Palo Alto Networks Cortex XSOAR Integration

Palo Alto Networks Cortex XSOAR Integration

September 9, 2021
Profile Icon

Jason Franscisco

The changing threat landscape in cybersecurity has highlighted the need for a platform that centralizes intelligence from various sources in order to perform an effective security operation and workflow. Cortex XSOAR combines both security orchestration and incident management. This helps security teams to reduce Mean Time to Detection (MTTD) and Mean Time to Respond (MTTR), maintain consistent incident management process and boost Security Operations Center (SOC) efficiency.

At Loginsoft, our engineers have built an integration with Cortex XSOAR for a leading Cyber Threat Intelligence source providing visibility into the origin of attacks. Fortune 500 companies use this exclusive data source to power their security and fraud investigation within their Cortex XSOAR instance. The integration runs with a set of commands which enables to execute as Playbooks or through API Calls in the War Room. The War Room is a collection of all investigation actions, artifacts, and collaboration pieces for an incident. It is a chronological journal of the incident investigation.

This integration helps Cortex XSOAR users to enrich IOCs such as Domains, URLs, Hashes, and IP Addresses in XSOAR platform. The integration also consists of pre-built Playbooks that collects and analyzes information, which can be used directly to simplify the Incident Investigation Process.

XSOAR Integration Features:

  • Manual and Automated Enrichment of IOC’s using commands in the War Room and in the Playbooks
  • Pre-Configured Playbook that could be used directly for the Incident Response Process
  • Fetch Threat Indicator Feed into XSOAR Platform

Key Benefits:

  • Access to Threat Intelligence dataset inside of Cortex XSOAR enrichment, automated investigations and visibility of origin of attacks
  • Automated Playbooks for enrichment of IOCs observables for Domains, URLs, Hashes and IP
  • Reduce reaction time to fetch Threat Intelligence source and analyze malicious attacks

Explore Cybersecurity Platforms

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros.

Learn more
white arrow pointing top right

About Loginsoft

For over 16 years, leading companies in Telecom, Cybersecurity, Healthcare, Banking, New Media and more have come to rely on Loginsoft as a trusted resource for technology talent. Whether Onsite, Offsite, or Offshore, we deliver.

Loginsoft is a leading Cybersecurity services company providing Security Advisory Research to generate metadata for vulnerabilities in Open source components, Discovering ZeroDay Vulnerabilities, Developing Vulnerability Detection signatures using MITRE OVAL Language.

Expertise in Integrations with Threat Intelligence and Security Products, integrated more than 200+ integrations with leading TIP, SIEM, SOAR and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar, IBM Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency APIs with Digital Exchange Platforms, CISCO, Datadog, Symantec, Carbonblack, F5, Fortinet and so on.

Interested to learn more? Let’s start a conversation.

Book a meeting


Latest Articles

Get practical solutions to real-world challenges, straight from experts who conquered them.

View all our articles

Sign up to our Newsletter