Cortex XSOAR Articles
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
 November 2023 UPCOMING EVENTS Customer Success Webinar:   Streamline Your Security Operations with XSOAR Playbooks  Join us on Nov 15th for a deep-dive session on the Enterprise DLP and Prisma Cloud VM Alert Playbooks.  >> Register here   CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about.  >>   Fill out the form      Recent CS Webinar Watch the latest webinar about this  common  Microsoft integration:  O365 Integration with Cortex XSOAR  Watch More     New How-to Videos  Watch our newly updated, extensive XSOAR 8 video series here:  XSOAR 8 Engineering Training  Remember to check out our XSOAR 8 onboarding videos:   Getting Started with XSOAR 8 View More     XSOAR PRODUCT UPDATES XSOAR 8 Pre-Migration Questionnaire  Calling hosted Cortex XSOAR 6.X customers! If you haven't filled out the Pre-Migration questionnaire yet, we would like to remind you to do so as soon as possible to help us better plan your migration process. Submit Now   Playbook of the Week Blogs We rolled out a few playbooks to help you detect malicious activity that might fly under the radar, from cloud token thefts to   RDP cache hunting packs   in our   Playbook of the Week blog series.  Want to be notified of new posts? Make sure to subscribe to Security Operations Blogs Identity Threat Intelligence What's New in XSOAR 8.4   Read All   Cortex XSOAR Content Release - Oct 2023 Learn about newly released content packs: AWS system manager, Engineer Training, and more. >>  Read more Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >>  Marketplace site   XSOAR Product  Release Notes  Cortex XSOAR Feature Release Notes >>   Documentation Help Center Cortex XSOAR Version Release Announcements >>   LIVEcommunity    
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: AWS Systems Manager AWS Systems Manager is the operations hub for your AWS applications and resources and a secure end-to-end management solution for hybrid cloud environments   XSOAR Engineer Training XSOAR Engineer Training (XET) Pack, this pack contains content utilized to train you on how to be an XSOAR Engineer - Don't miss out on the Engineering Training Video Series!   AWS - IAM Identity Center With AWS IAM Identity Center (successor to AWS Single Sign-On), you can manage sign-in security for your workforce identities, also known as workforce users   PAT Helpdesk Advanced Manage helpdesk requests and tickets with PAT Helpdesk Advanced   Polar Security IBM company is an innovator in technology that helps companies discover, continuously monitor and secure cloud and software-as-a-service (SaaS) application data   Feedly Import Articles from Feedly with enriched IOCs   ThreatZone Threat.Zone enrichments are adaptable and can seamlessly integrate into various playbooks   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
October 2023   UPCOMING EVENTS Customer Success Webinar:   XSOAR Integration with O365 Join us on Oct 18th to dive into O365 integration with XSOAR. Discover practical use cases, including quarantining emails and executing search and delete tasks within Microsoft O365.  >>  Register here   CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about.  >>   Fill out the form      Recent CS Webinars Watch our recent webinar and learn how to leverage IAM Playbooks and create custom dashboards :  IAM Playbooks Webinar Part 2 .   To watch the full series, click here:  IAM Playbooks webinar Part 1   If you missed the interesting session on how attackers are leveraging AI in their campaigns, hosted by   Brian Krebs and Devin Johnstone, you can review the recording here:  The Dark Side of AI and Automation  Watch More   New How-to Videos  Watch the latest videos to master your Cortex XSOAR experience:  XSOAR 8: Microsoft Integration & Authentication  Cortex XSOAR Training: Integration Configuration Cortex XSOAR Training:  Incident & Object Indicators View More   Latest Security Blogs & Articles   R ead the blog to learn how  Only Cortex Delivers 100% Protection and Detection in Mitre Engenuity . Learn how to leverage Yara Rules in Cortex portfolio:   Execute Yara Rules Using Cortex   Dive into the latest insights on emerging cyber threats and vulnerabilities gathered from extensive exposure and threat data collected over 12 months with Cortex Xpanse:  Attack Surface Threat Report Read this whitepaper and catch up on  Cybersecurity Transformation in Healthcare . Palo Alto Networks was named as a LEADER in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report. Read the  report:   Zero Trust Platform Provides Read More   XSOAR PRODUCT UPDATES XSOAR 8 Pre-Migration Questionnaire  Calling hosted Cortex XSOAR 6.X customers! If you haven't filled out the Pre-Migration questionnaire yet, we would like to remind you to do so as soon as possible to help us better plan your migration process. Submit