Palo Alto Networks IoT 3rd Party
IoT 3rd Party Integrations by Palo Alto Networks Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Use the Palo Alto Networks IoT 3rd Party integration to get devices, alerts, and vulnerabilities from PANW IoT Cloud.
#
Configure Palo Alto Networks IoT 3rd Party on Cortex XSOAR- Navigate to Settings, Integrations, Servers & Services.
- Search for Palo Alto Networks IoT 3rd Party.
- Click Add instance to create and configure a new integration instance.
Parameter | Description | Required |
---|---|---|
URL | Palo Alto Networks IoT Security Portal URL (e.g. https://example.iot.paloaltonetworks.com\) | True |
Customer ID | Tenant ID | True |
Key ID | Access Key ID | True |
Access Key | Secret Access Key | True |
isFetch | Fetch incidents | False |
- Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
panw-iot-3rd-party-report-status-to-panwPANW IoT 3rd Party Report Status to PANW command - Sends a status message back to PANW IOT cloud.
#
Base Commandpanw-iot-3rd-party-report-status-to-panw
#
InputArgument Name | Description | Required |
---|---|---|
status | Message to be sent to PANW IoT Cloud | Required |
message | Message to be sent to PANW IoT Cloud | Required |
integration_name | Name of PANW IoT 3rd Party Integration | Required |
playbook_name | Name of the playbook | Required |
asset_type | Type of asset associated with the status report | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!panw-iot-3rd-party-report-status-to-panw status=success message="successfully updated 100 devices" integration_name=ise playbook_name="Increment Export to Cisco ISE - PANW IoT 3rd Party Integration" asset_type=device
#
Human Readable Output#
Reporting Status:integration_name | ise |
iot_cloud_response | received: yes |
message | successfully updated 100 devices |
playbook_name | Increment Export to Cisco ISE - PANW IoT 3rd Party Integration |
status | success |
timestamp | 1606106283993 |
type | device |
#
panw-iot-3rd-party-get-single-assetPANW IoT 3rd Party get single Asset - For a given a asset ID (alert-id, vulnerability-id or mac-address) returns the asset details.
#
Base Commandpanw-iot-3rd-party-get-single-asset
#
InputArgument Name | Description | Required |
---|---|---|
asset_type | Type of Asset | Required |
asset_id | Asset ID. MacAddress for device, zb_ticketid for alert and vulnerability | Required |
#
Context OutputPath | Type | Description |
---|---|---|
PanwIot3rdParty.SingleAsset | unknown | Asset Details |
#
Command Example!panw-iot-3rd-party-get-single-asset asset_type="Device" asset_id="00:e0:4c:68:09:16"
#
Human Readable Output#
Successfully pulled Device (00:e0:4c:68:09:16) from PANW IoT Cloud#
panw-iot-3rd-party-get-asset-listPANW IoT 3rd Party get asset list - Returns a list of assets for the specified asset type.
#
Base Commandpanw-iot-3rd-party-get-asset-list
#
InputArgument Name | Description | Required |
---|---|---|
asset_type | Type of Asset | Required |
increment_time | Increment time in minutes. Example: Increment Time = 15 mins will return input type assets modified or discovered within the last 15 minutes. A Null value will return full inventory (1000 MAX) | Optional |
offset | Offset for paging: Null value will accumulate all results by default | Optional |
page_length | Page size for paging: Null value will accumulate all results by default | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
PanwIot3rdParty.Devices | unknown | List of Devices |
PanwIot3rdParty.Alerts | unknown | List of Alerts |
PanwIot3rdParty.Vulnerabilities | unknown | List of Vulnerabilities |
#
Command Example!panw-iot-3rd-party-get-asset-list asset_type="device" increment_time="2"
#
Human Readable Output#
Asset import summary:asset type | Device |
assets pulled | 11 |
#
panw-iot-3rd-party-convert-assets-to-external-formatPANW IoT 3rd Party convert assets to external foramt - For a given asset (alert, device, vuln) converts it to 3rd party format.
#
Base Commandpanw-iot-3rd-party-convert-assets-to-external-format
#
InputArgument Name | Description | Required |
---|---|---|
asset_type | Input asset type | Required |
output_format | Desired output format | Required |
asset_list | List of input assets | Required |
servicenow_map | ServiceNow ID and deviceid mapping | Optional |
incident | incident triggered by PANW IoT cloud API | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
PanwIot3rdParty.VulnerabilityCEFSyslogs | unknown | List of CEF formatted vulnerability syslogs for SIEM |
PanwIot3rdParty.AlertCEFSyslogs | unknown | List of CEF formatted alert syslogs for SIEM |
PanwIot3rdParty.DeviceCEFSyslogs | unknown | List of CEF formatted device syslogs for SIEM |
PanwIot3rdParty.CiscoISEAttributes | unknown | List of Cisco ISE attribute dicts/maps |
PanwIot3rdParty.AlertServiceNow | unknown | Single SN formatted alert string |
PanwIot3rdParty.VulnerabilityServiceNow | unknown | Single SN formatted vulnerability string |
PanwIot3rdParty.DeviceServiceNow | unknown | List of upsert ready formatted device for SN |
#
Command Example!panw-iot-3rd-party-convert-assets-to-external-format asset_type=device output_format=siem asset_list=[a list of 221 device maps]