Cortex XSOAR Articles
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title:   GoogleThreatIntelligence Analyze suspicious hashes, URLs, domains, and IP addresses.   GitHub Feed A feed to ingest indicators of compromise from Github repositories. The feed supports general extraction of IOCs, extracting from STIX data format and parsing of YARA Rules out of the box.    SaaS Security by Palo Alto Networks SaaS Security connects directly to your sanctioned SaaS applications to provide data classification, sharing and permission visibility, and threat detection.   CSCDomainManager CSCDomainManager is the world's first multilingual domain management tool, available in English, French, and German. It uses rules-based technology, customizable reporting, granular user management, and more to enable you to manage your domain.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR     
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title:   Suspicious Domain Hunting This pack provides all the necessary tools for the Suspicious Domain Hunting use case. It uses the CertStream integration to ingest new SSL certificates and alert for type-squatting.   NVD Feed 2.0 CVE feed from the National Vulnerability Database.   Gem Integrate with Gem to use alerts as a trigger for Cortex XSOAR’s custom playbooks, and automate response to specific TTPs and scenarios.   Check Point Infinity NDR Collect network security events from Check Point Infinity NDR for your secured SaaS periodically.   Ollama Get up and running with large language models locally.   Zoom Mail Use the Zoom Mail integration manage your ZMail.   Exabeam Security Operations Platform Exabeam Security Operations Platform.   ExabeamDataLake Exabeam Data Lake provides a highly scalable, cost-effective, and searchable log management system. Data Lake is used for log collection, storage, processing, and presentation.   Stellar Cyber Integration to retrieve and update cases from the Stellar Cyber platform.   Claroty xDome Use xDome to manage assets and alerts.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR       
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: AWS - EKS The AWS EKS integration allows for the management and operation of Amazon Elastic Kubernetes Service (EKS) clusters.   Palo Alto Networks AIOps Best Practice Assessment (BPA) analyzes NGFW and Panorama configurations.   SafeBreach - Breach and Attack Simulation platform Breach and Attack Simulation platform.   CertStream Gets a stream of newly created certificates from Certificate Transparency (https://certificate.transparency.dev/).   Google Chat via Webhook Test Contribution branch 'master'. Invoked from the script.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title:   AWS - Security Lake Amazon Security Lake is a fully managed security data lake service.   CTM360 CyberBlindspot Take action on incidents derived from threat intelligence that is directly linked to your organization.   IRIS DFIR IRIS is a collaborative platform aiming to help incident responders to share technical details during investigations.   Ivanti Critical Vulnerabilities This pack handles CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893 - Ivanti critical vulnerabilities.   MetaDefender Sandbox Unique adaptive threat analysis technology.   Generic Webhook (Form Data) A version of the Generic Webhook integration that accepts a form data body. Note: raw_json field is required.   AWS-SNS-Listener A long running AWS SNS Listener service that can subscribe to an SNS topic and create incidents from the messages received.   SpyCloud Enterprise Protection Create breach and malware incidents in Cortex® XSOAR™ using the SpyCloud Enterprise Protection API. Provide enrichment for domains, IPs, emails, usernames, and passwords.   GreyNoise Indicator Feed This content pack fetches IPv4 Internet Scanner indicators from GreyNoise.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site!   Cortex XSOAR     
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title:   Fortimail FortiMail is a comprehensive email security solution by Fortinet, offering advanced threat protection, data loss prevention, encryption, and email authentication.    Brandefense Branddefense is looking for data for each brand and collecting information and alarming the related brand about dark web findings.    Varonis SaaS Streamline alerts, events, and related forensic information from Varonis SaaS.      To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
New Content Packs Release Capture The Flag - 01 This game pack enables you to get familiar with XSOAR 8.    Capture The Flag - 02 This playbook pack focuses on investigations and enables you to get familiar with XSOAR 8.    Netcraft Netcraft takedown, submission, and screenshot management.   Ataya Integrate with Ataya Harmony to manage the 5G UE session   Github Maltrail Feed Maltrail is a malicious traffic detection system that utilizes publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails.   Proactive Threat Hunting The XSOAR Threat Hunting Pack enhances analyst capabilities by leveraging threat intelligence to uncover previously undetected threats and empowering proactive identification.   GreyNoise Premium GreyNoise is a threat intelligence service that collects and analyzes Internet-wide scan and attack traffic.   Vectra XDR Vectra XDR pack empowers the SOC to create incidents using Vectra AI's Attack Signal Intelligence.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site!   Cortex XSOAR   