Now   Playbook of the Week Blogs We rolled out a few playbooks to help you detect malicious activity that might fly under the radar, from cloud token thefts to RDP cache hunting packs in our Playbook of the Week blog series. Want to be notified of new posts? Make sure to subscribe to Security Operations Blogs Cloud Token Theft Response Uncover Your RDP Secrets Automating DLP Incident Feedback   Read All   Cortex XSOAR Content Release  - Sep 2023 Learn about newly released content packs: Rapid7 AppSec,Roksit DNS Security,and more. >>  Read more Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >>  Marketplace site XSOAR Product  Release Notes  Cortex XSOAR Feature Release Notes >>   Documentation Help Center Cortex XSOAR Version Release Announcements >>   LIVEcommunity  
View full article
Attack surfaces are expanding in complexity due to growing cloud services and edge-computing adoption. To review the interesting session on how attackers are leveraging AI in their campaigns, hosted by the Brian Krebs and Devin Johnstone, you can catch the recording here.  Read the full report:  “2023 Unit 42 Attack Surface Threat Report.”   
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: Stamus Stamus Security Platform.   Rapid7 - AppSec Rapid7 AppSec content pack is designed to help users manage application vulnerabilities and scans.   Roksit DNS Security This integration provides adding selected domains to the Roksit Secure DNS's Blacklisted Domain List through API .   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
Getting prepared for XSOAR 8 migration can be challenging! The Cortex XSOAR team worked hard to cover everything you need to know to plan ahead for the migration. 
View full article
September 2023   UPCOMING EVENTS Customer Success Webinar: IAM Playbook Part 2 Join us on  Sep 20th  to learn about  IAM-related playbooks, dashboards, and workflows designed to improve your organization's security posture through Cortex XSOAR automation with Identity and Access Management.   We recommend reviewing the   IAM Playbooks webinar Part 1   prior to this webinar. >>  Register here   CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about.  >>   Fill out the form  Recent CS Webinar Watch our recent webinar to learn about the latest enhancements in the  Default Pack   for  XSOAR 8.2 onward.   Watch More   New How-to Videos Watch these videos to learn how to get started with Cortex XSOAR 8: Overview & Activating XSOAR 8 Tenants User Authentication - Roles - User Groups     SAML SSO View More   Latest Security Blogs & Articles Learn how to   Retrieve a CSV file .  Read this blog and start leveraging the  Generic Webhooks  to push events into XSOAR.  Everything you need to know about the XSOAR 8 Migration is waiting for you in our new  Cortex XSOAR 8 Migration Guide .  Read More   Technical Courses Check out the latest digital learning technical course: Cortex XSOAR Engineer: Working with Lists    Explore More   XSOAR PRODUCT UPDATES Introducing New Playbooks The  DNS Sinkhole Playbook  addresses the challenge of identifying compromised hosts in a network by creating a controlled DNS redirection system. The problem lies in tracing back malicious DNS queries to their originating infected hosts, as the original source IP is lost when routed through an internal DNS server. The solution involves configuring a PAN-OS firewall to sinkhole DNS requests from internal DNS servers to a controlled address, enabling threat logs to report malicious queries from the internal server. Read more >>  Configure DNS Sinkhole   The   Cloud Token Theft Response   playbook (part of the   Cloud Incident Response   content pack) provides an automated flow for collecting, analyzing, and responding to anomalous token usage activity.     Playbook of the Week Blogs Are you spending a lot of time managing incident tickets, password reset requests, and suspicious SSO alerts? Consider "outsourcing" a lot of these repetitive tasks to automation. Read about these automation hacks (and more) in our Playbook of the Week blog series Cortex XSOAR Content Release - Aug 23'  Learn about newly released content packs: Discord, Commvault Security IQ, and more. >>  Read more   Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >>  Marketplace site   XSOAR Product  Release Notes  Cortex XSOAR Feature Release Notes >>   Documentation Help Center Cortex XSOAR Version Release Announcements >>   LIVEcommunity
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: Discord Send Messages to your Discord server   Commvault Security IQ Commvault Security IQ provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and more   OpenCVE Ingests CVEs from OpenCVE   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
The Common Vulnerabilities and Exposures (CVE) repository is designed to provide a reference for a publicly known information security vulnerability.   
