ThreatZone Cortex XSOAR Integration Pack

Threat.Zone enrichments are adaptable and can seamlessly integrate into various playbooks, such as sandbox, static-scan, and CDR playbooks, along with incidents and related files marked as indicators for threat intelligence.

Supported commands

tz-check-limits
tz-sandbox-upload-sample
tz-static-upload-sample
tz-cdr-upload-sample
tz-get-result

Ready-to-Use Playbooks

Analyze File - Sandbox - ThreatZone
Analyze File - Static Scan - ThreatZone
Sanitize File - CDR - ThreatZone

ThreatZone Cortex XSIAM Integration Pack

Supported commands

tz-check-limits
tz-sandbox-upload-sample
tz-static-upload-sample
tz-cdr-upload-sample
tz-get-result

Ready-to-Use Playbooks

Analyze File - Sandbox - ThreatZone
Analyze File - Static Scan - ThreatZone
Sanitize File - CDR - ThreatZone

Integrations

Name	Description
ThreatZone (Partner Contribution)	ThreatZone malware analysis sandboxing.

Playbooks

Name	Description
Analyze File - Sandbox - ThreatZone	Analyzes one file using the ThreatZone sandbox integration. Returns relevant reports to the War Room and file reputations to the context data. Dynamic Scan Extensions: exe, docx, dochtml, docm, doc, rtf, ps1, bat, cmd, xlw, xltx, xltm, xls, xlsx, odc, csv, xlshtml.
Analyze File - Static Scan - ThreatZone	Analyzes one file using the ThreatZone static scan integration. Returns relevant reports to the War Room and file reputations to the context data. All file types are supported.
Sanitize File - CDR - ThreatZone	Sanitize one file using the ThreatZone CDR integration. Returns relevant reports to the War Room and file reputations to the context data. CDR Scan Extensions: doc, docm, docx, dotm, ppt, pptm, pptx, xls, xlsm, pdf, odc, odt, ott, odp, otp, ods, ots, rtf, tiff, jpeg, png, gif, bmp, webp, jpx, svg, zip, xml, ics, html, lnk, xlsx.

Integrations

Name	Description
ThreatZone (Partner Contribution)	ThreatZone malware analysis sandboxing.

Playbooks

Name	Description
Analyze File - Sandbox - ThreatZone	Analyzes one file using the ThreatZone sandbox integration. Returns relevant reports to the War Room and file reputations to the context data. Dynamic Scan Extensions: exe, docx, dochtml, docm, doc, rtf, ps1, bat, cmd, xlw, xltx, xltm, xls, xlsx, odc, csv, xlshtml.
Analyze File - Static Scan - ThreatZone	Analyzes one file using the ThreatZone static scan integration. Returns relevant reports to the War Room and file reputations to the context data. All file types are supported.
Sanitize File - CDR - ThreatZone	Sanitize one file using the ThreatZone CDR integration. Returns relevant reports to the War Room and file reputations to the context data. CDR Scan Extensions: doc, docm, docx, dotm, ppt, pptm, pptx, xls, xlsm, pdf, odc, odt, ott, odp, otp, ods, ots, rtf, tiff, jpeg, png, gif, bmp, webp, jpx, svg, zip, xml, ics, html, lnk, xlsx.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (6)

Pack Name	Pack By
Rasterize	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

PUBLISHER

Malwation

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	October 23, 2023
Last Release	April 1, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.