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: AWS Systems Manager AWS Systems Manager is the operations hub for your AWS applications and resources and a secure end-to-end management solution for hybrid cloud environments   XSOAR Engineer Training XSOAR Engineer Training (XET) Pack, this pack contains content utilized to train you on how to be an XSOAR Engineer - Don't miss out on the Engineering Training Video Series!   AWS - IAM Identity Center With AWS IAM Identity Center (successor to AWS Single Sign-On), you can manage sign-in security for your workforce identities, also known as workforce users   PAT Helpdesk Advanced Manage helpdesk requests and tickets with PAT Helpdesk Advanced   Polar Security IBM company is an innovator in technology that helps companies discover, continuously monitor and secure cloud and software-as-a-service (SaaS) application data   Feedly Import Articles from Feedly with enriched IOCs   ThreatZone Threat.Zone enrichments are adaptable and can seamlessly integrate into various playbooks   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: Stamus Stamus Security Platform.   Rapid7 - AppSec Rapid7 AppSec content pack is designed to help users manage application vulnerabilities and scans.   Roksit DNS Security This integration provides adding selected domains to the Roksit Secure DNS's Blacklisted Domain List through API .   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: Discord Send Messages to your Discord server   Commvault Security IQ Commvault Security IQ provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and more   OpenCVE Ingests CVEs from OpenCVE   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
New Content Packs Release Use Case Builder To streamline the Use Case Design process and provide tools to help you get into production faster!   Oracle Cloud Infrastructure Feed This feed provides information about public IP address ranges for services that are deployed in Oracle Cloud Infrastructure.   Cloud Incident Response This content Pack helps you automate collection, investigation, and remediation of incidents related to cloud infrastructure activities in AWS, Azure, and GCP.   DomainToolsIrisDetect Iris Detect protects against malicious domains impersonating your brands and domains   Traceable Traceable AI API Security Platform Integration   Cloaked Ursa Diplomatic Phishing Campaign This pack detects and responds to the Cloaked Ursa Diplomatic Phishing Campaign   StringSifter StringSifter is a machine-learning tool that automatically ranks strings based on their relevance for malware analysis.   CheckPointHEC The Best Way to Protect Enterprise Email & Collaboration from phishing, malware, account takeover, data loss, etc.   Forcepoint Security Management Center Forcepoint SMC provides unified, centralized management of all models of Forcepoint engines, whether physical, virtual, or cloud.   CVE-2023-36884 - Microsoft Office and Windows HTML RCE This pack handles CVE-2023-36884 - Microsoft Office and Windows HTML RCE vulnerability.   ClickSend Make voice calls from XSOAR.   Getting Started with XSOAR This wizard is designed to provide a step-by-step walkthrough on getting started with XSOAR.     To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
New Content Packs Release CVE-2023-34362 - MOVEit Transfer SQL Injection This pack handles MOVEit Transfer SQL Injection CVE-2023-34362 vulnerability   Resecurity This package allows retrieving digital assets monitoring results from the defined monitoring tasks   Google Vertex AI Fine-tuned to conduct a natural conversation. Using Google Vertex Ai (PaLM API for Chat) The current integration of Google Vertex Ai is focusing only on the Generative AI model (PaLM) using the Chat prediction   Free Enrichers This content Pack helps set up free enrichers (Plug & Enrich, Free with sign-up) available for TIM   Zero Day Live TI FUSION Feed Zero Day Live is Blackwired’s flagship product that delivers proprietary, holistic, high confidence, and precision intelligence data points on Adversaries’ malicious intent   Mandiant Advantage Attack Surface Management Centralize and manage remediation efforts for security issues identified from the external attack surface   CybleEventsV2 Cyble Events for Vision Users. Must have Vision API access to use the threat intelligence   FullHunt Integration with FullHunt, the attack surface database of the internet. FullHunt enables companies to discover all of their attack surfaces, monitor them for exposure, and scan them   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site!
