Securonix

Details
Content
Dependencies
Version History

Use the Securonix integration to manage incidents, threats, lookup tables, whitelists and watchlists.

The Securonix platform collects massive volumes of data in real-time, detects advanced threats using innovative machine learning algorithms, enables you to quickly investigate the alerts that matter the most, and provides actionable security intelligence for an automated response.

Pack use-cases

Ingest newly created incidents from Securonix.
Ingest newly created threats from Securonix.
Get, update and create Securonix incidents, add comments and perform actions on the Securonix incidents.
Get, update, create and delete records from the whitelist.
Get, update, create and delete records from the lookup table.
Get, update, and create records from the watchlist.

Note: Support for this pack was moved to Securonix as of 05/25/2022

Pack use-cases

Ingest newly created incidents from Securonix.
Ingest newly created threats from Securonix.
Get, update and create Securonix incidents, add comments and perform actions on the Securonix incidents.
Get, update, create and delete records from the whitelist.
Get, update, create and delete records from the lookup table.
Get, update, and create records from the watchlist.

Note: Support for this pack was moved to Securonix as of 05/25/2022

Automations

Name	Description
SecuronixGetViolations	Gets a list of violations related to a specific threat from the context data and displays it in the layout.
SecuronixCloseHistoricalXSOARIncidents	Close historical XSOAR incidents that are already closed on Securonix. NOTE: This script will close all the XSOAR incidents which are created from Securonix integration and does not have incident type as "Securonix Incident" in the provided time frame.
UpdateSecuronixIncidentStatus	Update the status of the Securonix incident using the configuration provided in integration configuration.

Classifiers

Name	Description
Securonix Incident - Incoming Mapper	Securonix incident incoming mapper.
Securonix Threat - Incoming Mapper	Securonix Threat Incoming Mapper

Incident Fields

Name	Description
Securonix Reason	The reason that the incident was created. Usually includes the policy name and/or possible threat name.
Securonix Policy Type	The incident policy type.
Securonix Workflow Name	The incident workflow name.
Securonix Entity ID	The entity ID.
Securonix ResourceGroup Name	Resource group name.
Securonix Last Update Date	Last update date of the incident in Epoch time.
Securonix Tenant Color	Tenant color.
Securonix Parent Case ID	Parent case ID of the incident.
Securonix Tenant ID	Tenant ID.
Securonix Close Incident	Whether to close incident on Securonix after fetching it in XSOAR or not.
Securonix Violation Spotter Query	Spotter query to fetch the related violations.
Securonix Incident ID	Incident ID.
Securonix Entity	The incident entity.
Securonix Violator Sub Text	Incident violator sub text.
Securonix Incident Type	Incident type.
Securonix Policy Stages	Stage wise policies.
Securonix Is Whitelisted	Whether the incident is added to the allow list.
Securonix Threat Generation Time	Time that the threat was generated in Securonix.
Securonix Category	Threat category.
Securonix Status Completed
Securonix Sandbox Policy
Securonix Resource Type	Resource type.
Securonix Violator Text	Incident violator text.
Securonix Violator	Violator.
Securonix Risk Score	The incident risk score.
Securonix Policies	List of policies violated.
Securonix Violation Count	Total number of Violations related to specific threat.
Securonix Resource Name	Resource name.
Securonix Watchlisted	Whether the incident is on a watchlist.
Securonix Case Create Time	Case event start time.
Securonix Case Event End Time	Case event end time.
Securonix Tenant Short Code	Short code of the tenant.
Securonix Bulk Action Allowed	Whether bulk action is allowed or not.
Securonix Incident Status	Incident status.
Securonix Violator ID	Incident violator ID.

Incident Types

Name	Description
Securonix Threat
Securonix Incident

Integrations

Name	Description
Securonix (Partner Contribution)	Use the Securonix integration to manage incidents, threats, lookup tables, whitelists and watchlists.

Layouts

Name	Description
Securonix Threat	Layout for Securonix Threat Information.
Securonix Incident Information	Securonix Incident Information

Playbooks

Name	Description
Update Incident Status And Fetch Attachments - Securonix	This playbook fetches the attachments for the incident. Also, it updates the state of the Securonix incident based on the configuration provided in integration configuration.
Fetch All Violations - Securonix	Gets a list of violations with pagination using queryId parameter.
Fetch Violations - Securonix	Gets a list of violation data.