View full article
New Content Packs Release Use Case Builder To streamline the Use Case Design process and provide tools to help you get into production faster!   Oracle Cloud Infrastructure Feed This feed provides information about public IP address ranges for services that are deployed in Oracle Cloud Infrastructure.   Cloud Incident Response This content Pack helps you automate collection, investigation, and remediation of incidents related to cloud infrastructure activities in AWS, Azure, and GCP.   DomainToolsIrisDetect Iris Detect protects against malicious domains impersonating your brands and domains   Traceable Traceable AI API Security Platform Integration   Cloaked Ursa Diplomatic Phishing Campaign This pack detects and responds to the Cloaked Ursa Diplomatic Phishing Campaign   StringSifter StringSifter is a machine-learning tool that automatically ranks strings based on their relevance for malware analysis.   CheckPointHEC The Best Way to Protect Enterprise Email & Collaboration from phishing, malware, account takeover, data loss, etc.   Forcepoint Security Management Center Forcepoint SMC provides unified, centralized management of all models of Forcepoint engines, whether physical, virtual, or cloud.   CVE-2023-36884 - Microsoft Office and Windows HTML RCE This pack handles CVE-2023-36884 - Microsoft Office and Windows HTML RCE vulnerability.   ClickSend Make voice calls from XSOAR.   Getting Started with XSOAR This wizard is designed to provide a step-by-step walkthrough on getting started with XSOAR.     To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
New Content Packs Release CVE-2023-34362 - MOVEit Transfer SQL Injection This pack handles MOVEit Transfer SQL Injection CVE-2023-34362 vulnerability   Resecurity This package allows retrieving digital assets monitoring results from the defined monitoring tasks   Google Vertex AI Fine-tuned to conduct a natural conversation. Using Google Vertex Ai (PaLM API for Chat) The current integration of Google Vertex Ai is focusing only on the Generative AI model (PaLM) using the Chat prediction   Free Enrichers This content Pack helps set up free enrichers (Plug & Enrich, Free with sign-up) available for TIM   Zero Day Live TI FUSION Feed Zero Day Live is Blackwired’s flagship product that delivers proprietary, holistic, high confidence, and precision intelligence data points on Adversaries’ malicious intent   Mandiant Advantage Attack Surface Management Centralize and manage remediation efforts for security issues identified from the external attack surface   CybleEventsV2 Cyble Events for Vision Users. Must have Vision API access to use the threat intelligence   FullHunt Integration with FullHunt, the attack surface database of the internet. FullHunt enables companies to discover all of their attack surfaces, monitor them for exposure, and scan them   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site!
View full article
In today’s security landscape, there are three important players - threat actors with the intent, capability and opportunity to cause widescale disruption to business functions, defenders working to undermine attacks and safeguarding these business functions and assets, and people, who ultimately become privy to collateral damage as a result of compromises in security and privacy.    
