>
    Strata Copilot
    Send Work Orders to AIMS 2
    Focus
    Download PDF
    Focus
    1. Home
    2. Device Security
    3. Device Security Integration Guide
    4. Asset Management
    5. Integrate Device Security with AIMS
    6. Send Work Orders to AIMS 2
    Download PDF
    Device Security

    Send Work Orders to AIMS 2

    Table of Contents

    Send Work Orders to AIMS 2

    Send security alerts and vulnerabilities from Device Security as work orders through Cortex XSOAR to AIMS 2.
    Where Can I Use This?What Do I Need?
    • Device Security (Managed by Strata Cloud Manager)
    • (Legacy) IoT Security (Standalone portal)
    One of the following subscriptions:
    • Device Security subscription for an advanced Device Security product (Enterprise Plus, Industrial OT, or Medical)
    • Device Security X subscription
    One of the following Cortex XSOAR setups:
    • A free, cohosted, limited-featured Cortex XSOAR instance
      AND
      A free Cortex XSOAR Engine (on-premises integration)
    • A full-featured Cortex XSOAR server
    After integrating with AIMS 2, you can use Device Security's detection capabilities together with the maintenance management system capabilities that AIMS 2 provides. When you identify a security alert or vulnerability in Device Security that requires action, you can use the Device Security management interface to send a work order to AIMS 2, through Cortex XSOAR. Device Security sends the work order to Cortex XSOAR, which then runs a playbook to create the work order in AIMS 2. Before sending a work order from Device Security to AIMS 2, check that the device associated with the incident has an asset tag. AIMS 2 requires an asset tag to find the device in its database.
    Sending work orders is supported only with the AIMS 2 integration, and not with AIMS 3.

    Strata Cloud Manager

    Send security alerts and vulnerabilities from Device Security in Strata Cloud Manager as work orders through Cortex XSOAR to AIMS.
    1. Log in to Device Security in Strata Cloud Manager and find a device with an asset tag that has a security alert or vulnerability.
      AIMS only accepts work orders for devices that are in its system and that it can identify by its asset tag.
      1. To see which devices have asset tags, click the column picker icon (
        ) to show the Asset Tag column if it’s hidden.
      2. Click the Asset Tag column heading to sort devices alphanumerically by asset tags. (Clicking a second time reverses their order and clicking a third time returns to the default sorting order by data.)
      3. Look among the devices with asset tags for one that’s impacted by a security alert or vulnerability for which you want to create a work order. Those with higher risk scores are likely to have alerts or vulnerabilities associated with them.
      4. Note the device name and the related alert or vulnerability.
    2. Generate a work order in Device Security in Strata Cloud Manager from a security alert or vulnerability and send it to AIMS.
      1. To create a work order for a security alert, click AlertsSecurity Alerts, select the security alert for the impacted device you noted, and then click MoreSend toAIMS.
        or
        To create a work order for a vulnerability, click RisksVulnerabilities, click the name of the vulnerability you noted earlier, select the device name in the Instances column, and then click MoreSend toAIMS.
        The Send to AIMS dialog box appears.
      2. Choose someone to assign the work order to in the Assign to list, choose a severity level in the Priority list, and enter a note in the Add Comments field.
        After you’ve configured these three required settings, the Send button changes from gray to blue, indicating that you can proceed.
      3. Send the work order to AIMS.
        After you click Send, a link appears. When you click it, a new browser window opens to the XSOAR playbook for this action.
      4. To confirm that the work order was sent, click the link to the XSOAR playbook for this action.
        For the link in Device Security to open the corresponding playbook in Cortex XSOAR, you must already be logged in to your XSOAR instance before clicking it.
        The green boxes in the playbook indicate that a particular step was successfully performed. Following the path through the playbook gives you feedback about whether an action was carried out successfully or, if not, where the process changed course.
        Also refresh the Security Alerts or Vulnerability Details page and hover your cursor over the entry in the Last Action column for the alert or the Vulnerability Responses column for the vulnerability instance for which you sent a work order.

    Legacy IoT Security

    Send security alerts and vulnerabilities from the Device Security portal as work orders through Cortex XSOAR to AIMS.
    1. Log in to the Device Security portal and find a device with an asset tag that has a security alert or vulnerability.
      AIMS only accepts work orders for devices that are in its system and that it can identify by its asset tag.
      1. To see which devices have asset tags, click the column picker icon (
        ) to show the Asset Tag column if it’s hidden.
      2. Click the Asset Tag column heading to sort devices alphanumerically by asset tags. (Clicking a second time reverses their order and clicking a third time returns to the default sorting order by data.)
      3. Look among the devices with asset tags for one that’s impacted by a security alert or vulnerability for which you want to create a work order. Those with higher risk scores are likely to have alerts or vulnerabilities associated with them.
      4. Note the device name and the related alert or vulnerability.
    2. Generate a work order in the Device Security portal from a security alert or vulnerability and send it to AIMS.
      1. To create a work order for a security alert, click AlertsSecurity AlertsAll Alerts, select the security alert for the impacted device you noted, and then click MoreSend toAIMS.
        or
        To create a work order for a vulnerability, click VulnerabilitiesVulnerability OverviewAll Vulnerabilities, click the name of the vulnerability you noted earlier, select the device name in the Instances column, and then click MoreSend toAIMS.
        The Send to AIMS dialog box appears.
      2. Choose someone to assign the work order to in the Assign to list, choose a severity level in the Priority list, and enter a note in the Add Comments field.
        After you’ve configured these three required settings, the Send button changes from gray to blue, indicating that you can proceed.
      3. Send the work order to AIMS.
        After you click Send, a link appears. When you click it, a new browser window opens to the XSOAR playbook for this action.
      4. To confirm that the work order was sent, click the link to the XSOAR playbook for this action.
        For the link in Device Security to open the corresponding playbook in Cortex XSOAR, you must already be logged in to your XSOAR instance before clicking it.
        The green boxes in the playbook indicate that a particular step was successfully performed. Following the path through the playbook gives you feedback about whether an action was carried out successfully or, if not, where the process changed course.
        Also refresh the Security Alerts or Vulnerability Details page and hover your cursor over the entry in the Last Action column for the alert or the Vulnerability Responses column for the vulnerability instance for which you sent a work order.

    © 2026 Palo Alto Networks, Inc. All rights reserved.