Check out our new XSOAR Playbook Design Guide. This detailed manual is designed to inform playbook creators on best practices for creating stable playbooks and a foundational pipeline from development to production.   Have a question? Post it on our Discussions Page Cortex XSOAR 

New Content Packs Release For more info on use cases, integrations and related documentation click on the Pack title:   Cortex Xpanse Content for working with Attack Surface Management (ASM).   FortinetFortiwebVM Fortiweb VM integration allows to manage WAF policies and block cookies, URLs, and hostnames.   DeCYFIR By: CyfirmaDeCYFIR API's provides External Threat Landscape Management insights   Neosec Utilize Neosec behavioral analytics to protect your API estate from OWSP top 10 vulnerabilities and suspicious user behavior.   Content Testing By: rurhrlaubSupports assessment of upgraded Marketplace content packs against custom content and enables content testing within XSOAR.   Dynamically select and test automation, playbooks, and more.   XSOAR Summary Dashboard Dashboard that shows overall platform performance as well as support links and cheat sheets for reference. The dashboard also pulls the most recent XSOAR live community blog posts.   RunZero RunZero a network discovery and asset inventory solution.   Microsoft Exchange On-Premise Exchange Web Services   Microsoft Exchange Online Exchange Online and Office 365 (mail)   QutteraWebsiteMalwareScanner Detect suspicious/malicious/blocklisted content on domains/URLs. Run real-time normal/heuristic scan and database queries.   GZip Use this pack to zip and unzip files with GZip.   SSL Certificates SSL Certificate Content Pack for performing SSL Certificate validation.   Lumu SecOps operation, reflect and manage the Lumu Incidents either from XSOAR Cortex or viceversa using the mirroring integration flow.   PicusNGAutomation Run commands on Picus NG and automate security validation with playbooks.    Reco Reco - detects and protects against sensitive data leakage.   Rapid7 InsightVM Cloud VM is a Vulnerability Management Tool which Scan your Network, Eliminate Vulnerabilities, Track and Communicate progress.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site!  Cortex XSOAR     

  New Content Packs Release   MITRE ATT&CK - Courses of Action Looking for actionable intelligence? This intelligence-driven Pack provides manual or automated remediation of MITRE ATT&CK techniques.   GreyNoise Premium GreyNoise is a threat intelligence service that collects and analyzes Internet-wide scan and attack traffic.   MicrosoftGraphTeams O365 Teams (Using Graph API) gives you authorized access to a user’s Teams enabling you to facilitate communication through teams.   Community Common Scripts A pack that contains community scripts   Web File Repository Simple web server with a file uploading console to store small files.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site!  Cortex XSOAR       

New Content Packs Release   Azure Enrichment and Remediation Playbooks using multiple Azure content packs for enrichment and remediation purposes   CiscoSMA The Security Management Appliance (SMA) is used to centralize services from Email Security Appliances (ESAs) and Web Security Appliances (WSAs).   GCP Enrichment and Remediation Playbooks using multiple GCP content packs for enrichment and remediation purposes.   AppNovi Search your combined security data in appNovi via simplified search or search via the appNovi security graph.   CrowdSec Enrich the data you have on your threats with the most advanced real-world CTI.   LastInfoSec This integration allows to interact with the LastInfoSec API.   Illumio Rapid Ransomware Containment Provides integrations and playbooks to interact with Illumio Core APIs and automate network security tasks.   OpenAI The OpenAI API can be applied to virtually any task that involves understanding or generating natural language or code.   Uncover Unknown Malware Using SSDeep Leverages SSDeep hashes to find similarities between indicators and incidents.   XSOAR EDL Checker Checks EDLs hosted by the XSOAR server to ensure they are functioning.   CVE-2022-41040 & CVE-2022-41082 - ProxyNotShell This pack handles Microsoft Exchange SSRF CVE-2022-41040 & RCE CVE-2022-41082 vulnerabilities, aka ProxyNotShell, a 0-day exploits in Microsoft Exchange Servers.     To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site!  Cortex XSOAR 

