Set up IoT Security and XSOAR for Nuvolo Integration

Set up IoT Security and Cortex XSOAR to integrate with Nuvolo.
To set up IoT Security to integrate through Cortex XSOAR with Nuvolo, you need the following:
  • The username and password of a user account that allows XSOAR to send device data, security events, and device usage through the Nuvolo API to the Clinical Devices table you created
  • The source_key for the data source, which acts as a second factor of authentication for the Nuvolo API
  • The URL of your Nuvolo instance
  1. Log in to the IoT Security portal and then access Nuvolo settings in Cortex XSOAR.
    1. Log in to IoT Security and then click
      Integrations
      .
    2. Because IoT Security uses XSOAR to integrate with Nuvolo, you must configure settings for the Nuvolo instance in the Cortex XSOAR interface. To access XSOAR, click
      Launch Cortex XSOAR
      .
    3. Click
      Settings
      in the left navigation menu, search for
      nuvolo
      to locate it among other instances.
  2. Configure the Nuvolo integration instance.
    1. Click the integration instance settings icon ( ) for PANW IoT 3rd Party Nuvolo Integration Instance to open the settings panel.
    2. Enter the following and leave other settings at their default values:
      Do not change the default integration instance name (PANW IoT 3rd Party Nuvolo Integration Instance). XSOAR jobs for Nuvolo use playbooks that refer to this integration instance name specifically
      Nuvolo Server URL
      : Enter the URL of the Nuvolo instance.
      You must include a slash ( / ) at the end of the Nuvolo server URL; for example: https://ven01234.service-now.com/
      Source key
      : Enter the source key you saved when configuring Nuvolo.
      Username
      : Enter the username of the user account you created on Nuvolo.
      Password
      : Enter the password associated with the user account.
      Use single engine
      : Choose
      No engine
      .
    3. When finished, click
      Run test
      or
      Test
      .
      If the test is successful, a Success message appears. If not, check that the settings were entered correctly and then test the configuration again.
    4. After the test succeeds, click
      Save & exit
      to save your changes and close the settings panel.
  3. To enable the PANW IoT 3rd Party Nuvolo Integration Instance, click
    Enable
    .
    XSOAR begins an automated process that sends Nuvolo incrementally updated data from IoT Security about changes to device attributes occurring within the last 15 minutes.
  4. Return to the IoT Security portal and check the status of the Nuvolo integration.
    When you see that its status has changed from
    Disabled
    to
    Active
    , the IoT Security/Cortex XSOAR setup is complete.
    The status in IoT Security doesn’t change immediately after you enable the instance in XSOAR. IoT Security updates the status when it receives a report back from XSOAR after it successfully runs the next incremental device export job to Nuvolo.
  5. Export the IoT medical device inventory from IoT Security to Nuvolo.
    Although regular, automated incremental updates are now in progress, Nuvolo doesn’t yet have a complete medical IoT device inventory from IoT Security. This requires a bulk data export from IoT Security to Nuvolo that you initiate from the XSOAR interface. The process is somewhat time consuming; for example, exporting an inventory of 30,000-40,000 medical IoT devices can take up to 36 hours.
    To start the bulk export of the entire medical IoT device inventory, click
    Launch Cortex Access
    to return to the XSOAR interface. Click
    Jobs
    , select
    PANW IoT Bulk Export to Nuvolo
    , and then click
    Run now
    .
    During the bulk export and after the job completes, the automated incremental update will continue running every 15 minutes.

Recommended For You