Focus

IoT Security Integration Guide

Set up IoT Security and XSOAR for Nuvolo Integration

Table of Contents

Set up IoT Security and XSOAR for Nuvolo Integration

Set up IoT Security and Cortex XSOAR to integrate with Nuvolo.

To set up IoT Security to integrate through Cortex XSOAR with Nuvolo, you need the following:

The username and password of a user account that allows XSOAR to send device data and security events through the Nuvolo API to the Clinical Devices table you created
The source_key for the data source, which acts as a second factor of authentication for the Nuvolo API
The URL of your Nuvolo instance

Log in to the IoT Security portal and then access Nuvolo settings in Cortex XSOAR.
1. Log in to IoT Security and then click Integrations.
2. Because IoT Security uses XSOAR to integrate with Nuvolo, you must configure settings for the Nuvolo instance in the Cortex XSOAR interface. To access XSOAR, click Launch Cortex XSOAR.
3. Click Settings in the left navigation menu, search for nuvolo to locate it among other instances.
Configure the Nuvolo integration instance.
1. Click the integration instance settings icon (
  
  ) for PANW IoT 3rd Party Nuvolo Integration Instance to open the settings panel.
2. Enter the following and leave other settings at their default values:
  
  Do not change the default integration instance name (PANW IoT 3rd Party Nuvolo Integration Instance). XSOAR jobs for Nuvolo use playbooks that refer to this integration instance name specifically.
  
  Nuvolo Server URL: Enter the URL of the Nuvolo instance.
  
  You must include a slash ( / ) at the end of the Nuvolo server URL; for example: https://ven01234.service-now.com/
  
  Source key: Enter the source key you saved when configuring Nuvolo.
  Username: Enter the username of the user account you created on Nuvolo.
  Password: Enter the password associated with the user account.
  Use single engine: Choose No engine.
3. When finished, click Run test or Test.
  If the test is successful, a Success message appears. If not, check that the settings were entered correctly and then test the configuration again.
4. After the test succeeds, click Save & exit to save your changes and close the settings panel.
To enable the PANW IoT 3rd Party Nuvolo Integration Instance, click Enable.
XSOAR begins an automated process that sends Nuvolo incrementally updated data from IoT Security about changes to device attributes occurring within the last 15 minutes.
Return to the IoT Security portal and check the status of the Nuvolo integration.
XSOAR automatically runs a preconfigured job for Nuvolo integration and reports the integration instance to IoT Security, which displays it on the Integrations page. The integration instance can be in one of the following four states as shown in the Status column on the Integrations page:
- Disabled means that either the integration was configured but intentionally disabled or it was never configured and a job that references it is enabled and running.
- Error means that the integration was configured and enabled but is not functioning properly, possibly due to a configuration error or network condition.
- Inactive means that the integration was configured and enabled but no job has run for at least the past 60 minutes.
- Active means that the integration was configured and enabled and is functioning properly.
When you see that its status has changed from Disabled to Active, the setup of the integration instance is complete.

The status in IoT Security doesn’t change immediately after you enable the instance in XSOAR. IoT Security updates the status when it receives a report back from XSOAR after it successfully runs the next incremental device export job to Nuvolo.
Export the IoT medical device inventory from IoT Security to Nuvolo.
Although regular, automated incremental updates are now in progress, Nuvolo doesn’t yet have a complete medical IoT device inventory from IoT Security. This requires a bulk data export from IoT Security to Nuvolo that you initiate from the XSOAR interface. The process is somewhat time consuming; for example, exporting an inventory of 30,000-40,000 medical IoT devices can take up to 36 hours.
To start a bulk export of the entire medical IoT device inventory, click Launch Cortex XSOAR to return to the XSOAR interface. Click Jobs, select the preconfigured job PANW IoT Bulk Export to Nuvolo, and then click Run now.

During the bulk export and after the job completes, the automated incremental update will continue running every 15 minutes.
Import IoT medical device data from Nuvolo into IoT Security.
Consider importing medical IoT device data from Nuvolo regularly. How often you run this job largely depends on how often there are changes to the medical IoT devices on your network. You might start by running this once a month and then either increase or decrease the frequency as necessary.
Before importing any device data from Nuvolo, Cortex XSOAR gets a list of MAC addresses for all the medical IoT devices in the IoT Security inventory—and IP addresses for any medical IoT devices with a static IP address whose MAC address is unknown to IoT Security. Then, when XSOAR requests device data from Nuvolo, it only requests data for the devices identified in the list.
To start a bulk import of device data from Nuvolo for the medical IoT devices in the IoT Security inventory, click Launch Cortex XSOAR to return to the XSOAR interface. Click Jobs, select the preconfigured job Nuvolo Bulk Importing Device to PANW IoT Cloud, and then click Run now.

During the bulk import and after the job completes, the automated incremental update will continue running every 15 minutes.

Set up Nuvolo for Integration

Send Security Alerts to Nuvolo