New XSOAR Content packs released on Nov 22'     CVE-2022-3786 & CVE-2022-3602 - OpenSSL X.509 Buffer Overflows This pack handles OpenSSL X.609 Buffer Overflows CVE-2022-3786 & RCE CVE-2022-3602 vulnerabilities.   Cofense Vision Cofense Vision empowers security teams to hunt for email messages and quarantine threats in mailboxes.    CyCognito Feed Provides a feed integration to retrieve the discovered assets.   Keyfactor Basic Keyfactor Integration that Posts CSR and Retrieves the certificates.   GitLab Pack for handling gitlab operations   CyCognito Fetches the issues associated with a particular asset from the CyCognito platform.   Stairwell Inception is a security intelligence engine that automates the continuous capture, storage, and of executable files.   MITRE ATT&CK - Courses of Action Looking for actionable intelligence? This intelligence-driven Pack provides manual or automated remediation of MITRE ATT&CK techniques.   SingleConnect Single Connect enables enterprises to remove static passwords stored in applications by instead keeping passwords in a secure password vault.   Cisco Umbrella Reporting Use Cisco Umbrella's Reporting to monitor your Umbrella integration and gain a better understanding of your Umbrella usage. Gain insights into request activity and blocked activity.   VersaDirector Versa Director is a virtualization and service creation platform that simplifies the design, automation, and delivery of SASE services.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site!  Cortex XSOAR   

New XSOAR Content packs released on Oct '22  CVE-2022-41040 & CVE-2022-41082 - ProxyNotShell This pack handles Microsoft Exchange SSRF CVE-2022-41040 & RCE CVE-2022-41082 vulnerabilities, aka ProxyNotShell, a 0-day exploits in Microsoft Exchange Servers   Team Cymru Team Cymru is an internet security firm that offers research services making the internet a more secure place. Gigamon ThreatINSIGHT Gigamon ThreatINSIGHT allows fast detection and effective response to active threats. OctoxLabs Octox Labs Cyber Security Asset Management platform   Snort IP Blocklist Snort IP Blocklist feed from https://www.snort.org/   UltraMSG UltraMSG Integration. Send Whatsapp to Single Person Or Groups.   DelineaDSV This integration pack helps you retrieve the data stored in the Delinea DevOps Storage Vault and use it in other integrations.   Delinea Secret Server Secure privileges for service, application, root, and administrator accounts across your enterprise.   Exodus Intelligence EVE Platform Built on original research from some of the best reverse engineers in the world as well as cutting-edge machine learning technology.   Gatewatcher AionIQ GATEWATCHER is a European leader in advanced Threat detection, protecting critical networks of large enterprises and government organizations since 2015.   AWS Enrichment and Remediation Playbooks using multiple AWS content packs for enrichment and remediation purposes.   AWS Secrets Manager Secrets Manager helps you to securely encrypt, store, and retrieve credentials for your databases and other services.   Bitbucket Bitbucket Cloud is a Git-based code and CI/CD tool optimized for teams using Jira.   AHA Use the Aha! integration to edit name/title description and status of features in Aha! according to their status in Jira.   Cymulate Private Offer for Immediate Threats Security Testing Cymulate provides a monthly license to validate if the most recent threats and their IOCs pose a risk to your environment.     To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site!  Cortex XSOAR 

New XSOAR Content packs released on Sep '22    Check Point Dome9 (CloudGuard) Dome9 integration allows us to easily manage the security and compliance of the public cloud.   Recorded Future ASI Helps you take risk prioritization to the next level by helping you identify the biggest weaknesses within your attack surface.   RetrievePlaybooksAndIntegrations Retrieves all Playbook (and Sub-Playbook) Names and Integrations for a provided Playbook Name.   XDR Best Practice Assessment This content pack includes an incident type, custom fields, layout, and playbook to facilitate an XDR Best Practice Assessment for an existing deployment of Palo Alto Networks.   Xsoar-web-server Contains a minimal webserver and automation that can be used to generate predictable URLs that can be inserted into emails and the responses can be tracked.    SecneurX Analysis Fully automated malware dynamic analysis sandboxing.   Carbon Black Common Fields Carbon Black common fields concentrate all of the mutual content entities for the Carbon Black integrations.   Skyhigh Security SSE Skyhigh Security is a cloud-based, multi-tenant service that enables Cloud Discovery and Risk Monitoring, Cloud Usage Analytics, and Cloud Access, and Control.   Exterro/AccessData Use the Exterro package to integrate with the Exterro FTK Suite, enabling the playbook automation of incident response workflows upon detection of a possible threat.    Keeper Secrets Manager Use Secrets Manager to manage secrets and protect sensitive data through Keeper Vault.     To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site!  Cortex XSOAR   

Check out this week's Playbook of the Week blog featuring the Cortex XSOAR Phishing Content Pack that helps cut down 75% of SOC investigation efforts.