View full article
Defining security requirements, automating security workflows, and defining security use cases
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title:   ForcepointDLP Forcepoint DLP event collector   Free Feeds This content Pack helps set up free feeds (Plug & Fetch, Free with signup and Generic) available for TIM   Mandiant Advantage Threat Intelligence Integrate your Mandiant Advantage Threat Intelligence data with Cortex XSOAR   Google Cloud LoggingGoogle Cloud Logging is a managed logging solution provided by Google Cloud Platform (GCP) that allows users to collect, store, search, analyze, and monitor logs    WALLIX Bastion Integrations for WALLIX Bastion appliances   Post Quantum Crypto Hunting by Palo Alto Networks Search for the use of Post Quantum Crypo (PQC) on your network with PAN-OS Vulnerability Signatures using XSOAR.   Datadog Cloud SIEM Datadog is an observability service for cloud-scale applications, providing monitoring of servers, databases, tools, and services, through a SaaS-based data analytics platform   Dataminr Pulse Dataminr Pulse's AI-powered, real-time intelligence integrates into Cortex XSOAR workflows for faster detection and response   LOLBAS Feed "Living off the land binaries" is a term used to describe malware or hacking techniques that take advantage of legitimate tools   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
This document provides a template for defining a use case to be implemented in XSOAR TIM. The Use Case is defined by the process, logic, and tasks that are being done as part of the Threat Intelligence Lifecycle. The TIM UCD template can be reviewed and downloaded HERE.    Have a question? Post it on the Discussion Forum  Cortex XSOAR 
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: 3CXDesktopApp Supply Chain Attack This pack handles 3CXDesktopApp Supply Chain Attack investigation and response   EDL Monitor This content pack can monitor EDL contents by emailing the content of an EDL as a zipped file to a specified user at an interval    Freshworks Freshservice Freshservice is a service management solution that allows customers to manage service requests, incidents, change requests tasks, and problem investigation   Password Reset via Chatbot Automates the process of resetting user passwords through a Slack or Teams message request to a chatbot   OPSWAT Filescan Unique adaptive threat analysis technology   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site!  Cortex XSOAR 
View full article
Python Development Quick Start   The Marketplace content packs provide out-of-the-box (OOTB) integrations and playbooks supported by a common base of commands and automation scripts. While automations support JavaScript and PowerShell, the most comprehensive support is for Python-based development.  This guide was created to help you kick-start your automation process using Python.  Click here to read the complete guide: Cortex XSOAR Python Development Quick Start Guide   Have a question? Post it on the Discussion Forum  Cortex XSOAR       
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title:   Infoblox BloxOne Infoblox BloxOne   SymantecEDR Symantec EDR On-prem helps to detect threats on your network by filtering endpoints data to find Indicators of Compromise (IoCs) and take actions to remediate the threat(s)   XSOAR File Management This pack let user manipulate file inside XSOAR more easily than with the builtin functions.   Fortanix DSM Manage Secrets and Protect Confidential Data using Fortanix Data Security Manager (Fortanix DSM)   Zerohack XDR Zerohack XDR detects threats operating inside a network by scanning the network and gives insights into a network by using Machine Learning and Deep Learning.   CVE-2023-23397 - Microsoft Outlook EoP By: Cortex XSOARThis pack handles Microsoft Outlook EoP CVE-2023-23397 vulnerability.   Microsoft Graph Search Use the Microsoft Search API in Microsoft Graph to search content stored in OneDrive or SharePoint: files, folders, lists, list items, or sites.   Simple Debugger This content pack provides a simple debugger for debugging custom python automation in XSOAR.   You can visually trace code execution, set breakpoints, step through the code, and more.    AWS WAF Amazon Web Services Web Application Firewall   RDPCacheHunting Investigates the RDP bitmap Cache files   KMSAT KMSAT Integration   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site!  Cortex XSOAR 