Automations

Name	Description
SecuronixCloseHistoricalXSOARIncidents	Close historical XSOAR incidents that are already closed on Securonix. NOTE: This script will close all the XSOAR incidents which are created from Securonix integration and does not have incident type as "Securonix Incident" in the provided time frame.
SecuronixCloseHistoricalXSOARAlerts	Close historical XSOAR alerts that are already closed on Securonix. NOTE: This script will close all the XSOAR alerts which are created from Securonix integration and does not have alert type as "Securonix Alert" in the provided time frame.
UpdateSecuronixIncidentStatus	Update the status of the Securonix incident using the configuration provided in integration configuration.
SecuronixGetViolations	Gets a list of violations related to a specific threat from the context data and displays it in the layout.

Classifiers

Name	Description
Securonix Incident - Incoming Mapper	Securonix incident incoming mapper.
Securonix Threat - Incoming Mapper	Securonix Threat Incoming Mapper

Incident Fields

Name	Description
Securonix Reason	The reason that the incident was created. Usually includes the policy name and/or possible threat name.
Securonix Policy Stages	Stage wise policies.
Securonix Violator	Violator.
Securonix Violator ID	Incident violator ID.
Securonix Bulk Action Allowed	Whether bulk action is allowed or not.
Securonix Status Completed
Securonix ResourceGroup Name	Resource group name.
Securonix Last Update Date	Last update date of the incident in Epoch time.
Securonix Case Event End Time	Case event end time.
Securonix Policy Type	The incident policy type.
Securonix Case Create Time	Case event start time.
Securonix Entity	The incident entity.
Securonix Close Incident	Whether to close incident on Securonix after fetching it in XSOAR or not.
Securonix Violator Text	Incident violator text.
Securonix Policies	List of policies violated.
Securonix Parent Case ID	Parent case ID of the incident.
Securonix Tenant ID	Tenant ID.
Securonix Entity ID	The entity ID.
Securonix Incident ID	Incident ID.
Securonix Category	Threat category.
Securonix Incident Status	Incident status.
Securonix Resource Type	Resource type.
Securonix Workflow Name	The incident workflow name.
Securonix Is Whitelisted	Whether the incident is added to the allow list.
Securonix Violation Count	Total number of Violations related to specific threat.
Securonix Watchlisted	Whether the incident is on a watchlist.
Securonix Violation Spotter Query	Spotter query to fetch the related violations.
Securonix Tenant Color	Tenant color.
Securonix Incident Type	Incident type.
Securonix Sandbox Policy
Securonix Threat Generation Time	Time that the threat was generated in Securonix.
Securonix Risk Score	The incident risk score.
Securonix Violator Sub Text	Incident violator sub text.
Securonix Tenant Short Code	Short code of the tenant.
Securonix Resource Name	Resource name.

Incident Types

Name	Description
Securonix Incident
Securonix Threat

Integrations

Name	Description
Securonix (Partner Contribution)	Use the Securonix integration to manage incidents, threats, lookup tables, whitelists and watchlists.

Playbooks

Name	Description
Fetch Violations - Securonix	Gets a list of violation data.
Fetch All Violations - Securonix	Gets a list of violations with pagination using queryId parameter.
Update Alert Status And Fetch Attachments - Securonix	This playbook fetches the attachments for the alert. Also, it updates the state of the Securonix alert based on the configuration provided in integration configuration.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (5)

Pack Name	Pack By
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Base	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR

2.0.30 - 7843807 (March 22, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43568

Download

2.0.29 - 5733038 (November 4, 2025)

Integrations

Added support for max argument in the securonix-list-activity-data command.
Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41473
- 41772

Download

2.0.28 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

2.0.27 - R5469292 (October 20, 2025)

Scripts

SecuronixCloseHistoricalXSOARIncidents

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SecuronixGetViolations

Updated the Docker image to: demisto/python3:3.12.8.3296088.

UpdateSecuronixIncidentStatus

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41158

Download

2.0.26 - R3980324 (June 26, 2025)

Integrations

Securonix

Updated the default value of the max argument in the securonix-list-violation-data command to 1000.
Updated the Docker image to: demisto/python3:3.12.8.3720084.

