Zerohack XDR Pack.#This Integration is part of the
The companion integration for Zerohack XDR. Current versions allow the user to collect data from the XDR and later versions will support data exfiltration to XDR. This integration was integrated and tested with version 1.0 of Zerohack XDR
- Navigate to Side Panel > Administration > Integration > Key Management.
- Click on Create API key.
- Click on Drop down of Select application.
- Click on Palo Alto XSOAR.
- Select API Type "Full Control".
- Click on Create Api.
- Copy your API key.
- Navigate to Settings on bottom left corner of dashboard > Integrations > Servers & Services.
- Search for Zerohack XDR.
Click Add instance to create and configure a new integration instance.
Parameter Description Required Fetch incidents False Incident type False Maximum number of incidents per fetch This number determines how many incidents must be fetched with each API call. It is suggested you keep it below 100. False Zerohack XDR API Key This API key can be generated from your zerohack XDR account. Please ensure that you fill this field before you test the integration. True First fetch time This parameter decides how many old events you want to fetch when starting the integration. False Trust any certificate (not secure) False Incidents Fetch Interval True Minimum Severity This parameter defines the lowest severity level (xdr) to use for fetching incidents. True
Click on Gear Icon.
- Click Test to validate the URLs, token, and connection.
- Access the Fetch results.
You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
Fetch a single incident of your choice of severity level to study the incidents structure before you start continously fecthing incidents.
|The severity level helps in extracting latest incident of a specific severity.