Skip to main content

Illusive Networks

Download With Dependencies

Enrich SOC incident triage and investigation data with valuable Illusive information and forensics, and manage the way Illusive deploys deceptions across the network.

Illusive Networks

This pack includes XSIAM content.

Incident Response

Provide SOC teams with automated collection and analysis of Illusive incidents and the option to extend Illusive data and forensics analysis to other potentially malicious activities discovered on your network.

  • Automatically collect data and forensics from new incidents detected by Illusive
  • Enrich SOC data by retrieving a rich set of incident and forensics information, including: 1) host details and forensics from a potentially compromised host, 2) a forensics timeline, 3) forensics analysis, 4) additional data
  • Auto-analyze collected data and calculate incident severity to speed up SOC response times
  • Collect forensics from any compromised host and retrieve a forensics timeline

Deceptions and Attack Surface Manager

Manage the Illusive’s deceptive entities and deception policies to control the way Illusive deploys deceptions across the network, and gain insight into your network’s topography.

  • Retrieve detailed lists of approved and suggested deceptive servers and users
  • Approve, delete, and query deceptive entities
  • Manage deception policy assignments per host
  • Retrieve attack surface insights for Crown Jewels and specific hosts

Illusive Networks

This pack includes XSIAM content.

Incident Response

Provide SOC teams with automated collection and analysis of Illusive incidents and the option to extend Illusive data and forensics analysis to other potentially malicious activities discovered on your network.

  • Automatically collect data and forensics from new incidents detected by Illusive
  • Enrich SOC data by retrieving a rich set of incident and forensics information, including: 1) host details and forensics from a potentially compromised host, 2) a forensics timeline, 3) forensics analysis, 4) additional data
  • Auto-analyze collected data and calculate incident severity to speed up SOC response times
  • Collect forensics from any compromised host and retrieve a forensics timeline

Deceptions and Attack Surface Manager

Manage the Illusive’s deceptive entities and deception policies to control the way Illusive deploys deceptions across the network, and gain insight into your network’s topography.

  • Retrieve detailed lists of approved and suggested deceptive servers and users
  • Approve, delete, and query deceptive entities
  • Manage deception policy assignments per host
  • Retrieve attack surface insights for Crown Jewels and specific hosts

Collect Events from Vendor

In order to use the collector, you can use the following option to collect events from the vendor:

You will need to configure the vendor and product for this specific collector.

Broker VM

You will need to use the information described here.\
You can configure the specific vendor and product for this instance.

  1. Navigate to Settings -> Configuration -> Data Broker -> Broker VMs.
  2. Right-click, and select Syslog Collector -> Configure.
  3. When configuring the Syslog Collector, set:
    • illusive as vendor
    • illusive as product

PUBLISHER

Illusive Networks

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByPartner
CreatedJuly 26, 2020
Last ReleaseFebruary 14, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.