: Integrate with Third-party Systems
Focus
Focus

Integrate with Third-party Systems

Table of Contents

Integrate with Third-party Systems

IoT Security
uses
Cortex XSOAR
to integrate with third-party systems.
In addition to coordinating with Palo Alto Networks next-generation firewalls,
IoT Security
integrates with third-party systems, augmenting their inventory, network management, network security, and vulnerability detection by making them IoT aware and by gathering device and network data from other sources to enrich its own inventory and capabilities.
IoT Security
does this by leveraging
Cortex XSOAR
technology to integrate with third-party systems. It uses either a cohosted, partially featured
Cortex XSOAR
instance (available at no extra charge when you purchase an
IoT Security
Third-party Integrations Add-on license) or a full-featured
Cortex XSOAR
server deployed either on premises or in the cloud. There’s also a third option for integrating
Cortex XSOAR
with
IoT Security
through its API. In short, there are three options:
  • IoT Security
    with a cohosted, limited-featured Cortex XSOAR instance
    – This requires the purchase of an
    IoT Security
    Third-party Integrations Add-on license, which comes with an automatically generated, cloud-hosted
    Cortex XSOAR
    module at no extra charge.
  • IoT Security
    with a full-featured
    Cortex XSOAR
    server
    – No add-on license required.
    The
    IoT Security
    FedRAMP Moderate solution must use a full-featured
    Cortex XSOAR
    server deployed on premises.
  • Cortex XSOAR
    with access to the
    IoT Security
    API

IoT Security
with a Cohosted
Cortex XSOAR
Instance

If you want to integrate
IoT Security
with third-party systems but do not have a
Cortex XSOAR
server, you can buy an IoT Security Third-party Add-on license. After you activate it, IoT Security automatically generates a cohosted
Cortex XSOAR
instance with the functionality necessary to support
IoT Security
integrations. When
IoT Security
communicates with third-party systems, it does so through the XSOAR instance, which connects with other systems and runs various jobs such as importing device data into
IoT Security
or sending work orders for security alerts and vulnerabilities to other systems for investigation and remediation.
More information about cohosted
Cortex XSOAR
instances is available in Third-party Integrations Using Cohosted XSOAR.

IoT Security
with a Full-featured
Cortex XSOAR
Server

If you already have a full-featured
Cortex XSOAR
server deployed on premises or in the cloud, you can use that to integrate
IoT Security
with third-party systems without needing to buy an add-on license and use a limited cloud-hosted
Cortex XSOAR
module. For the
Cortex XSOAR
server to support
IoT Security
third-party integrations, you must install an
IoT Security
content pack and configure an integration instance on the XSOAR server. The content pack provides XSOAR with all the third-party integration instance settings, playbooks, and jobs that
IoT Security
requires, and the Palo Alto Networks IoT 3rd Party integration instance allows XSOAR to establish a permanent web socket connection with the
IoT Security
application.
The
Cortex XSOAR
server continues to provide the same functionality it did before it was set up to work with
IoT Security
. However, the
IoT Security
integrations the XSOAR server supports are limited to those in the content pack you install. The content pack has the same set of integrations that a cohosted XSOAR instance has with one exception: you can modify the playbooks for
IoT Security
integrations on an XSOAR server but not on a cohosted instance. To be precise, you can’t modify the playbooks directly, but you can duplicate them, modify the duplicate playbooks, and then use those on the server, which is something you can’t do in a cloud-hosted instance.
When integrating
IoT Security
with third-party systems in a deployment that must comply with FedRAMP Moderate, you must use a full on-premises XSOAR server running a vendor-approved FIPS version that complies with the FIPS 140-2 standard. This option supports all the same
IoT Security
integrations as the cohosted version but is FIPS compliant and does not require the purchase of a third-party integrations add-on license.
The
IoT Security
portal (and this guide) refer to this as a full-featured
Cortex XSOAR
server, which is a useful way to distinguish it from a cohosted
Cortex XSOAR
instance. Nevertheless, the XSOAR server only needs to be deployed on premises to comply with FedRAMP regulations. If your deployment doesn’t need to be FedRAMP compliant, you can deploy the XSOAR server on premises or in the cloud. In either case, the XSOAR server connects to
IoT Security
in the same way.
The setup of a full-featured XSOAR server to work with
IoT Security
is described in Third-party Integrations Using a Full-featured XSOAR Server.

Cortex XSOAR
Using the
IoT Security
API

If you have a
Cortex XSOAR
instance and your goal is to integrate it with
IoT Security
—for example, to run an automation or playbook that downloads its inventory of IoT devices—see Palo Alto Networks IoT. There you can learn the commands to create a direct
IoT Security
-to-Cortex XSOAR integration. Note that this is different from the type of integrations in which IoT Security leverages XSOAR to work with third-party systems as described in this guide.

Recommended For You