Palo Alto Networks Cortex XSOAR Integration

The changing threat landscape in cybersecurity has highlighted the need for a platform that centralizes intelligence from various sources in order to perform an effective security operation and workflow. Cortex XSOAR combines both security orchestration and incident management. This helps security teams to reduce Mean Time to Detection (MTTD) and Mean Time to Respond (MTTR), maintain consistent incident management process and boost Security Operations Center (SOC) efficiency.

At Loginsoft, our engineers have built an integration with Cortex XSOAR for a leading Cyber Threat Intelligence source providing visibility into the origin of attacks. Fortune 500 companies use this exclusive data source to power their security and fraud investigation within their Cortex XSOAR instance. The integration runs with a set of commands which enables to execute as Playbooks or through API Calls in the War Room. The War Room is a collection of all investigation actions, artifacts, and collaboration pieces for an incident. It is a chronological journal of the incident investigation.

This integration helps Cortex XSOAR users to enrich IOCs such as Domains, URLs, Hashes, and IP Addresses in XSOAR platform. The integration also consists of pre-built Playbooks that collects and analyzes information, which can be used directly to simplify the Incident Investigation Process.

XSOAR Integration Features:

• Manual and Automated Enrichment of IOC’s using commands in the War Room and in the Playbooks
• Pre-Configured Playbook that could be used directly for the Incident Response Process
• Fetch Threat Indicator Feed into XSOAR Platform

Key Benefits:

• Access to Threat Intelligence dataset inside of Cortex XSOAR enrichment, automated investigations and visibility of origin of attacks
• Automated Playbooks for enrichment of IOCs observables for Domains, URLs, Hashes and IP
• Reduce reaction time to fetch Threat Intelligence source and analyze malicious attacks

‍