Skip to main content

Zero Trust Analytics Platform

Download With Dependencies

Provides view of raised alerts within ZTAP.

The backbone of highly effective managed detection and response (MDR) is the Zero Trust Analytics Platform (ZTAP) utilized by elite security analysts to resolve every alert.

What does this pack do?

This pack enables you to:

  • Sync and update escalated ZTAP alerts.
  • Respond to Critical Start analysts directly from the XSOAR platform.

This pack includes the integration, the ZTAP Alert incident type, and an incident layout that displays information.

Custom Classifier

If using a custom classifier the following fields are required for bidirectional sync

Input Field Output Field
xsoar_mirror_id dbotMirrorId
xsoar_mirror_direction dbotMirrorDirection
xsoar_mirror_instance dbotMirrorInstance
xsoar_mirror_last_sync dbotMirrorLastSync
xsoar_mirror_tags dbotMirrorTags

Custom Playbook

If using a custom playbook comments from before the alert was escalated will not be fetched.
In order to fetch them call ztap-get-alert-entries during initial processing.
Note that the escalation comment will be fetched during this step.

The backbone of highly effective managed detection and response (MDR) is the Zero Trust Analytics Platform (ZTAP) utilized by elite security analysts to resolve every alert.

What does this pack do?

This pack enables you to:

  • Sync and update escalated ZTAP alerts.
  • Respond to Critical Start analysts directly from the XSOAR platform.

This pack includes the integration, the ZTAP Alert incident type, and an incident layout that displays information.

Custom Classifier

If using a custom classifier the following fields are required for bidirectional sync

Input Field Output Field
xsoar_mirror_id dbotMirrorId
xsoar_mirror_direction dbotMirrorDirection
xsoar_mirror_instance dbotMirrorInstance
xsoar_mirror_last_sync dbotMirrorLastSync
xsoar_mirror_tags dbotMirrorTags

Custom Playbook

If using a custom playbook comments from before the alert was escalated will not be fetched.
In order to fetch them call ztap-get-alert-entries during initial processing.
Note that the escalation comment will be fetched during this step.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByPartner
CreatedNovember 10, 2021
Last ReleaseApril 7, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.