IoT by Palo Alto Networks

Details
Content
Dependencies
Version History

Palo Alto Networks IoT

Palo Alto Networks IoT Content Pack

This content pack enables XSOAR to integrate with Palo Alto Networks IoT solution. It includes one integration and four automation scripts.

Palo Alto Networks IoT Integration

Wrap around the IoT Security Portal APIs for

getting a device detail by an ID
listing devices
listing alerts and vulnerabilities
resolving alert and vulnerability

This integration can be used for the incident response purpose.

RACI model calculation

Based on a mapping defined in the Settings > Advanced > Lists, the device attributes and the alert/vulnerability fields, this automation script can evalute the "R" and "I" in RACI (Responsible and Informed). This is useful when you have a requirement of assigning incidents to different departments in a large company.

ServiceNow ticket check

The way this pack works with ServiceNow is persisting the new ticket ID in a custom field "ServiceNow Record ID". This automation script is to loop all the opened IoT alerts and vulnerabilities in XSOAR, and query ServiceNow for the ticket status. If the status is "CLOSED", the corresponding XSOAR incident will be closed.

Alert and Vulnerability resolution post-processing script

For resolving the IoT security portal incidents in the post-processing XSOAR stage.

Palo Alto Networks IoT Content Pack

This content pack enables XSOAR to integrate with Palo Alto Networks IoT solution. It includes one integration and four automation scripts.

Palo Alto Networks IoT Integration

Wrap around the IoT Security Portal APIs for

getting a device detail by an ID
listing devices
listing alerts and vulnerabilities
resolving alert and vulnerability

This integration can be used for the incident response purpose.

RACI model calculation

ServiceNow ticket check

Alert and Vulnerability resolution post-processing script

For resolving the IoT security portal incidents in the post-processing XSOAR stage.

Automations

Name	Description
iot-security-alert-post-processing	IoT alert post processing script to resolve the alert in IoT security portal using API
iot-security-get-raci	IoT RACI model script.
iot-security-check-servicenow	Close the XSOAR incident if the IoT ServiceNow ticket was closed. This command should be run in a Job.
iot-security-vuln-post-processing	IoT vulnerability post processing script to resolve the vulnerability incident in IoT security portal using API

Incident Fields

Name	Description
ServiceNow Table Name	The name of the ServiceNow Table
IoT Incident URL	The url to Palo Alto Networks IoT incident
ServiceNow Record ID	The ServiceNow record system ID

Incident Types

Name	Description
IoT Vulnerability
IoT Alert

Integrations

Name	Description
Palo Alto Networks IoT	This is the Palo Alto Networks IoT integration (previously Zingbox).

Playbooks

Name	Description
PANW IoT Incident Handling with ServiceNow	This playbook creates a ServiceNow ticket after the incident is enriched by Palo Alto Networks IoT security portal (previously Zingbox Cloud).
PANW IoT ServiceNow Tickets Check	This playbook should be used in a recurring Job to check the ServiceNow ticket status for the Palo Alto Networks IoT (previously Zingbox) alerts or vulnerabilties.

Automations

Name	Description
iot-security-check-servicenow	Close the XSOAR incident if the IoT ServiceNow ticket was closed. This command should be run in a Job.
iot-security-vuln-post-processing	IoT vulnerability post processing script to resolve the vulnerability incident in IoT security portal using API
iot-security-get-raci	IoT RACI model script.
iot-security-alert-post-processing	IoT alert post processing script to resolve the alert in IoT security portal using API

Incident Fields

Name	Description
IoT Incident URL	The url to Palo Alto Networks IoT incident
ServiceNow Table Name	The name of the ServiceNow Table
ServiceNow Record ID	The ServiceNow record system ID

Incident Types

Name	Description
IoT Vulnerability
IoT Alert

Integrations

Name	Description
Palo Alto Networks IoT	This is the Palo Alto Networks IoT integration (previously Zingbox).

Playbooks

Name	Description
PANW IoT ServiceNow Tickets Check	This playbook should be used in a recurring Job to check the ServiceNow ticket status for the Palo Alto Networks IoT (previously Zingbox) alerts or vulnerabilties.
PANW IoT Alert Handling with ServiceNow	This playbook creates a ServiceNow ticket after the alert is enriched by Palo Alto Networks IoT security portal (previously Zingbox Cloud).

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
ServiceNow	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (6)

Pack Name	Pack By
Rasterize	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
ServiceNow	By: Cortex XSOAR

1.0.33 - 798475 (February 1, 2024)

Scripts

iot-security-vuln-post-processing

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32424

Download

1.0.32 - 793334 (January 30, 2024)

Scripts

iot-security-alert-post-processing

Updated the Docker image to: demisto/python3:3.10.13.86272.

iot-security-check-servicenow

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32408

Download

1.0.31 - 722180 (December 28, 2023)

Scripts

iot-security-get-raci

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31812

Download

1.0.30 - R6592021 (October 13, 2023)

Integrations

Palo Alto Networks IoT

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29394

Download

1.0.29 - 5925411 (August 1, 2023)

Integrations

Palo Alto Networks IoT

Updated the Docker image to: demisto/python3:3.10.12.66339.

Related pull requests:
- 28640

Download

1.0.28 - R5866730 (July 25, 2023)

Scripts

iot-security-vuln-post-processing

Updated the Docker image to: demisto/python3:3.10.12.63474.

iot-security-check-servicenow

Updated the Docker image to: demisto/python3:3.10.12.63474.

iot-security-alert-post-processing

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 28221

Download

1.0.27 - 5760561 (July 13, 2023)

Scripts

iot-security-get-raci

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 28124

Download

1.0.26 - R5692327 (July 5, 2023)

Integrations

Palo Alto Networks IoT

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27707

Download

1.0.25 - 5498982 (June 11, 2023)

Integrations

Palo Alto Networks IoT

Updated the Docker image to: demisto/python3:3.10.12.62631.
Added support for fetch logs.

Related pull requests:
- 27124

Download

1.0.24 - R5450895 (June 5, 2023)

Integrations

Palo Alto Networks IoT

Updated the Docker image to: demisto/python3:3.10.11.61265.

Scripts

iot-security-get-raci

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27113

Download

1.0.23 - R5170573 (May 2, 2023)

Integrations

Palo Alto Networks IoT

Updated the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 25780

Download

1.0.22 - 4872060 (March 22, 2023)

Integrations

Palo Alto Networks IoT

Updated the Docker image to: demisto/python3:3.10.10.49934.

Related pull requests:
- 25383

Download

1.0.21 - R4763226 (March 7, 2023)

Integrations

Palo Alto Networks IoT

Fixed an issue where fetch-incidents sometimes failed fetching vulnerabilities.

Related pull requests:
- 24977

Download

1.0.20 - R4718798 (March 1, 2023)

Integrations

Palo Alto Networks IoT

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24902

Download

1.0.19 - R4646022 (February 19, 2023)

Integrations

Palo Alto Networks IoT

Updated the Docker image to: demisto/python3:3.10.9.46807.

Scripts

iot-security-get-raci

Updated the Docker image to: demisto/python3:3.10.9.46807.

Related pull requests:
- 24461

Download

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	November 9, 2020
Last Release	February 1, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.