View full article
Check out our new XSOAR Playbook Design Guide . This detailed manual is designed to inform playbook creators on best practices for creating stable playbooks and a foundational pipeline from development to production.   Have a question? Post it on our Discussions Page Cortex XSOAR 
View full article
New Content Packs Release For more info on use cases, integrations and related documentation click on the Pack title:   Cortex Xpanse Content for working with Attack Surface Management (ASM).   FortinetFortiwebVM Fortiweb VM integration allows to manage WAF policies and block cookies, URLs, and hostnames.   DeCYFIR By: CyfirmaDeCYFIR API's provides External Threat Landscape Management insights   Neosec Utilize Neosec behavioral analytics to protect your API estate from OWSP top 10 vulnerabilities and suspicious user behavior.   Content Testing By: rurhrlaubSupports assessment of upgraded Marketplace content packs against custom content and enables content testing within XSOAR.   Dynamically select and test automation, playbooks, and more.   XSOAR Summary Dashboard Dashboard that shows overall platform performance as well as support links and cheat sheets for reference. The dashboard also pulls the most recent XSOAR live community blog posts.   RunZero RunZero a network discovery and asset inventory solution.   Microsoft Exchange On-Premise Exchange Web Services   Microsoft Exchange Online Exchange Online and Office 365 (mail)   QutteraWebsiteMalwareScanner Detect suspicious/malicious/blocklisted content on domains/URLs. Run real-time normal/heuristic scan and database queries.   GZip Use this pack to zip and unzip files with GZip.   SSL Certificates SSL Certificate Content Pack for performing SSL Certificate validation.   Lumu SecOps operation, reflect and manage the Lumu Incidents either from XSOAR Cortex or viceversa using the mirroring integration flow.   PicusNGAutomation Run commands on Picus NG and automate security validation with playbooks.     Reco Reco - detects and protects against sensitive data leakage.   Rapid7 InsightVM Cloud VM is a Vulnerability Management Tool which Scan your Network, Eliminate Vulnerabilities, Track and Communicate progress.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site!  Cortex XSOAR     
View full article
New Content Packs Release   Azure Enrichment and Remediation Playbooks using multiple Azure content packs for enrichment and remediation purposes   CiscoSMA The Security Management Appliance (SMA) is used to centralize services from Email Security Appliances (ESAs) and Web Security Appliances (WSAs).   GCP Enrichment and Remediation Playbooks using multiple GCP content packs for enrichment and remediation purposes.   AppNovi Search your combined security data in appNovi via simplified search or search via the appNovi security graph.   CrowdSec Enrich the data you have on your threats with the most advanced real-world CTI.   LastInfoSec This integration allows to interact with the LastInfoSec API.   Illumio Rapid Ransomware Containment Provides integrations and playbooks to interact with Illumio Core APIs and automate network security tasks.   OpenAI The OpenAI API can be applied to virtually any task that involves understanding or generating natural language or code.   Uncover Unknown Malware Using SSDeep Leverages SSDeep hashes to find similarities between indicators and incidents.   XSOAR EDL Checker Checks EDLs hosted by the XSOAR server to ensure they are functioning.   CVE-2022-41040 & CVE-2022-41082 - ProxyNotShell This pack handles Microsoft Exchange SSRF CVE-2022-41040 & RCE CVE-2022-41082 vulnerabilities, aka ProxyNotShell, a 0-day exploits in Microsoft Exchange Servers.     To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our   Marketplace Site!  Cortex XSOAR 