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title:   ForcepointDLP Forcepoint DLP event collector   Free Feeds This content Pack helps set up free feeds (Plug & Fetch, Free with signup and Generic) available for TIM   Mandiant Advantage Threat Intelligence Integrate your Mandiant Advantage Threat Intelligence data with Cortex XSOAR   Google Cloud LoggingGoogle Cloud Logging is a managed logging solution provided by Google Cloud Platform (GCP) that allows users to collect, store, search, analyze, and monitor logs    WALLIX Bastion Integrations for WALLIX Bastion appliances   Post Quantum Crypto Hunting by Palo Alto Networks Search for the use of Post Quantum Crypo (PQC) on your network with PAN-OS Vulnerability Signatures using XSOAR.   Datadog Cloud SIEM Datadog is an observability service for cloud-scale applications, providing monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform   Dataminr Pulse Dataminr Pulse's AI-powered, real-time intelligence integrates into Cortex XSOAR workflows for faster detection and response   LOLBAS Feed "Living off the land binaries" is a term used to describe malware or hacking techniques that take advantage of legitimate tools   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: 3CXDesktopApp Supply Chain Attack This pack handles 3CXDesktopApp Supply Chain Attack investigation and response   EDL Monitor This content pack can monitor EDL contents by emailing the content of an EDL as a zipped file to a specified user at an interval    Freshworks Freshservice Freshservice is a service management solution that allows customers to manage service requests, incidents, change requests tasks, and problem investigation   Password Reset via Chatbot Automates the process of resetting user passwords through a Slack or Teams message request to a chatbot   OPSWAT Filescan Unique adaptive threat analysis technology   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site!  Cortex XSOAR 
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title:   Infoblox BloxOne Infoblox BloxOne   SymantecEDR Symantec EDR On-prem helps to detect threats on your network by filtering endpoints data to find Indicators of Compromise (IoCs) and take actions to remediate the threat(s)   XSOAR File Management This pack let user manipulate file inside XSOAR more easily than with the builtin functions.   Fortanix DSM Manage Secrets and Protect Confidential Data using Fortanix Data Security Manager (Fortanix DSM)   Zerohack XDR Zerohack XDR detects threats operating inside a network by scanning the network and gives insights into a network by using Machine Learning and Deep Learning.   CVE-2023-23397 - Microsoft Outlook EoP By: Cortex XSOARThis pack handles Microsoft Outlook EoP CVE-2023-23397 vulnerability.   Microsoft Graph Search Use the Microsoft Search API in Microsoft Graph to search content stored in OneDrive or SharePoint: files, folders, lists, list items, or sites.   Simple Debugger This content pack provides a simple debugger for debugging custom python automation in XSOAR.   You can visually trace code execution, set breakpoints, step through the code, and more.    AWS WAF Amazon Web Services Web Application Firewall   RDPCacheHunting Investigates the RDP bitmap Cache files   KMSAT KMSAT Integration   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site!  Cortex XSOAR 
View full article
New Content Packs Release For more info on use cases, integrations and related documentation click on the Pack title:   Cortex Xpanse Content for working with Attack Surface Management (ASM).   FortinetFortiwebVM Fortiweb VM integration allows to manage WAF policies and block cookies, URLs, and hostnames.   DeCYFIR By: CyfirmaDeCYFIR API's provides External Threat Landscape Management insights   Neosec Utilize Neosec behavioral analytics to protect your API estate from OWSP top 10 vulnerabilities and suspicious user behavior.   Content Testing By: rurhrlaubSupports assessment of upgraded Marketplace content packs against custom content and enables content testing within XSOAR.   Dynamically select and test automation, playbooks, and more.   XSOAR Summary Dashboard Dashboard that shows overall platform performance as well as support links and cheat sheets for reference. The dashboard also pulls the most recent XSOAR live community blog posts.   RunZero RunZero a network discovery and asset inventory solution.   Microsoft Exchange On-Premise Exchange Web Services   Microsoft Exchange Online Exchange Online and Office 365 (mail)   QutteraWebsiteMalwareScanner Detect suspicious/malicious/blocklisted content on domains/URLs. Run real-time normal/heuristic scan and database queries.   GZip Use this pack to zip and unzip files with GZip.   SSL Certificates SSL Certificate Content Pack for performing SSL Certificate validation.   Lumu SecOps operation, reflect and manage the Lumu Incidents either from XSOAR Cortex or viceversa using the mirroring integration flow.   PicusNGAutomation Run commands on Picus NG and automate security validation with playbooks.    Reco Reco - detects and protects against sensitive data leakage.   Rapid7 InsightVM Cloud VM is a Vulnerability Management Tool which Scan your Network, Eliminate Vulnerabilities, Track and Communicate progress.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site!  Cortex XSOAR     
