GuardiCore

Details
Content
Dependencies
Version History

Data center breach detection

Guardicore delivers easy-to-use Zero Trust network segmentation to security practitioners
across the globe. Our mission is to minimize the effects of high-impact breaches, like
ransomware, while protecting the critical assets at the heart of your network. We shut
down adversarial lateral movement, fast. From bare metal to virtual machines and containers,
Guardicore has you covered across your endpoints, data centers and the cloud.
Our software-based platform helps you become more secure to enable your organization’s digital transformation.

East West Segmentation / Micro Segmentation capabilities to reduce your attack surface and remove unnecessary streams of communication between servers and applications.
Improve operational efficiency and agility by eliminating downtime during server or application migrations.
Enforce Zero Trust security protocols with ease and simplify your organization's path to compliance.
Guardicore Website
Guardicore Centra Demo Request
Short video on Mastering Segmentation

East West Segmentation / Micro Segmentation capabilities to reduce your attack surface and remove unnecessary streams of communication between servers and applications.
Improve operational efficiency and agility by eliminating downtime during server or application migrations.
Enforce Zero Trust security protocols with ease and simplify your organization's path to compliance.
Guardicore Website
Guardicore Centra Demo Request
Short video on Mastering Segmentation

Layouts

Name	Description
GuardiCore Layout

Incident Fields

Name	Description
GuardiCore Incident Type	GuardiCore Incident Type
GuardiCore Associated Incident Groups	GuardiCore Associated Incident Groups

Incident Types

Name	Description
Guardicore Incident

Classifiers

Name	Description
GuardiCore Incoming Mapper	Maps incoming Guardicore incident fields.
Guardicore classifier	Classifies Guardicore incidents.

Integrations

Name	Description
GuardiCore v2	GuardiCore v2 Integration enables you to get information about incidents and endpoints (assets) via the GuardiCore API.
GuardiCore (Deprecated)	Deprecated. Use GuardiCore v2 instead.

Incident Fields

Name	Description
GuardiCore Incident Type	GuardiCore Incident Type
GuardiCore Associated Incident Groups	GuardiCore Associated Incident Groups

Incident Types

Name	Description
Guardicore Incident

Classifiers

Name	Description
GuardiCore Incoming Mapper	Maps incoming Guardicore incident fields.
Guardicore classifier	Classifies Guardicore incidents.

Integrations

Name	Description
GuardiCore v2	GuardiCore v2 Integration enables you to get information about incidents and endpoints (assets) via the GuardiCore API.
GuardiCore (Deprecated)	Deprecated. Use GuardiCore v2 instead.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

2.0.12 - 6479322 (October 1, 2023)

Integrations

GuardiCore v2

Improved the fetch-incidents deduplication mechanism.
Fixed an issue in fetch-incidents command where incidents were not created when setting the Severity and the Incident Type parameters to "all".

Related pull requests:
- 29911

Download

2.0.11 - R5866730 (July 25, 2023)

Integrations

GuardiCore v2

Updated the Docker image to: demisto/python3:3.10.12.63474.
Fixed an issue where a default argument value was missing in some commands.

Related pull requests:
- 27443

Download

2.0.10 - R5450895 (June 5, 2023)

Integrations

GuardiCore (Deprecated)

Updated the pack category to Deception & Breach Simulation.

Related pull requests:
- 25124

Download

2.0.9 - 4746941 (March 5, 2023)

Integrations

GuardiCore v2

Updated the pack category to Deception & Breach Simulation.

GuardiCore (Deprecated)

Deprecated. Please use GuardiCore v2 instead.

Related pull requests:
- 24869

Download

2.0.8 - R4718798 (March 1, 2023)

Integrations

GuardiCore v2

Updated the Docker image to: demisto/python3:3.10.10.48392.
Fixed an issue where the fetch-incidents command failed to fetch incidents.

Related pull requests:
- 24708

Download

2.0.7 - R4646022 (February 19, 2023)

Layouts

GuardiCore Layout
This item is no longer supported in XSIAM.

Related pull requests:
- 24223

Download

2.0.6 - R4372591 (January 11, 2023)

Integrations

GuardiCore v2

Updated the Docker image to: demisto/python3:3.10.9.42476.
Documentation and metadata improvements.

Related pull requests:
- 23398

Download

2.0.5 - R3994332 (November 8, 2022)

Incident Fields

Removed the unsupported fromServerVersion field from the following Incident Fields:
GuardiCore Incident Type
GuardiCore Associated Incident Groups

Related pull requests:
- 19800

Download

2.0.4 - 3118515 (June 19, 2022)

Integrations

GuardiCore v2

Removed excessive error traceback printing.
Updated the Docker image to: demisto/python3:3.10.4.30607.

Related pull requests:
- 19511

Download

2.0.3 - 2781556 (April 19, 2022)

Integrations

Updated formatting of integration parameters.

GuardiCore v2

Updated formatting of integration parameters.

Download

2.0.2 - 2674843 (March 30, 2022)

Integrations

GuardiCore v2

Added type validations and other internal code improvements.

Download

2.0.1 - R2275899 (January 19, 2022)

Integrations

GuardiCore v2

Updated the Docker image to: demisto/python3:3.9.8.24399.

Download

2.0.0 - R7933644 (October 4, 2021)

Integrations

New: GuardiCore v2

Bumped to major version 2.0
Added the following commands:
- guardicore-get-incident
- guardicore-get-incidents
- endpoint (to create new indicators)
Changed the name of the guardicore-show-endpoint command to guardicore-search-asset.
The following commands are no longer supported due to API changes:
- guardicore-uncommon-domains
- guardicore-unresolved-domains
- guardicore-dns-requests
- guardicore-misconfigurations
- guardicore-get-incident-iocs
- guardicore-get-incident-events
- guardicore-get-incident-pcap
- guardicore-get-incident-attachments
- guardicore-search-network-log

Incident Types

Guardicore Incident

Added default layout.

Incident Fields

Added the GuardiCore Associated Incident Groups incident field.
Added the GuardiCore Incident Type incident field.

Classifiers

New: Guardicore classifier

Classifies incoming GuardiCore incidents.

Mappers

New: GuardiCore Incoming Mapper

Maps incoming GuardiCore incident fields.

Layouts

New: GuardiCore Layout

Added a new layout for the GuardiCore Layout indicator type.

Download

1.0.1 - 320645 (April 5, 2021)

Integrations

GuardiCore

Fixed an issue where failing to log out from the product did not raise a meaningful error.
Added the from_time, to_time arguments to the guardicore-get-incidents command.

Download

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	November 9, 2020
Last Release	October 1, 2023

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.