Pro recommendation! Read our playbook of the week blog to learn how to use Cortex XSOAR effectively using new playbooks.

Cortex XSOAR New Pack Release - August 2022   Oletools Oletools pack allows performing some basic oletools commands from Cortex XSOAR. oletools is a tool to analyze Microsoft OLE2 files   Binalyze AIR Collect over 150 different types of evidence under 10 minutes. FREE   BmcITSM BmcITSM integration allows customers to manage service request, incident, change request, task, problem investigation and known error tickets.   Google Dorking Automate the process of google dorking searches in order to detect leaked data.   Remove Empty Evidence The automation removes evidence based on a query performed on the evidence content, if the provided string is found within the evidence- it will be removed.   Simple SFTP Simple SFTP Integration to copy files from SFTP Server using paramiko.   ThousandEyes This pack is used to to fetch-incidents, get alerts details and to get agent list   CheckPointSandBlast Upload files using polling, the service supports Microsoft Office files, as well as PDF, SWF, archives and executables. Active content will be cleaned from any documents that you...   Varonis Data Security Platform Streamline alerts, events and related forensic information from Varonis Data Security Platform   Simple API Proxy This pack provides a simple API proxy to restrict privileges or minimize the amount of credentials issued at the API.   BreachRx Automate your privacy Incident Response workflow through the BreachRx platform.   Vectra AI This content pack allows to create incidents based on Vectra Accounts/Detections/Hosts objects.   SalesforceV2 CRM Services To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site!  

Cortex XSOAR New Pack Release - July 2022   Check out our new XSOAR content packs. For more info on use cases, integrations and related documentation click on the Pack title:   Arkime Arkime (formerly Moloch) is a large-scale, open source, indexed packet capture, and search tool.   Dragos Worldview The pack contains an integration the pulls from the Dragos Worldview API. The integration can be configured to fetch report as incidents.    URLhaus Feed Indicators feed from URLhaus   GLIMPS Detect This Content Pack is used to create an XSOAR integration for GDetect. Thanks to this integration, submit files to GLIMPS Malware and identify instantly malware and ransomware.    Digital Shadows Elevate (10k - 25k employees) Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats.    Digital Shadows Extend (10k - 25k employees) Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats.    Iboss Manage block lists, manage allow lists, and perform domain, IP, and/or URL reputation and categorization lookups.   Secneurx Threat Feeds This pack contains integration to fetch indicators from SecneurX Threat Intelligence Feeds   Drift Drift Pack containing integrations with the Drift API   SEKOIAIntelligenceCenter Request SEKOIA.IO Intelligence Center from Cortex XSOAR   Titaniam Elasticsearch Plugin for XSOAR Add FIPS 140-2 encryption-in-use to XSOAR data in Elasticsearch for strong data security and privacy compliance.   MITRE Caldera Interact with MITRE Caldera via the v2 API.   Wordpress The WordPress REST API provides an interface for applications to interact with your WordPress site.     To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site! Cortex XSOAR 

Check The New XSOAR Content Packs Released In June '22 For more info on use cases, integrations and related documentation click on the Pack title:   CVE-2022-30190 - MSDT RCE This pack handles MSDT RCE CVE-2021-44228, aka Follina vulnerability, a 0-day exploit in Microsoft MSDT protocol handler   Malware Investigation and Response Accelerate the investigation of your endpoint malware alerts and incidents and trigger containment activities quickly.   AWS - SNS This is the integration content pack that can create or delete a topic/subscription on AWS Simple Notification System and send the message via SNS as well.   CVE-2022-26134 - Confluence RCE This pack handles Confluence RCE CVE-2022-26134 vulnerability, a 0-day exploit via OGNL injection in Confluence Server & Data Center.   PenfieldAIPremium Penfield.AI premium paid pack, the Elite platform bundle, includes Skill Set Visualization, Automated Alert Assignment, Automated Intelligent QA Review, On-The-Job Context...   SpyCloud Integration for retrieving data from the SpyCloud ATO API   Cloudflare WAF By: Cortex XSOAR Use Cloudflare WAF to manage firewall rules, filters, and IP lists.   Palo Alto Networks Security Advisories Search CVE details from the Palo Alto Security Advisories website.   CIRCL hashlookup (hashlookup.circl.lu) CIRCL hash lookup is a public API to lookup hash values against a known database of files. NSRL RDS database is included and many others are also included. The API is accessible via HTTP ReST...   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site!   Cortex XSOAR 