Related pull requests:
- 40247
- 40250

Download

2.0.25 - 3693797 (June 8, 2025)

Integrations

Securonix

Added support for max argument in the securonix-list-violation-data command.
Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40148
- 40203

Download

2.0.24 - R3481649 (May 21, 2025)

Integrations

Securonix

Metadata and documentation improvements.

Scripts

UpdateSecuronixIncidentStatus

Metadata and documentation improvements.

SecuronixGetViolations

Metadata and documentation improvements.

SecuronixCloseHistoricalXSOARIncidents

Metadata and documentation improvements.

Related pull requests:
- 39088

Download

2.0.23 - R2989425 (March 26, 2025)

Integrations

Securonix

Added support for the "Policy Stages" field for the fetch Securonix Incident.
Updated the following commands to support the "Policy Stages" field in reason.
- securonix-list-incidents
- securonix-get-incident
Updated the compatibility. Securonix XSOAR integration version 2.0.23 is compatible with 6.4_Nov2024_R2 onwards.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Layouts

Securonix Incident Information
Added the Securonix Policy Stages incident field in the layout.

Mappers

Securonix Incident - Incoming Mapper

Updated the mapper for the addition of Securonix Policy Stages Incident Field.

Related pull requests:
- 37638
- 37554

Download

2.0.22 - 1748140 (December 4, 2024)

Scripts

SecuronixGetViolations

Updated the Docker image to: demisto/python3:3.11.10.115186.

SecuronixCloseHistoricalXSOARIncidents

Updated the Docker image to: demisto/python3:3.11.10.115186.

UpdateSecuronixIncidentStatus

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37528
- 37524
- 37525
- 37526
- 37527

Download

2.0.21 - 1358619 (September 8, 2024)

Integrations

Securonix

Updated the securonix-list-activity-data command to populate all the context fields coming from the API response.
Updated the Docker image to: demisto/python3:3.11.9.109226.

Related pull requests:
- 36165
- 36173

Download

2.0.20 - 998827 (May 6, 2024)

Incident Fields

New: Securonix Policy Type

Integrations

Securonix

Improved implementation logic for the query argument for the securonix-list-activity-data and securonix-list-violation-data commands by adding the support for the escape characters "\", "*", and "?" when passing them to the API. No action required by the customer.
Added a new argument "policy_type" to the securonix-list-violation-data command.
Updated the retry mechanism for the securonix-list-violation-data command to dynamically set the "to" argument to the current time based on the specified policy types: Land Speed, DIRECTIVE, BEACONING, TIER2.
Updated the securonix-list-activity-data command to support the optional index key in the query argument. If the index is not specified in the query, it will append and search in the activity index on the Spotter API by default.
Fixed an issue with the handling of special characters in the HR (Human Readable) for the following commands:
- securonix-list-incident
- securonix-get-incident
- securonix-list-violation-data
- securonix-list-activity-data
Updated the compatibility. Securonix XSOAR integration version 2.0.20 is compatible with 6.4_Apr2024_R1 onwards.
Updated the Docker image to: demisto/python3:3.10.14.92207.

Layouts

Securonix Incident Information
Added the Securonix Policy Type incident field in the layout.

Mappers

Securonix Incident - Incoming Mapper

Updated the mapper for the addition of Securonix Policy Type Incident Field.
Updated the mapper for the Securonix Violation Spotter Query Incident Field to preserve the "@" symbol in the field value.

Related pull requests:
- 33833
- 34199

Download

2.0.19 - 839519 (February 20, 2024)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 33007

Download

2.0.18 - 798475 (February 1, 2024)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32533

Download

2.0.17 - 767481 (January 17, 2024)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32259

Download

2.0.16 - 752611 (January 9, 2024)

Scripts

UpdateSecuronixIncidentStatus

Updated the Docker image to: demisto/python3:3.10.13.83255.

SecuronixCloseHistoricalXSOARIncidents

Updated the Docker image to: demisto/python3:3.10.13.83255.

SecuronixGetViolations

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 32030

Download

2.0.15 - 722180 (December 28, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31828

Download

2.0.14 - R6950398 (November 21, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.13.80014.

