Skip to main content

IoT by Palo Alto Networks

Download With Dependencies

Palo Alto Networks IoT

Palo Alto Networks IoT Content Pack

This content pack enables XSOAR to integrate with Palo Alto Networks IoT solution. It includes one integration and four automation scripts.

Palo Alto Networks IoT Integration

Wrap around the IoT Security Portal APIs for

  • getting a device detail by an ID
  • listing devices
  • listing alerts and vulnerabilities
  • resolving alert and vulnerability

This integration can be used for the incident response purpose.

RACI model calculation

Based on a mapping defined in the Settings > Advanced > Lists, the device attributes and the alert/vulnerability fields, this automation script can evalute the "R" and "I" in RACI (Responsible and Informed). This is useful when you have a requirement of assigning incidents to different departments in a large company.

ServiceNow ticket check

The way this pack works with ServiceNow is persisting the new ticket ID in a custom field "ServiceNow Record ID". This automation script is to loop all the opened IoT alerts and vulnerabilities in XSOAR, and query ServiceNow for the ticket status. If the status is "CLOSED", the corresponding XSOAR incident will be closed.

Alert and Vulnerability resolution post-processing script

For resolving the IoT security portal incidents in the post-processing XSOAR stage.

Pack Contributors:

  • Masahiko Inoue

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Palo Alto Networks IoT Content Pack

This content pack enables XSOAR to integrate with Palo Alto Networks IoT solution. It includes one integration and four automation scripts.

Palo Alto Networks IoT Integration

Wrap around the IoT Security Portal APIs for

  • getting a device detail by an ID
  • listing devices
  • listing alerts and vulnerabilities
  • resolving alert and vulnerability

This integration can be used for the incident response purpose.

RACI model calculation

Based on a mapping defined in the Settings > Advanced > Lists, the device attributes and the alert/vulnerability fields, this automation script can evalute the "R" and "I" in RACI (Responsible and Informed). This is useful when you have a requirement of assigning incidents to different departments in a large company.

ServiceNow ticket check

The way this pack works with ServiceNow is persisting the new ticket ID in a custom field "ServiceNow Record ID". This automation script is to loop all the opened IoT alerts and vulnerabilities in XSOAR, and query ServiceNow for the ticket status. If the status is "CLOSED", the corresponding XSOAR incident will be closed.

Alert and Vulnerability resolution post-processing script

For resolving the IoT security portal incidents in the post-processing XSOAR stage.

Pack Contributors:

  • Masahiko Inoue

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedNovember 9, 2020
Last ReleaseMarch 22, 2026
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.