Skip to main content

Palo Alto Networks IoT 3rd Party

This Integration is part of the Palo Alto Networks IoT 3rd Party Integrations Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Use the Palo Alto Networks IoT 3rd Party integration to get devices, alerts, and vulnerabilities from PANW IoT Cloud.

Configure Palo Alto Networks IoT 3rd Party on Cortex XSOAR#

  1. Navigate to Settings, Integrations, Servers & Services.
  2. Search for Palo Alto Networks IoT 3rd Party.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
URLPalo Alto Networks IoT Security Portal URL (e.g. https://example.iot.paloaltonetworks.com\)True
Customer IDTenant IDTrue
Key IDAccess Key IDTrue
Access KeySecret Access KeyTrue
isFetchFetch incidentsFalse
  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

panw-iot-3rd-party-report-status-to-panw#


PANW IoT 3rd Party Report Status to PANW command - Sends a status message back to PANW IOT cloud.

Base Command#

panw-iot-3rd-party-report-status-to-panw

Input#

Argument NameDescriptionRequired
statusMessage to be sent to PANW IoT CloudRequired
messageMessage to be sent to PANW IoT CloudRequired
integration_nameName of PANW IoT 3rd Party IntegrationRequired
playbook_nameName of the playbookRequired
asset_typeType of asset associated with the status reportRequired

Context Output#

There is no context output for this command.

Command Example#

!panw-iot-3rd-party-report-status-to-panw status=success message="successfully updated 100 devices" integration_name=ise playbook_name="Increment Export to Cisco ISE - PANW IoT 3rd Party Integration" asset_type=device

Human Readable Output#

Reporting Status:#

integration_nameise
iot_cloud_responsereceived: yes
messagesuccessfully updated 100 devices
playbook_nameIncrement Export to Cisco ISE - PANW IoT 3rd Party Integration
statussuccess
timestamp1606106283993
typedevice

panw-iot-3rd-party-get-single-asset#


PANW IoT 3rd Party get single Asset - For a given a asset ID (alert-id, vulnerability-id or mac-address) returns the asset details.

Base Command#

panw-iot-3rd-party-get-single-asset

Input#

Argument NameDescriptionRequired
asset_typeType of AssetRequired
asset_idAsset ID. MacAddress for device, zb_ticketid for alert and vulnerabilityRequired

Context Output#

PathTypeDescription
PanwIot3rdParty.SingleAssetunknownAsset Details

Command Example#

!panw-iot-3rd-party-get-single-asset asset_type="Device" asset_id="00:e0:4c:68:09:16"

Human Readable Output#

Successfully pulled Device (00:e0:4c:68:09:16) from PANW IoT Cloud#

panw-iot-3rd-party-get-asset-list#


PANW IoT 3rd Party get asset list - Returns a list of assets for the specified asset type.

Base Command#

panw-iot-3rd-party-get-asset-list

Input#

Argument NameDescriptionRequired
asset_typeType of AssetRequired
increment_timeIncrement time in minutes. Example: Increment Time = 15 mins will return input type assets modified or discovered within the last 15 minutes. A Null value will return full inventory (1000 MAX)Optional
offsetOffset for paging: Null value will accumulate all results by defaultOptional
page_lengthPage size for paging: Null value will accumulate all results by defaultOptional

Context Output#

PathTypeDescription
PanwIot3rdParty.DevicesunknownList of Devices
PanwIot3rdParty.AlertsunknownList of Alerts
PanwIot3rdParty.VulnerabilitiesunknownList of Vulnerabilities

Command Example#

!panw-iot-3rd-party-get-asset-list asset_type="device" increment_time="2"

Human Readable Output#

Asset import summary:#

asset typeDevice
assets pulled11

panw-iot-3rd-party-convert-assets-to-external-format#


PANW IoT 3rd Party convert assets to external foramt - For a given asset (alert, device, vuln) converts it to 3rd party format.

Base Command#

panw-iot-3rd-party-convert-assets-to-external-format

Input#

Argument NameDescriptionRequired
asset_typeInput asset typeRequired
output_formatDesired output formatRequired
asset_listList of input assetsRequired
servicenow_mapServiceNow ID and deviceid mappingOptional
incidentincident triggered by PANW IoT cloud APIOptional

Context Output#

PathTypeDescription
PanwIot3rdParty.VulnerabilityCEFSyslogsunknownList of CEF formatted vulnerability syslogs for SIEM
PanwIot3rdParty.AlertCEFSyslogsunknownList of CEF formatted alert syslogs for SIEM
PanwIot3rdParty.DeviceCEFSyslogsunknownList of CEF formatted device syslogs for SIEM
PanwIot3rdParty.CiscoISEAttributesunknownList of Cisco ISE attribute dicts/maps
PanwIot3rdParty.AlertServiceNowunknownSingle SN formatted alert string
PanwIot3rdParty.VulnerabilityServiceNowunknownSingle SN formatted vulnerability string
PanwIot3rdParty.DeviceServiceNowunknownList of upsert ready formatted device for SN

Command Example#

!panw-iot-3rd-party-convert-assets-to-external-format asset_type=device output_format=siem asset_list=[a list of 221 device maps]

Human Readable Output#

Converted 221 Device to SIEM#