Related pull requests:
- 30914

Download

2.0.13 - 6693172 (October 24, 2023)

Integrations

Securonix

Updated the securonix-get-incident and securonix-list-incidents commands to include the Spotter query in the human readable output and context by upgrading to the latest version of the API.
Updated the securonix-list-incidents command to include the Incident ID field in the human readable output column.
Updated the securonix-list-violation-data command, where the query argument now supports the auto inclusion of the "index" with a default value of "violation" if not provided.
Updated the Docker image to: demisto/python3:3.10.13.78960.

Mappers

Securonix Incident - Incoming Mapper

Updated the mapper for the Securonix Violation Spotter Query incident field.

Securonix Threat - Incoming Mapper

Updated the mapper for the Securonix Violation Spotter Query incident field.

Related pull requests:
- 30340
- 30370

Download

2.0.12 - 6259960 (September 7, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29530

Download

2.0.11 - 6133197 (August 23, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29157

Download

2.0.10 - 5998185 (August 9, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.12.68300.

Related pull requests:
- 28856

Download

2.0.9 - R5866730 (July 25, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.12.65389.

Related pull requests:
- 28464

Download

2.0.8 - R5801668 (July 18, 2023)

Scripts

UpdateSecuronixIncidentStatus

Updated the Docker image to: demisto/python3:3.10.12.63474.

SecuronixCloseHistoricalXSOARIncidents

Updated the Docker image to: demisto/python3:3.10.12.63474.

SecuronixGetViolations

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 28017

Download

2.0.7 - R5692327 (July 5, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27682

Download

2.0.6 - R5450895 (June 5, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27215

Download

2.0.5 - 5318720 (May 21, 2023)

Scripts

SecuronixCloseHistoricalXSOARIncidents

Transform automation names from "incident" to "alert" in XSIAM.
Updated the Docker image to: demisto/python3:3.10.11.58677.

UpdateSecuronixIncidentStatus

Added the skipprepare attribute to prevent scripts and tasks containing the word incident from being replaced with the word alert.
Updated the Docker image to: demisto/python3:3.10.11.58677.

Related pull requests:
- 26365

Download

2.0.4 - 5304600 (May 19, 2023)

Integrations

Securonix

Upgraded the Docker image to: demisto/python3:3.10.11.59070.

Related pull requests:
- 26640

Download

2.0.3 - 5189071 (May 4, 2023)

Integrations

Securonix

Added support for handling invalid token error. If an invalid token error occurs, this will reset the integration cache and regenerate the new token on the subsequent execution.
Updated the Docker image to: demisto/python3:3.10.11.56857.

Scripts

SecuronixGetViolations

Updated the Docker image to: demisto/python3:3.10.11.56857.

SecuronixCloseHistoricalXSOARIncidents

Updated the Docker image to: demisto/python3:3.10.11.56857.

UpdateSecuronixIncidentStatus

Updated the Docker image to: demisto/python3:3.10.11.56857.

Related pull requests:
- 26276
- 26309

Download

2.0.2 - R5170573 (May 2, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.10.52956.

Related pull requests:
- 25745

Download

2.0.1 - R4954430 (April 2, 2023)

Incident Types

Securonix Threat
Updated the default violation playbook.

Integrations

Securonix

Added a new command securonix-lookup-table-entries-delete to delete specific entries from the lookup table.
Added support for specifying expiration time for a lookup table entry in the securonix-lookup-table-entry-add command.
Added support for 2 new parameters ‘sort’ and ‘order’ to sort the lookup table entries in the securonix-lookup-table-entries-list command.
Added support for pagination in fetching violations in the playbook.
Updated the Docker image to: demisto/python3:3.10.10.49934.

Playbooks

New: Fetch Violations - Securonix

Added a playbook to get a list of violation data. (Available from Cortex XSOAR 6.5.0).

New: Fetch All Violations - Securonix

Added a playbook to get a list of violations with pagination using queryId parameter. (Available from Cortex XSOAR 6.5.0).

Scripts

SecuronixGetViolations

Updated the script to show the latest 200 violation events in the "Violation Events" panel of the "Securonix Threat" incident type's layout.
Updated the Docker image to: demisto/python3:3.10.10.49934.

SecuronixCloseHistoricalXSOARIncidents

Updated the description of the script.
Updated the Docker image to: demisto/python3:3.10.10.49934.

