: Set up Nuvolo for Integration
Focus
Focus

Set up Nuvolo for Integration

Table of Contents

Set up Nuvolo for Integration

Set up Nuvolo for integration with
IoT Security
through
Cortex XSOAR
.
Nuvolo is preconfigured with most of what you need to integrate with
IoT Security
. The following steps explain what you need to do to complete the Nuvolo configuration.
  1. Contact Nuvolo and request the creation of a user account to access the Nuvolo API.
    Because Nuvolo is an application that runs on the ServiceNow platform, only users with ServiceNow administrative rights can create users. The user account selected here must not have any roles or permissions granted to it.
  2. Log in to Nuvolo as a user with the system admin role, navigate to the EAM Queue module, and then click
    Administration
    Data Source
    .
  3. In the list of data sources, click the
    Palo Alto Networks
    record to open it.
    The Palo Alto Networks Data Source record appears with empty Company and Account fields.
  4. Click the
    Lookup using list
    icon ( ) next to the Company field to create or select the company vendor record for Palo Alto Networks.
  5. Click the
    Lookup using list
    icon ( ) next to the Account field to select the user account record created for API access.
  6. After you make the company and account selections, click
    Update
    .
  7. Retrieve the source key for the data source record and record its value.
    To retrieve the value, enter the OT Cyber Security section, navigate to
    Administration
    Data Source
    , right-click
    Palo Alto Networks
    , and then click
    Copy sys_id
    in the pop-up menu that appears.
    This copies the value to your computer’s clipboard. You will later enter this value in the Source Key field in
    Cortex XSOAR
    when configuring a Nuvolo instance.
  8. Link
    IoT Security
    -sourced data with Nuvolo assets.
    To accomplish this critical element in the integration, configure Nuvolo to use the MAC address or serial number key fields in the key/data pairs it receives from
    IoT Security
    in its discovery and security queues. In the EAM Queue section, click
    Administration
    Key Field Mapping
    New
    , enter the following, and then click
    Submit
    :
    Table Name
    :
    Clinical Devices [x_nuvo_eam_clinical_devices]
    Field Name
    :
    MAC Address
    Key Name
    :
    Mac Address
    (This must be an exact match for the key name that XSOAR sends.)
    Data Source
    :
    Palo Alto Networks
    Queue Type
    :
    Discovery Queue [x_nuvo_eam_discovery_queue]
  9. Repeat the previous step three more times to create a total of four key field mappings with the following settings:
    Table Name
    Field Name
    Key Name
    Data Source
    Queue Type
    Clinical Devices [x_nuvo_eam_clinical_devices]
    MAC Address
    Mac Address
    Palo Alto Networks
    Discovery Queue [x_nuvo_discovery_queue]
    Clinical Devices [x_nuvo_eam_clinical_devices]
    Serial Number
    Serial Number
    Palo Alto Networks
    Discovery Queue [x_nuvo_discovery_queue]
    Clinical Devices [x_nuvo_eam_clinical_devices]
    MAC Address
    Mac Address
    Palo Alto Networks
    Security Queue [x_nuvo_security_queue]
    Clinical Devices [x_nuvo_eam_clinical_devices]
    Serial Number
    Serial Number
    Palo Alto Networks
    Security Queue [x_nuvo_security_queue]
    Nuvolo provides several predefined action scripts specifically for
    IoT Security
    :
    • The scripts in the
      Discovery Queue
      add new
      IoT Security
      -discovered devices to the asset inventory in Nuvolo and update existing assets with
      IoT Security
      -provided details. The two action scripts in the Discovery Queue that add devices and update assets are titled
      Palo Alto Networks – Create Device and Palo Alto Networks – Update device automatically if identified by trusted identifier
      .
      To see newly added and updated assets in the Nuvolo interface, click
      Clinical Asset Management
      Inventory
      Devices
      .
    • The action script in the Security Queue is titled
      Palo Alto Networks – Create Alert, map devices, & create WOs
      .
      To see alerts and vulnerabilities sent to Nuvolo from
      IoT Security
      , click
      OT Cyber Security
      Queue Management
      Security Queue
      .
      To see work orders for security events sent from
      IoT Security
      , click
      Clinical Asset Management
      Work Orders
      All
      .

Recommended For You