Skip to main content

Silverfort

Download With Dependencies

Silverfort protects organizations from data breaches by delivering strong authentication across entire corporate networks and cloud environments, without requiring any modifications to endpoints or servers. Using patent-pending technology, Silverfort's agentless approach enables multi-factor authentication and AI-driven adaptive authentication even for systems that don’t support it today, including proprietary systems, critical infrastructure, shared folders, IoT devices, and more. Use Silverfort integration to get & update Silverfort risk severity. This integration was integrated and tested with Silverfort version 2.12.

SilverFort

Whenever Cortex XSOAR runs an investigation that entails a suspicion of compromised user account it leverages Silverfort’s visibility to gain wider context of the investigated user account and applies Silverfort’s proactive protection capabilities such as requiring MFA or blocking access altogether as part of Cortex playbooks.

What does this pack do?

Mutual data enrichment on user’s risk and triggering protective actions:

  • Cortex XSOAR queries Silverfort whether an investigated user account is a service account or a human user
  • Cortex XSOAR queries Silverfort’s risk score for investigates user accounts
  • Cortex XSOAR actively updates users’ risk scores at Silverfort based on its automated investigation
  • Silverfort blocks user access to resources or requires MFA based on Cortex playbook

Add helpful, relevant links below

SilverFort

This pack includes Cortex XSIAM content.

Configuration on Server Side

You need to configure SilverFort Unified Identity Protection to forward Syslog messages in CEF format.

Go to Setting > General > Syslog Servers, and follow the instructions under Add Server IP to set up the connection using the following guidelines:

  1. Set the Server IP with your syslog server IP.
  2. Set the Syslog port to 514 or your agent port.
  3. Set the Protocol to TCP
  4. Set Info to send for: All Authentication.

Collect Events from Vendor

In order to use the collector, use the Broker VM option.

Broker VM

To create or configure the Broker VM, use the information described here.

You can configure the specific vendor and product for this instance.

  1. Navigate to SettingsConfigurationData BrokerBroker VMs.
  2. Go to the Apps column under the Brokers tab and add the Syslog Collector app for the relevant broker instance. If the app already exists, hover over it and click Configure.
  3. Click Add New for adding a new syslog data source.
  4. When configuring the new syslog data source, set the following values:
    | Parameter | Value
    | :--- | :---
    | Vendor | Enter Silverfort.
    | Product | Enter Admin_Console.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByPartner
CreatedJuly 22, 2020
Last ReleaseNovember 26, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.