Related pull requests:
- 25374
- 25263

Download

2.0.0 - 4746941 (March 5, 2023)

Incident Fields

Securonix Risk Score
Securonix Category
Securonix Case Create Time
Securonix Tenant Color
Securonix Resource Name
Securonix Violation Count
Securonix Incident ID
Securonix Bulk Action Allowed
Securonix Parent Case ID
Securonix Entity ID
Securonix Policies
Securonix Sandbox Policy
Securonix Watchlisted
Securonix Incident Type
Securonix ResourceGroup Name
Securonix Status Completed
Securonix Case Event End Time
Securonix Reason
Securonix Last Update Date
Securonix Close Incident
Securonix Violator
Securonix Violation Spotter Query
Securonix Is Whitelisted
Securonix Tenant ID
Securonix Tenant Short Code
Securonix Entity
Securonix Workflow Name
Securonix Violator Text
Securonix Threat Generation Time
Securonix Violator ID
Securonix Violator Sub Text
Securonix Incident Status
Securonix Resource Type

Incident Types

Securonix Incident
Securonix Threat

Integrations

Securonix

Added support for Incident Mirroring. With version, 2.0.0 users can mirror the incidents comments, attachments & states across the platforms(Securonix & XSOAR).
Added support for fetching threats from Securonix which will fetch Securonix Threats (with related violations) as XSOAR Incidents.
Added a configurable retry mechanism for fetching incidents and performing actions using commands.
Improved implementation of the token re-generation logic, now will generate a token every 24 hours instead of generating it for each API call.
Added support for CRUD operation on Securonix Whitelist.
securonix-whitelists-get
securonix-whitelist-entry-list
securonix-whitelist-entry-add
securonix-whitelist-entry-delete
securonix-whitelist-create
Added support for CRUD operation on Securonix Lookup tables.
securonix-lookup-table-config-and-data-delete
securonix-lookup-tables-list
securonix-lookup-table-entry-add
securonix-lookup-table-entries-list
securonix-lookup-table-create
Updated the Docker image to: demisto/python3:3.10.10.48392.

Layouts

New: Securonix Incident Information
Added a layout for Securonix Incident Information. (Available from Cortex XSOAR 6.5.0).
New: Securonix Threat
Added a layout for Securonix Threat Information. (Available from Cortex XSOAR 6.5.0).

Mappers

New: Securonix Threat - Incoming Mapper

Added a mapper to map the Securonix threat fields with custom fields. (Available from Cortex XSOAR 6.5.0).

New: Securonix Incident - Incoming Mapper

Added a mapper to map the Securonix incident fields with custom fields. (Available from Cortex XSOAR 6.5.0).

Playbooks

New: Update Incident Status And Fetch Attachments - Securonix

Added a playbook to fetch the attachments for the incident. Also, it updates the state of the Securonix incident based on the configuration provided in integration configuration. (Available from Cortex XSOAR 6.5.0).

New: Fetch Threat Violations - Securonix

Added a playbook to fetch violations related to threat. (Available from Cortex XSOAR 6.5.0).

Scripts

New: SecuronixCloseHistoricalXSOARIncidents

Added an automation script to close historical XSOAR incidents that are already closed on Securonix. (Available from Cortex XSOAR 6.5.0).

New: SecuronixGetViolations

Added an automation script to get a list of violations related to a specific threat from the context data and displays it in the layout. (Available from Cortex XSOAR 6.5.0).

New: UpdateSecuronixIncidentStatus

Added an automation script to update the status of the Securonix incident using the configuration provided in integration configuration. (Available from Cortex XSOAR 6.5.0).

Related pull requests:
- 24771
- 24989

Download

1.2.0 - R4718798 (March 1, 2023)

Integrations

Securonix

Updated the incident name created in the fetch-incidents command.
The incident name will be according to the Threat Model field. If it does not exist, it will be according to the Policy field.
If neither field exists, the incident name will be the incident ID combined with the violator ID.
This update is due to a change in the Securonix API and suggestions from the Securonix support team.
Updated the Docker image to: demisto/python3:3.10.4.30607.

Related pull requests:
- 19697

Download

2.0.30 - 7850318 (March 23, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43568

Download

2.0.29 - 5733038 (November 4, 2025)

Integrations

Securonix

Added support for max argument in the securonix-list-activity-data command.
Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41473
- 41772

Download

2.0.28 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

2.0.27 - R5469292 (October 20, 2025)

Scripts

SecuronixCloseHistoricalXSOARIncidents

Updated the Docker image to: demisto/python3:3.12.8.3296088.