View full article
New XSOAR Content packs released on Oct '22  CVE-2022-41040 & CVE-2022-41082 - ProxyNotShell This pack handles Microsoft Exchange SSRF CVE-2022-41040 & RCE CVE-2022-41082 vulnerabilities, aka ProxyNotShell, a 0-day exploits in Microsoft Exchange Servers   Team Cymru Team Cymru is an internet security firm that offers research services making the internet a more secure place. Gigamon ThreatINSIGHT Gigamon ThreatINSIGHT allows fast detection and effective response to active threats. OctoxLabs Octox Labs Cyber Security Asset Management platform   Snort IP Blocklist Snort IP Blocklist feed from  https://www.snort.org/   UltraMSG UltraMSG Integration. Send Whatsapp to Single Person Or Groups.   DelineaDSV This integration pack helps you retrieve the data stored in the Delinea DevOps Storage Vault and use it in other integrations.   Delinea Secret Server Secure privileges for service, application, root, and administrator accounts across your enterprise.   Exodus Intelligence EVE Platform Built on original research from some of the best reverse engineers in the world as well as cutting-edge machine learning technology.   Gatewatcher AionIQ GATEWATCHER is a European leader in advanced Threat detection, protecting critical networks of large enterprises and government organizations since 2015.   AWS Enrichment and Remediation Playbooks using multiple AWS content packs for enrichment and remediation purposes.   AWS Secrets Manager Secrets Manager helps you to securely encrypt, store, and retrieve credentials for your databases and other services.   Bitbucket Bitbucket Cloud is a Git-based code and CI/CD tool optimized for teams using Jira.   AHA Use the Aha! integration to edit name/title description and status of features in Aha! according to their status in Jira.   Cymulate Private Offer for Immediate Threats Security Testing Cymulate provides a monthly license to validate if the most recent threats and their IOCs pose a risk to your environment.     To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our   Marketplace Site!  Cortex XSOAR 
View full article
Check out this week's Playbook of the Week blog featuring the Cortex XSOAR Phishing Content Pack that helps cut down 75% of SOC investigation efforts.
View full article
Pro recommendation! Read our playbook of the week blog to learn how to use Cortex XSOAR effectively using new playbooks.
View full article
Cortex XSOAR New Pack Release - August 2022   Oletools Oletools pack allows performing some basic oletools commands from Cortex XSOAR. oletools is a tool to analyze Microsoft OLE2 files   Binalyze AIR Collect over 150 different types of evidence under 10 minutes. FREE   BmcITSM BmcITSM integration allows customers to manage service request, incident, change request, task, problem investigation and known error tickets.   Google Dorking Automate the process of google dorking searches in order to detect leaked data.   Remove Empty Evidence The automation removes evidence based on a query performed on the evidence content, if the provided string is found within the evidence- it will be removed.   Simple SFTP Simple SFTP Integration to copy files from SFTP Server using paramiko.   ThousandEyes This pack is used to to fetch-incidents, get alerts details and to get agent list   CheckPointSandBlast Upload files using polling, the service supports Microsoft Office files, as well as PDF, SWF, archives and executables. Active content will be cleaned from any documents that you...   Varonis Data Security Platform Streamline alerts, events and related forensic information from Varonis Data Security Platform   Simple API Proxy This pack provides a simple API proxy to restrict privileges or minimize the amount of credentials issued at the API.   BreachRx Automate your privacy Incident Response workflow through the BreachRx platform.   Vectra AI This content pack allows to create incidents based on Vectra Accounts/Detections/Hosts objects.   SalesforceV2 CRM Services To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site!  
