Palo Alto Networks IoT Security can integrate through Cortex XSOAR with the ServiceNow asset management solution, turning its static inventory into a dynamic one. IoT Security forwards your inventory of connected devices directly into ServiceNow to blend in with your existing devices. In addition, it automatically sends security alerts and vulnerabilities as incidents to ServiceNow for conversion into work orders. You can manually send alerts and vulnerabilities as well.

For IoT Security to supplement the asset management capabilities of ServiceNow, they must both be monitoring the devices and activities on the same network. So that IoT Security can do this, one or more of the next-generation firewalls that protect the network send network data logs to the Palo Alto Networks cloud logging service, which streams metadata from these logs to IoT Security. As IoT Security analyzes this information, it discovers and identifies devices and tracks behaviors. IoT Security also detects device vulnerabilities and generates security alerts when it detects that anomalous network activity has occurred. Through Cortex XSOAR, IoT Security then sends ServiceNow details about the device attributes in its inventory. Additionally, IoT Security sends ServiceNow any detected vulnerabilities and security alerts as incidents for conversion into work orders.

Integrating with ServiceNow requires either a full-featured Cortex XSOAR server or the purchase and activation of an IoT Security third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for ServiceNow. The advanced plan includes a license for all supported third-party integrations.