SecuronixGetViolations

Updated the Docker image to: demisto/python3:3.12.8.3296088.

UpdateSecuronixIncidentStatus

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 41158

Download

2.0.26 - R3980324 (June 26, 2025)

Integrations

Securonix

Updated the default value of the max argument in the securonix-list-violation-data command to 1000.
Updated the Docker image to: demisto/python3:3.12.8.3720084.

Related pull requests:
- 40247
- 40250

Download

2.0.25 - 3693797 (June 8, 2025)

Integrations

Securonix

Added support for max argument in the securonix-list-violation-data command.
Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40148
- 40203

Download

2.0.24 - R3481649 (May 21, 2025)

Integrations

Securonix

Metadata and documentation improvements.

Scripts

UpdateSecuronixIncidentStatus

Metadata and documentation improvements.

SecuronixGetViolations

Metadata and documentation improvements.

SecuronixCloseHistoricalXSOARIncidents

Metadata and documentation improvements.

Related pull requests:
- 39088

Download

2.0.23 - R2989425 (March 26, 2025)

Integrations

Securonix

Added support for the "Policy Stages" field for the fetch Securonix Incident.
Updated the following commands to support the "Policy Stages" field in reason.
- securonix-list-incidents
- securonix-get-incident
Updated the compatibility. Securonix XSOAR integration version 2.0.23 is compatible with 6.4_Nov2024_R2 onwards.
Updated the Docker image to: demisto/python3:3.11.10.116949.

Mappers

Securonix Incident - Incoming Mapper

Updated the mapper for the addition of Securonix Policy Stages Incident Field.

Related pull requests:
- 37638
- 37554

Download

2.0.22 - 1748140 (December 4, 2024)

Scripts

SecuronixGetViolations

Updated the Docker image to: demisto/python3:3.11.10.115186.

SecuronixCloseHistoricalXSOARIncidents

Updated the Docker image to: demisto/python3:3.11.10.115186.

UpdateSecuronixIncidentStatus

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37528
- 37524
- 37525
- 37526
- 37527

Download

2.0.21 - 1358619 (September 8, 2024)

Integrations

Securonix

Updated the securonix-list-activity-data command to populate all the context fields coming from the API response.
Updated the Docker image to: demisto/python3:3.11.9.109226.

Related pull requests:
- 36165
- 36173

Download

2.0.20 - 998827 (May 6, 2024)

Incident Fields

New: Securonix Policy Type

Integrations

Securonix

Improved implementation logic for the query argument for the securonix-list-activity-data and securonix-list-violation-data commands by adding the support for the escape characters "\", "*", and "?" when passing them to the API. No action required by the customer.
Added a new argument "policy_type" to the securonix-list-violation-data command.
Updated the retry mechanism for the securonix-list-violation-data command to dynamically set the "to" argument to the current time based on the specified policy types: Land Speed, DIRECTIVE, BEACONING, TIER2.
Updated the securonix-list-activity-data command to support the optional index key in the query argument. If the index is not specified in the query, it will append and search in the activity index on the Spotter API by default.
Fixed an issue with the handling of special characters in the HR (Human Readable) for the following commands:
- securonix-list-incident
- securonix-get-incident
- securonix-list-violation-data
- securonix-list-activity-data
Updated the compatibility. Securonix XSOAR integration version 2.0.20 is compatible with 6.4_Apr2024_R1 onwards.
Updated the Docker image to: demisto/python3:3.10.14.92207.

Mappers

Securonix Incident - Incoming Mapper

Updated the mapper for the addition of Securonix Policy Type Incident Field.
Updated the mapper for the Securonix Violation Spotter Query Incident Field to preserve the "@" symbol in the field value.

Related pull requests:
- 33833
- 34199

Download

2.0.19 - 839519 (February 20, 2024)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 33007

Download

2.0.18 - 797274 (January 31, 2024)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32533

Download

2.0.17 - 767481 (January 17, 2024)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32259

Download

2.0.16 - 752611 (January 9, 2024)

Scripts

UpdateSecuronixIncidentStatus

Updated the Docker image to: demisto/python3:3.10.13.83255.