View full article
  New Content Packs Release   MITRE ATT&CK - Courses of Action Looking for actionable intelligence? This intelligence-driven Pack provides manual or automated remediation of MITRE ATT&CK techniques.   GreyNoise Premium GreyNoise is a threat intelligence service that collects and analyzes Internet-wide scan and attack traffic.   MicrosoftGraphTeams O365 Teams (Using Graph API) gives you authorized access to a user’s Teams enabling you to facilitate communication through teams.   Community Common Scripts A pack that contains community scripts   Web File Repository Simple web server with a file uploading console to store small files.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site!  Cortex XSOAR       
View full article
New Content Packs Release   Azure Enrichment and Remediation Playbooks using multiple Azure content packs for enrichment and remediation purposes   CiscoSMA The Security Management Appliance (SMA) is used to centralize services from Email Security Appliances (ESAs) and Web Security Appliances (WSAs).   GCP Enrichment and Remediation Playbooks using multiple GCP content packs for enrichment and remediation purposes.   AppNovi Search your combined security data in appNovi via simplified search or search via the appNovi security graph.   CrowdSec Enrich the data you have on your threats with the most advanced real-world CTI.   LastInfoSec This integration allows to interact with the LastInfoSec API.   Illumio Rapid Ransomware Containment Provides integrations and playbooks to interact with Illumio Core APIs and automate network security tasks.   OpenAI The OpenAI API can be applied to virtually any task that involves understanding or generating natural language or code.   Uncover Unknown Malware Using SSDeep Leverages SSDeep hashes to find similarities between indicators and incidents.   XSOAR EDL Checker Checks EDLs hosted by the XSOAR server to ensure they are functioning.   CVE-2022-41040 & CVE-2022-41082 - ProxyNotShell This pack handles Microsoft Exchange SSRF CVE-2022-41040 & RCE CVE-2022-41082 vulnerabilities, aka ProxyNotShell, a 0-day exploits in Microsoft Exchange Servers.     To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site!  Cortex XSOAR 
View full article
New XSOAR Content packs released on Sep '22    Check Point Dome9 (CloudGuard) Dome9 integration allows us to easily manage the security and compliance of the public cloud.   Recorded Future ASI Helps you take risk prioritization to the next level by helping you identify the biggest weaknesses within your attack surface.   RetrievePlaybooksAndIntegrations Retrieves all Playbook (and Sub-Playbook) Names and Integrations for a provided Playbook Name.   XDR Best Practice Assessment This content pack includes an incident type, custom fields, layout, and playbook to facilitate an XDR Best Practice Assessment for an existing deployment of Palo Alto Networks.   Xsoar-web-server Contains a minimal webserver and automation that can be used to generate predictable URLs that can be inserted into emails and the responses can be tracked.    SecneurX Analysis Fully automated malware dynamic analysis sandboxing.   Carbon Black Common Fields Carbon Black common fields concentrate all of the mutual content entities for the Carbon Black integrations.   Skyhigh Security SSE Skyhigh Security is a cloud-based, multi-tenant service that enables Cloud Discovery and Risk Monitoring, Cloud Usage Analytics, and Cloud Access, and Control.   Exterro/AccessData Use the Exterro package to integrate with the Exterro FTK Suite, enabling the playbook automation of incident response workflows upon detection of a possible threat.    Keeper Secrets Manager Use Secrets Manager to manage secrets and protect sensitive data through Keeper Vault.     To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site!  Cortex XSOAR   
View full article
  • 75 Posts
  • 350 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Top Contributors
Top Liked Posts in LIVEcommunity Article
Top Liked Authors