Playbook of The Week: Malware Investigation and Response   To help scale and automate investigations like this, we at Cortex XSOAR built the Malware Investigation and Response pack. We wanted to better understand the challenges customers faced when managing their endpoint alerts. Click here to read more in the Malware Investigation And Response blog.    We invite you to learn more by joining us for the Cortex XSOAR Malware Investigation and Response content pack Webinar, on June 30th at 7 a.m. PDT / 4 p.m. CEST.    Cortex XSOAR 

Playbook of The Week: Automated Identity Lifecycle Management   Don't miss Cortex XSOAR's Playbook of the Week, a blog series highlighting compelling content packs in the Marketplace and interesting use cases showcasing the versatility of the Cortex XSOAR platform. This week, we're diving into how XSOAR can be used to automate Identity Lifecycle Management. Click to read the playbook of the week: Automated Identity Lifecycle Management   Cortex XSOAR 

New XSOAR Content packs were released in May '22 Check out our new XSOAR content packs. For more info on use cases, integrations and related documentation click on the Pack title:   GLPI GLPI open source ITSM solution   Attachments Pre Processing This pack contains a pre-processing script "GetFilePathPreProcessing" that is used to create the attachments of incoming incidents in an existing incident, then drop the incoming...   MarkdownToHTML Converts Markdown to HTML.   Malware This popular Malware Content Pack helps you automate IOC extraction and enrichment, detonate malicious files, hunt for more IOCs, and more.   HarfangLab EDR This connector allows to fetch security events from a HarfangLab EDR Manager and manage the incident response.   Malware Investigation and Response Malware investigation and response   Jq-json-processer jq command to make much more powerful queries on JSON-based data than it is possible using DT   Azure Firewall Azure Firewall is a cloud-native and intelligent network firewall security service that provides breed threat protection for cloud workloads running in Azure.    Forescout EyeInspect Get in-depth device visibility for OT networks   Luminar IOCs & leaked credentials This connector allows integration of intelligence-based IOC data and customer-related leaked records identified by Luminar   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site!     Cortex XSOAR 

Watch Symphony 2022 on-demand! 

Don't miss out on the Cortex XSOAR's playbook of the week!

Read the PDF below to learn more about the Cortex XSOAR 6.6 features.  In a nut shell: Dynamic layouts and Forms  Action button form control  Edit on Blur Saved query sharing Long text field template And other XSOAR Enhancements Cortex XSOAR 6.6 Features PDF For more information: 6.6 Release info Release notes: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-6/cortex-xsoar-release-notes/cortex-soar-release-information/cortex-soar-new-features Admin Guide: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-5/cortex-xsoar-admin/cortex-xsoar-overview.h...  Minor Releases: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-6/cortex-xsoar-release-notes/cortex-soar-release-information/minor-releases   If you have additional product questions about Cortex XSOAR 6.6, be sure to post them in the Cortex XSOAR Discussions forum. Cortex XSOAR 

A lot of new content releases for April 2022. Check out the April pack for more info. 

New XSOAR Content packs released in March '22 Check out our XSOAR content packs released in March! For more info on use cases, integrations and related documentation click on the Pack title:   VerifyIPv4Indicator Script to verify if the input or list of inputs is IPv4 address   Shadows Essentials <1k employees> Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats. The award-winning SearchLight solution provides ongoing   BatchData This script is used to split large list data sets into a defined batch size. A common use case is for api requests that can only handle a set number of items per request   DeepL Uses DeepL (https://www.deepl.com/) to translate text or files   Prisma Cloud Compute Reporting Generate compliance and vulnerability reports from Prisma Cloud Compute   SecurityScorecardPremium-Resell This pack is a resell premium pack for SecurityScorecard   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site!    

Checkout XSOAR content packs released in February!

New XSOAR TIM integration for Indicators Sync

Offline packs and Docker flow

Checkout XSOAR content packs released in January!

The CI/CD flow allows customers to manage their custom content in a pack structure outside of XSOAR

As part of our Rapid Breach Response program, following the Russia/Ukraine Cyber conflict, Cortex XSOAR released a new content pack: "WhisperGate & CVE-2021-32648'' that can help automatically detect and mitigate the two threats.

A template for implementing the OOTB Phishing Use Case in Cortex XSOAR

Check out our new content packs released in December!

Download the new XSOAR playbook responding to the Log4j zero day exploit

Check out our new content packs released this month