External Integrations
You can integrate Cortex XDR with other security products
of Palo Alto Networks, and of third parties as well.
To aid you with threat investigation,
Cortex
XDR
displays the WildFire-issued
verdict for each Key Artifactin an incident. To provide additional
verification sources, you can integrate external threat intelligenceservice
with Cortex
XDR
which can
then be displayed for each Key Artifactin an incident. Cortex
XDR
supports the following integrations.Integration | Description |
|---|---|
Threat Intelligence | |
WildFire® | Cortex XDR automatically
includes WildFire threat intelligence in incident and alert investigation.
WildFire detects known and unknown threats, such as malware. The
WildFire verdict contains detailed insights into the behavior of
identified threats. The WildFire verdict displays next to relevant Key
Artifacts in the incidents details page. See Review WildFire® Analysis Details for
more information. |
AutoFocus™ | AutoFocus groups conditions and indicators
related to a threat with a tag. Tags can be user-defined
or come from threat-research team publications and are divided into
classes, such as exploit, malware family, and malicious
behavior. See the AutoFocus Administrator’s Guide for
more information on AutoFocus tags. To view AutoFocus tags
in Cortex XDR incidents, you
must obtain the license key for the service and add it to the Cortex XDR Configuration .
When you add the service, the relevant tags display in the incident
details page under Key Artifacts . |
VirusTotal | VirusTotal provides aggregated results from
over 70 antivirus scanners, domain services included in the block
list, and user contributions. The VirusTotal score is represented
as a fraction, where, for example, a score of 34/52 means
out of 52 queried services, 34 services determined the artifact
to be malicious. To view VirusTotal threat intelligence in Cortex XDR incidents, you must obtain
the license key for the service and add it to the Cortex XDR Configuration . When
you add the service, the relevant VirusTotal (VT) score displays
in the incident details page under Key Artifacts . |
Incident Management | |
Cortex XSOAR | Cortex XSOAR enables automated and coordinated
threat response with the ability to adjust and test response playbooks.
When used with Cortex XDR ,
you can manage incidents from the Cortex XSOAR interface and leverage
the Cortex XDR Causality Analytics
Engine and detection capabilities. Changes to one app are reflected
in the other. |
Third-party ticketing systems | To manage incidents from the application
of your choice, you can use the Cortex XDR API Reference to send alerts and alert details to an
external receiver. After you generate your API key and set up the
API to query Cortex XDR ,
external apps can receive incident updates, request additional data
about incidents, and make changes such as to set the status and
change the severity, or assign an owner. To get started, see the . |
Recommended For You
Recommended Videos
Recommended videos not found.