SecuronixCloseHistoricalXSOARIncidents

Updated the Docker image to: demisto/python3:3.10.13.83255.

SecuronixGetViolations

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 32030

Download

2.0.15 - 722180 (December 28, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31828

Download

2.0.14 - R6950398 (November 21, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.13.80014.

Related pull requests:
- 30914

Download

2.0.13 - 6693172 (October 24, 2023)

Integrations

Securonix

Updated the securonix-get-incident and securonix-list-incidents commands to include the Spotter query in the human readable output and context by upgrading to the latest version of the API.
Updated the securonix-list-incidents command to include the Incident ID field in the human readable output column.
Updated the securonix-list-violation-data command, where the query argument now supports the auto inclusion of the "index" with a default value of "violation" if not provided.
Updated the Docker image to: demisto/python3:3.10.13.78960.

Mappers

Securonix Incident - Incoming Mapper

Updated the mapper for the Securonix Violation Spotter Query incident field.

Securonix Threat - Incoming Mapper

Updated the mapper for the Securonix Violation Spotter Query incident field.

Related pull requests:
- 30340
- 30370

Download

2.0.12 - 6259960 (September 7, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29530

Download

2.0.11 - 6133197 (August 23, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29157

Download

2.0.10 - 5998185 (August 9, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.12.68300.

Related pull requests:
- 28856

Download

2.0.9 - R5866730 (July 25, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.12.65389.

Related pull requests:
- 28464

Download

2.0.8 - 5731243 (July 10, 2023)

Scripts

UpdateSecuronixIncidentStatus

Updated the Docker image to: demisto/python3:3.10.12.63474.

SecuronixCloseHistoricalXSOARIncidents

Updated the Docker image to: demisto/python3:3.10.12.63474.

SecuronixGetViolations

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 28017

Download

2.0.7 - 5618116 (June 26, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27682

Download

2.0.6 - 5447040 (June 5, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27215

Download

2.0.5 - 5318720 (May 21, 2023)

Scripts

SecuronixCloseHistoricalXSOARIncidents

Transform automation names from "incident" to "alert" in XSIAM.
Updated the Docker image to: demisto/python3:3.10.11.58677.

UpdateSecuronixIncidentStatus

Added the skipprepare attribute to prevent scripts and tasks containing the word incident from being replaced with the word alert.
Updated the Docker image to: demisto/python3:3.10.11.58677.

Related pull requests:
- 26365

Download

2.0.4 - 5304600 (May 19, 2023)

Integrations

Securonix

Upgraded the Docker image to: demisto/python3:3.10.11.59070.

Related pull requests:
- 26640

Download

2.0.3 - 5189071 (May 4, 2023)

Integrations

Securonix

Added support for handling invalid token error. If an invalid token error occurs, this will reset the integration cache and regenerate the new token on the subsequent execution.
Updated the Docker image to: demisto/python3:3.10.11.56857.

Scripts

SecuronixGetViolations

Updated the Docker image to: demisto/python3:3.10.11.56857.

SecuronixCloseHistoricalXSOARIncidents

Updated the Docker image to: demisto/python3:3.10.11.56857.

UpdateSecuronixIncidentStatus

Updated the Docker image to: demisto/python3:3.10.11.56857.

Related pull requests:
- 26276
- 26309

Download

2.0.2 - R5170573 (May 2, 2023)

Integrations

Securonix

Updated the Docker image to: demisto/python3:3.10.10.52956.

Related pull requests:
- 25745

Download

2.0.1 - R4954430 (April 2, 2023)

Incident Types

Securonix Threat
Updated the default violation playbook.

Integrations

Securonix

Added a new command securonix-lookup-table-entries-delete to delete specific entries from the lookup table.
Added support for specifying expiration time for a lookup table entry in the securonix-lookup-table-entry-add command.
Added support for 2 new parameters ‘sort’ and ‘order’ to sort the lookup table entries in the securonix-lookup-table-entries-list command.
Added support for pagination in fetching violations in the playbook.
Updated the Docker image to: demisto/python3:3.10.10.49934.

Playbooks

New: Fetch Violations - Securonix

Added a playbook to get a list of violation data. (Available from Cortex XSOAR 6.5.0).

New: Fetch All Violations - Securonix

Added a playbook to get a list of violations with pagination using queryId parameter. (Available from Cortex XSOAR 6.5.0).

