Set up Nuvolo for Integration
Set up Nuvolo for integration with IoT Security through
Cortex XSOAR.
Nuvolo is preconfigured with most of what
you need to integrate with IoT Security. The following steps explain
what you need to do to complete the Nuvolo configuration.
- Contact Nuvolo and request the creation of a user account to access the Nuvolo API.Because Nuvolo is an application that runs on the ServiceNow platform, only users with ServiceNow administrative rights can create users. The user account selected here must not have any roles or permissions granted to it.
- Log in to Nuvolo as a user with the system admin role, navigate to the EAM Queue module, and then click .
- In the list of data sources, click thePalo Alto Networksrecord to open it.
The Palo Alto Networks Data Source record appears with empty Company and Account fields.
- Click theLookup using listicon (
) next to the Company field to
create or select the company vendor record for Palo Alto Networks. - Click theLookup using listicon (
) next to the Account field to
select the user account record created for API access.
- After you make the company and account selections, clickUpdate.
- Retrieve the source key for the data source record and record its value.To retrieve the value, enter the OT Cyber Security section, navigate to , right-clickPalo Alto Networks, and then clickCopy sys_idin the pop-up menu that appears.
This copies the value to your computer’s clipboard. You will later enter this value in the Source Key field in Cortex XSOAR when configuring a Nuvolo instance. - Link IoT Security-sourced data with Nuvolo assets.To accomplish this critical element in the integration, configure Nuvolo to use the MAC address or serial number key fields in the key/data pairs it receives from IoT Security in its discovery and security queues. In the EAM Queue section, click , enter the following, and then clickSubmit:Table Name:Clinical Devices [x_nuvo_eam_clinical_devices]Field Name:MAC AddressKey Name:Mac Address(This must be an exact match for the key name that XSOAR sends.)Data Source:Palo Alto NetworksQueue Type:Discovery Queue [x_nuvo_eam_discovery_queue]
- Repeat the previous step three more times to create a total of four key field mappings with the following settings:Table NameField NameKey NameData SourceQueue TypeClinical Devices [x_nuvo_eam_clinical_devices]MAC AddressMac AddressPalo Alto NetworksDiscovery Queue [x_nuvo_discovery_queue]Clinical Devices [x_nuvo_eam_clinical_devices]Serial NumberSerial NumberPalo Alto NetworksDiscovery Queue [x_nuvo_discovery_queue]Clinical Devices [x_nuvo_eam_clinical_devices]MAC AddressMac AddressPalo Alto NetworksSecurity Queue [x_nuvo_security_queue]Clinical Devices [x_nuvo_eam_clinical_devices]Serial NumberSerial NumberPalo Alto NetworksSecurity Queue [x_nuvo_security_queue]Nuvolo provides several predefined action scripts specifically for IoT Security:
- The scripts in theDiscovery Queueadd new IoT Security-discovered devices to the asset inventory in Nuvolo and update existing assets with IoT Security-provided details. The two action scripts in the Discovery Queue that add devices and update assets are titledPalo Alto Networks – Create Device and Palo Alto Networks – Update device automatically if identified by trusted identifier.To see newly added and updated assets in the Nuvolo interface, click .
- The action script in the Security Queue is titledPalo Alto Networks – Create Alert, map devices, & create WOs.To see alerts and vulnerabilities sent to Nuvolo from IoT Security, click .To see work orders for security events sent from IoT Security, click .
