IoT Security
Activate a Third-party Integrations Add-on
Table of Contents
Activate a Third-party Integrations Add-on
Activate an IoT Security Third-party Integrations Add-on license for
IoT Security to integrate with third-party solutions.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of the following Cortex XSOAR setups:
|
Integrating with a third-party solution requires either the use of a full-featured
Cortex XSOAR or
the purchase of an IoT Security third-party integrations add-on license. There
are two license options: basic and advanced. The basic integration plan includes a
license for any three supported integrations of your choice. The advanced plan
includes a license for
all supported integrations.
IoT Security with a Cohosted Cortex XSOAR Instance
If you want to integrate IoT Security with third-party systems but do not have a Cortex XSOAR server, you can buy an IoT Security Third-party Add-on license.
After you activate it, IoT Security automatically generates a cohosted Cortex XSOAR instance with the functionality necessary to support IoT Security integrations. When IoT Security communicates with
third-party systems, it does so through the XSOAR instance, which connects with
other systems and runs various jobs such as importing device data into IoT Security or sending work orders for security alerts and vulnerabilities to
other systems for investigation and remediation.
More information about cohosted Cortex XSOAR instances is available
in Third-party Integrations Using Cohosted XSOAR.
IoT Security with a Full-featured Cortex XSOAR Server
If you already have a full-featured Cortex XSOAR server deployed on premises or in the
cloud, you can use that to integrate IoT Security with third-party systems
without needing to buy an add-on license and use a limited cloud-hosted Cortex XSOAR module. For the Cortex XSOAR server to support IoT Security third-party integrations, you must install an IoT Security
content pack and configure an integration instance on the XSOAR server. The content
pack provides XSOAR with all the third-party integration instance settings,
playbooks, and jobs that IoT Security requires, and the Palo Alto Networks IoT
3rd Party integration instance allows XSOAR to establish a permanent web socket
connection with the IoT Security application.
The Cortex XSOAR server continues to provide the same functionality it did before it was
set up to work with IoT Security. However, the IoT Security integrations
the XSOAR server supports are limited to those in the content pack you install. The
content pack has the same set of integrations that a cohosted XSOAR instance has
with one exception: you can modify the playbooks for IoT Security integrations
on an XSOAR server but not on a cohosted instance. To be precise, you can’t modify
the playbooks directly, but you can duplicate them, modify the duplicate playbooks,
and then use those on the server, which is something you can’t do in a cloud-hosted
instance.
When integrating IoT Security with third-party systems in a deployment
that must comply with FedRAMP Moderate, you must use a full on-premises
XSOAR server running a vendor-approved FIPS version that complies
with the FIPS 140-2 standard. This option supports all the same
IoT Security integrations as the cohosted version but is FIPS compliant
and does not require the purchase of a third-party integrations
add-on license.
The IoT Security portal (and this guide) refer to this as a full-featured Cortex XSOAR server,
which is a useful way to distinguish it from a cohosted Cortex XSOAR instance.
Nevertheless, the XSOAR server only needs to be deployed on premises to comply
with FedRAMP regulations. If your deployment doesn’t need to be FedRAMP
compliant, you can deploy the XSOAR server on premises or in the cloud. In
either case, the XSOAR server connects to IoT Security in the same way.
The setup of a full-featured XSOAR server to work with IoT Security is
described in
Third-party Integrations Using a Full-featured XSOAR Server.
Cortex XSOAR Using the IoT Security API
If you have a Cortex XSOAR instance and your goal is
to integrate it with IoT Security—for example, to run an automation
or playbook that downloads its inventory of IoT devices—see Palo Alto Networks IoT.
There you can learn the commands to create a direct IoT Security-to-Cortex
XSOAR integration. Note that this is different from the type of
integrations in which IoT Security leverages XSOAR to work with
third-party systems as described in this guide.
Activate the Third-party Integrations Add-on License
After
purchasing either the basic or advanced third-party integrations
add-on, you must then activate it to make integration options visible
in the IoT Security portal.
- To activate the IoT Security Third-party Integrations Add-on license, start the onboarding process from the email message you received from Palo Alto Networks.After purchasing the license, you receive an email message with an activation link. Click Activate to begin the onboarding process to activate your license.
- Select IoT Security Third-party Integrations Add-on for activation.When you reach the step in the onboarding process to select which products to activate, make sure IoT Security Third-party Integrations Add-on is selected, click Start Activation, and continue the process.
If you purchased the basic plan, this installs a license enabling up to three third-party integrations on your IoT Security tenant. If you purchased the advanced plan, this installs a license enabling the use of all supported third-party integrations.