Scripts

SecuronixGetViolations

Updated the script to show the latest 200 violation events in the "Violation Events" panel of the "Securonix Threat" incident type's layout.
Updated the Docker image to: demisto/python3:3.10.10.49934.

SecuronixCloseHistoricalXSOARIncidents

Updated the description of the script.
Updated the Docker image to: demisto/python3:3.10.10.49934.

Related pull requests:
- 25374
- 25263

Download

2.0.0 - R4746941 (March 5, 2023)

Incident Fields

Securonix Risk Score
Securonix Category
Securonix Case Create Time
Securonix Tenant Color
Securonix Resource Name
Securonix Violation Count
Securonix Incident ID
Securonix Bulk Action Allowed
Securonix Parent Case ID
Securonix Entity ID
Securonix Policies
Securonix Sandbox Policy
Securonix Watchlisted
Securonix Incident Type
Securonix ResourceGroup Name
Securonix Status Completed
Securonix Case Event End Time
Securonix Reason
Securonix Last Update Date
Securonix Close Incident
Securonix Violator
Securonix Violation Spotter Query
Securonix Is Whitelisted
Securonix Tenant ID
Securonix Tenant Short Code
Securonix Entity
Securonix Workflow Name
Securonix Violator Text
Securonix Threat Generation Time
Securonix Violator ID
Securonix Violator Sub Text
Securonix Incident Status
Securonix Resource Type

Incident Types

Securonix Incident
Securonix Threat

Integrations

Securonix

Added support for Incident Mirroring. With version, 2.0.0 users can mirror the incidents comments, attachments & states across the platforms(Securonix & XSOAR).
Added support for fetching threats from Securonix which will fetch Securonix Threats (with related violations) as XSOAR Incidents.
Added a configurable retry mechanism for fetching incidents and performing actions using commands.
Improved implementation of the token re-generation logic, now will generate a token every 24 hours instead of generating it for each API call.
Added support for CRUD operation on Securonix Whitelist.
securonix-whitelists-get
securonix-whitelist-entry-list
securonix-whitelist-entry-add
securonix-whitelist-entry-delete
securonix-whitelist-create
Added support for CRUD operation on Securonix Lookup tables.
securonix-lookup-table-config-and-data-delete
securonix-lookup-tables-list
securonix-lookup-table-entry-add
securonix-lookup-table-entries-list
securonix-lookup-table-create
Updated the Docker image to: demisto/python3:3.10.10.48392.

Mappers

New: Securonix Threat - Incoming Mapper

Added a mapper to map the Securonix threat fields with custom fields. (Available from Cortex XSOAR 6.5.0).

New: Securonix Incident - Incoming Mapper

Added a mapper to map the Securonix incident fields with custom fields. (Available from Cortex XSOAR 6.5.0).

Playbooks

New: Update Incident Status And Fetch Attachments - Securonix

Added a playbook to fetch the attachments for the incident. Also, it updates the state of the Securonix incident based on the configuration provided in integration configuration. (Available from Cortex XSOAR 6.5.0).

New: Fetch Threat Violations - Securonix

Added a playbook to fetch violations related to threat. (Available from Cortex XSOAR 6.5.0).

Scripts

New: SecuronixCloseHistoricalXSOARIncidents

Added an automation script to close historical XSOAR incidents that are already closed on Securonix. (Available from Cortex XSOAR 6.5.0).

New: SecuronixGetViolations

Added an automation script to get a list of violations related to a specific threat from the context data and displays it in the layout. (Available from Cortex XSOAR 6.5.0).

New: UpdateSecuronixIncidentStatus

Added an automation script to update the status of the Securonix incident using the configuration provided in integration configuration. (Available from Cortex XSOAR 6.5.0).

Related pull requests:
- 24771
- 24989

Download

1.2.0 - R4718798 (March 1, 2023)

Integrations

Securonix

Updated the incident name created in the fetch-incidents command.
The incident name will be according to the Threat Model field. If it does not exist, it will be according to the Policy field.
If neither field exists, the incident name will be the incident ID combined with the violator ID.
This update is due to a change in the Securonix API and suggestions from the Securonix support team.
Updated the Docker image to: demisto/python3:3.10.4.30607.

Related pull requests:
- 19697

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	September 9, 2020
Last Release	March 22, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.