>
    Strata Copilot
    Activate a Third-party Integrations Cortex XSOAR
    Focus
    Download PDF
    Focus
    1. Home
    2. Device Security
    3. Device Security Integration Guide
    4. Get Started with Device Security Integrations
    5. Activate a Third-party Integrations Cortex XSOAR
    Download PDF
    Device Security

    Activate a Third-party Integrations Cortex XSOAR

    Table of Contents

    Activate a Third-party Integrations Cortex XSOAR

    Activate a Device Security Third-party Integrations Cortex XSOAR for Device Security to integrate with third-party solutions.
    Where Can I Use This?What Do I Need?
    • Device Security (Managed by Strata Cloud Manager)
    • (Legacy) IoT Security (Standalone portal)
    One of the following subscriptions:
    • Device Security subscription for an advanced Device Security product (Enterprise Plus, Industrial OT, or Medical)
    • Device Security X subscription
    One of the following Cortex XSOAR setups:
    • A free, cohosted, limited-featured Cortex XSOAR instance
    • A full-featured Cortex XSOAR server
    Integrating with a third-party solution requires either the use of a full-featured Cortex XSOAR or the activation of a free Device Security cloud-based, cohosted, limited Cortex XSOAR instance. Regardless of which Cortex XSOAR you have, Device Security provides access to all supported integrations.

    Device Security with a Cohosted Cortex XSOAR Instance

    If you want to integrate Device Security with third-party systems but don't have a full-featured Cortex XSOAR server, you can activate a free, limited, cohosted Cortex XSOAR through Device Security. After you activate it, IoT Security automatically generates a cohosted Cortex XSOAR instance with the functionality necessary to support Device Security integrations. When Device Security communicates with third-party systems, it does so through the Cortex XSOAR instance, which connects with other systems and runs various jobs such as importing device data into Device Security or sending work orders for security alerts and vulnerabilities to other systems for investigation and remediation.
    More information about cohosted Cortex XSOAR instances is available at Third-party Integrations Using Cohosted XSOAR.
    1. Log in to Device Security in Strata Cloud Manager.
      The free, cohosted Cortex XSOAR is exclusive to Device Security in Strata Cloud Manager. If you still access the Legacy IoT Security portal, take advantage of this opportunity to familiarize yourself with Device Security in Strata Cloud Manager.
    2. Navigate to IntegrationsIntegration Management.
    3. Click Initialize XSOAR.
      The first time you initialize the cohosted Cortex XSOAR, Device Security automatically creates the instance and associates it with your Device Security tenant.
    4. Access your Cortex XSOAR from IntegrationsIntegration Management, clicking Manage Integrations, and then clicking Launch Cortex XSOAR.

    Cortex XSOAR Using the Device Security API

    If you have a Cortex XSOAR instance and your goal is to integrate it with Device Security—for example, to run an automation or playbook that downloads its inventory of IoT devices—see Palo Alto Networks IoT. There you can learn the commands to create a direct Device Security-to-Cortex XSOAR integration. Note that this is different from the type of integrations in which Device Security leverages XSOAR to work with third-party systems as described in this guide.

    © 2026 Palo Alto Networks, Inc. All rights reserved.