSOAR stage.

Pack Contributors:


  • Masahiko Inoue

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedNovember 9, 2020
Last ReleaseAugust 29, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.