Palo Alto Networks Device Security can integrate through Cortex XSOAR with the ServiceNow asset management solution, turning its static inventory into a dynamic one. Device Security forwards your inventory of connected devices directly into ServiceNow to blend in with your existing devices. In addition, you can manually send alerts and vulnerabilities as incidents to ServiceNow for conversion into work orders.

For Device Security to supplement the asset management capabilities of ServiceNow, they must both be monitoring the devices and activities on the same network. So that Device Security can do this, one or more of the next-generation firewalls that protect the network send network data logs to the Palo Alto Networks cloud logging service, which streams metadata from these logs to Device Security. As Device Security analyzes this information, it discovers and identifies devices and tracks behaviors. Device Security also detects device vulnerabilities and generates security alerts when it detects that anomalous network activity has occurred. Through Cortex XSOAR, Device Security then sends ServiceNow details about the device attributes in its inventory. Additionally, from Device Security, you can send ServiceNow any detected vulnerabilities and security alerts as incidents for conversion into work orders.

Integrating with ServiceNow requires either a full-featured Cortex XSOAR™ server or the activation of a Device Security free cohosted Cortex XSOAR instance.