ThreatZone Cortex XSOAR Integration Pack

Threat.Zone enrichments are adaptable and can seamlessly integrate into various playbooks, such as sandbox, static-scan, and CDR playbooks, along with incidents and related files marked as indicators for threat intelligence.

Supported commands

tz-check-limits
tz-sandbox-upload-sample
tz-static-upload-sample
tz-cdr-upload-sample
tz-get-result

Ready-to-Use Playbooks

Analyze File - Sandbox - ThreatZone
Analyze File - Static Scan - ThreatZone
Sanitize File - CDR - ThreatZone

ThreatZone Cortex XSIAM Integration Pack

Supported commands

tz-check-limits
tz-sandbox-upload-sample
tz-static-upload-sample
tz-cdr-upload-sample
tz-get-result

Ready-to-Use Playbooks

Analyze File - Sandbox - ThreatZone
Analyze File - Static Scan - ThreatZone
Sanitize File - CDR - ThreatZone

Integrations

Name	Description
ThreatZone (Partner Contribution)	ThreatZone malware analysis sandboxing.

Playbooks

Name	Description
Analyze File - Sandbox - ThreatZone	Analyzes one file using the ThreatZone sandbox integration. Returns relevant reports to the War Room and file reputations to the context data. Dynamic Scan Extensions: exe, docx, dochtml, docm, doc, rtf, ps1, bat, cmd, xlw, xltx, xltm, xls, xlsx, odc, csv, xlshtml.
Sanitize File - CDR - ThreatZone	Sanitize one file using the ThreatZone CDR integration. Returns relevant reports to the War Room and file reputations to the context data. CDR Scan Extensions: doc, docm, docx, dotm, ppt, pptm, pptx, xls, xlsm, pdf, odc, odt, ott, odp, otp, ods, ots, rtf, tiff, jpeg, png, gif, bmp, webp, jpx, svg, zip, xml, ics, html, lnk, xlsx.
Analyze File - Static Scan - ThreatZone	Analyzes one file using the ThreatZone static scan integration. Returns relevant reports to the War Room and file reputations to the context data. All file types are supported.

Integrations

Name	Description
ThreatZone (Partner Contribution)	ThreatZone malware analysis sandboxing.

Playbooks

Name	Description
Analyze File - Static Scan - ThreatZone	Analyzes one file using the ThreatZone static scan integration. Returns relevant reports to the War Room and file reputations to the context data. All file types are supported.
Analyze File - Sandbox - ThreatZone	Analyzes one file using the ThreatZone sandbox integration. Returns relevant reports to the War Room and file reputations to the context data. Dynamic Scan Extensions: exe, docx, dochtml, docm, doc, rtf, ps1, bat, cmd, xlw, xltx, xltm, xls, xlsx, odc, csv, xlshtml.
Sanitize File - CDR - ThreatZone	Sanitize one file using the ThreatZone CDR integration. Returns relevant reports to the War Room and file reputations to the context data. CDR Scan Extensions: doc, docm, docx, dotm, ppt, pptm, pptx, xls, xlsm, pdf, odc, odt, ott, odp, otp, ods, ots, rtf, tiff, jpeg, png, gif, bmp, webp, jpx, svg, zip, xml, ics, html, lnk, xlsx.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (6)

Pack Name	Pack By
Rasterize	By: Cortex XSOAR
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

1.0.3 - R1070867 (June 5, 2024)

Integrations

ThreatZone

Fixed an issue in Base pack (Version 1.33.52) so now ThreatZone will correctly input email addresses into context under Account.Email and not under Email.

Related pull requests:
- 34684
- 33924

Download

1.0.2 - 998827 (May 6, 2024)

Integrations

ThreatZone

Private submission and extension check options added for tz-cdr-upload-sample and tz-cdr-upload-sample commands. Bugs fixed.
Submission URL removed from tz-sandbox-upload-sample, tz-static-upload-sample, tz-cdr-upload-sample and tz-get-result command outputs.

Related pull requests:
- 34200
- 34088

Download

1.0.1 - 927547 (April 1, 2024)

Integrations

ThreatZone

Updated the tz-get-sanitized command to return sanitized file as zip.
Updated the Docker image to: demisto/python3:3.10.13.89009.

Related pull requests:
- 33470
- 33658

Download

1.0.0 - 6910634 (October 23, 2023)

ThreatZone malware analysis sandboxing

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Partner
Created	October 23, 2023
Last Release	June 5, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.