View full article
Cortex XSOAR New Pack Release - July 2022   Check out our new XSOAR content packs. For more info on use cases, integrations and related documentation click on the Pack title:   Arkime Arkime (formerly Moloch) is a large-scale, open source, indexed packet capture, and search tool.   Dragos Worldview The pack contains an integration the pulls from the Dragos Worldview API. The integration can be configured to fetch report as incidents.    URLhaus Feed Indicators feed from URLhaus   GLIMPS Detect This Content Pack is used to create an XSOAR integration for GDetect. Thanks to this integration, submit files to GLIMPS Malware and identify instantly malware and ransomware.    Digital Shadows Elevate (10k - 25k employees) Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats.    Digital Shadows Extend (10k - 25k employees) Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats.    Iboss Manage block lists, manage allow lists, and perform domain, IP, and/or URL reputation and categorization lookups.   Secneurx Threat Feeds This pack contains integration to fetch indicators from SecneurX Threat Intelligence Feeds   Drift Drift Pack containing integrations with the Drift API   SEKOIAIntelligenceCenter Request SEKOIA.IO Intelligence Center from Cortex XSOAR   Titaniam Elasticsearch Plugin for XSOAR Add FIPS 140-2 encryption-in-use to XSOAR data in Elasticsearch for strong data security and privacy compliance.   MITRE Caldera Interact with MITRE Caldera via the v2 API.   Wordpress The WordPress REST API provides an interface for applications to interact with your WordPress site.     To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site! Cortex XSOAR 
View full article
Check The New XSOAR Content Packs Released In June '22 For more info on use cases, integrations and related documentation click on the Pack title:   CVE-2022-30190 - MSDT RCE This pack handles MSDT RCE CVE-2021-44228, aka Follina vulnerability, a 0-day exploit in Microsoft MSDT protocol handler   Malware Investigation and Response Accelerate the investigation of your endpoint malware alerts and incidents and trigger containment activities quickly.   AWS - SNS This is the integration content pack that can create or delete a topic/subscription on AWS Simple Notification System and send the message via SNS as well.   CVE-2022-26134 - Confluence RCE This pack handles Confluence RCE CVE-2022-26134 vulnerability, a 0-day exploit via OGNL injection in Confluence Server & Data Center.   PenfieldAIPremium Penfield.AI premium paid pack, the Elite platform bundle, includes Skill Set Visualization, Automated Alert Assignment, Automated Intelligent QA Review, On-The-Job Context...   SpyCloud Integration for retrieving data from the SpyCloud ATO API   Cloudflare WAF By: Cortex XSOAR Use Cloudflare WAF to manage firewall rules, filters, and IP lists.   Palo Alto Networks Security Advisories Search CVE details from the Palo Alto Security Advisories website.   CIRCL hashlookup (hashlookup.circl.lu) CIRCL hash lookup is a public API to lookup hash values against a known database of files. NSRL RDS database is included and many others are also included. The API is accessible via HTTP ReST...   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our   Marketplace Site!   Cortex XSOAR 
View full article
Playbook of The Week: Malware Investigation and Response   To help scale and automate investigations like this, we at Cortex XSOAR built the  Malware Investigation and Response  pack. We wanted to better understand the challenges customers faced when managing their endpoint alerts. Click here to read more in the Malware Investigation And Response blog.    We invite you to learn more by joining us for the  Cortex XSOAR Malware Investigation and Response content pack Webinar , on June 30th at 7 a.m. PDT / 4 p.m. CEST.    Cortex XSOAR 
View full article
Playbook of The Week: Automated Identity Lifecycle Management   Don't miss Cortex XSOAR's Playbook of the Week, a blog series highlighting compelling content packs in the Marketplace and interesting use cases showcasing the versatility of the Cortex XSOAR platform. This week, we're diving into how XSOAR can be used to automate Identity Lifecycle Management. Click to read the playbook of the week: Automated Identity Lifecycle Management   Cortex XSOAR 
View full article
New XSOAR Content packs were released in May '22 Check out our new XSOAR content packs. For more info on use cases, integrations and related documentation click on the Pack title:   GLPI GLPI open source ITSM solution   Attachments Pre Processing This pack contains a pre-processing script "GetFilePathPreProcessing" that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming...   MarkdownToHTML Converts Markdown to HTML.   Malware This popular Malware Content Pack helps you automate IOC extraction and enrichment, detonate malicious files, hunt for more IOCs, and more.   HarfangLab EDR This connector allows to fetch security events from a HarfangLab EDR Manager and manage the incident response.   Malware Investigation and Response Malware investigation and response   Jq-json-processer jq command to make much more powerful queries on JSON-based data than it is possible using DT   Azure Firewall Azure Firewall is a cloud-native and intelligent network firewall security service that provides breed threat protection for cloud workloads running in Azure.    Forescout EyeInspect Get in-depth device visibility for OT networks   Luminar IOCs & leaked credentials This connector allows integration of intelligence-based IOC data and customer-related leaked records identified by Luminar   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our   Marketplace Site!     Cortex XSOAR 
View full article
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Top Contributors