PANW IoT Incident Handling with ServiceNow

This playbook creates a ServiceNow ticket after the incident is enriched by Palo Alto Networks IoT security portal (previously Zingbox Cloud).

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • Palo Alto Networks IoT
  • ServiceNow v2

Scripts

  • iot-security-get-raci

Commands

  • iot-security-get-device
  • servicenow-create-record

Playbook Inputs


NameDescriptionDefault ValueRequired
IoTConfigListNameThe list name defined in the XSOAR Lists for the RACI and ServiceNow calculation.IOT_CONFIGOptional
CreateServiceNowTicketDetermines if a ServiceNow ticket should be created based on the RACI calculation. Set to True to create an incident.falseOptional

Playbook Outputs


PathDescriptionType
PaloAltoNetworksIoTThis path will have field "device" for the device details and "raci" if the command "iot-security-get-raci" has output.string
ServiceNow.RecordThe ServiceNow record after creating the ServiceNow ticket.string

Playbook Image


Palo_Alto_Neworks_IoT_Security