Set up Nuvolo for Integration

Set up Nuvolo for integration with IoT Security through Cortex XSOAR.
Nuvolo is preconfigured with most of what you need to integrate with IoT Security. The following steps explain what you need to do to complete the Nuvolo configuration.
  1. Contact Nuvolo and request the creation of a user account to access the Nuvolo API.
    Because Nuvolo is an application that runs on the ServiceNow platform, only users with ServiceNow administrative rights can create users. The user account selected here must not have any roles or permissions granted to it.
  2. Log in to Nuvolo as a user with the system admin role, navigate to the EAM Queue module, and then click
    Administration
    Data Source
    .
  3. In the list of data sources, click the
    Palo Alto Networks
    record to open it.
    The Palo Alto Networks Data Source record appears with empty Company and Account fields.
  4. Click the
    Lookup using list
    icon ( ) next to the Company field to create or select the company vendor record for Palo Alto Networks.
  5. Click the
    Lookup using list
    icon ( ) next to the Account field to select the user account record created for API access.
  6. After you make the company and account selections, click
    Update
    .
  7. Retrieve the source key for the data source record and record its value.
    To retrieve the value, enter the OT Cyber Security section, navigate to
    Administration
    Data Source
    , right-click
    Palo Alto Networks
    , and then click
    Copy sys_id
    in the pop-up menu that appears.
    This copies the value to your computer’s clipboard. You will later enter this value in the Source Key field in Cortex XSOAR when configuring a Nuvolo instance.
  8. Link IoT Security-sourced data with Nuvolo assets.
    To accomplish this critical element in the integration, configure Nuvolo to use the MAC address or serial number key fields in the key/data pairs it receives from IoT Security in its discovery, security, and asset metrics queues. In the EAM Queue section, click
    Administration
    Key Field Mapping
    New
    , enter the following, and then click
    Submit
    :
    Table Name
    :
    Clinical Devices [x_nuvo_eam_clinical_devices]
    Field Name
    :
    MAC Address
    Key Name
    :
    Mac Address
    (This must be an exact match for the key name that XSOAR sends.)
    Data Source
    :
    Palo Alto Networks
    Queue Type
    :
    Discovery Queue [x_nuvo_eam_discovery_queue]
  9. Repeat the previous step five more times to create a total of six key field mappings with the following settings:
    Table Name
    Field Name
    Key Name
    Data Source
    Queue Type
    Clinical Devices [x_nuvo_eam_clinical_devices]
    MAC Address
    Mac Address
    Palo Alto Networks
    Discovery Queue [x_nuvo_discovery_queue]
    Clinical Devices [x_nuvo_eam_clinical_devices]
    Serial Number
    Serial Number
    Palo Alto Networks
    Discovery Queue [x_nuvo_discovery_queue]
    Clinical Devices [x_nuvo_eam_clinical_devices]
    MAC Address
    Mac Address
    Palo Alto Networks
    Security Queue [x_nuvo_security_queue]
    Clinical Devices [x_nuvo_eam_clinical_devices]
    Serial Number
    Serial Number
    Palo Alto Networks
    Security Queue [x_nuvo_security_queue]
    Clinical Devices [x_nuvo_eam_clinical_devices]
    MAC Address
    Mac Address
    Palo Alto Networks
    Asset Metrics Queue [x_nuvo_utilization_queue]
    Clinical Devices [x_nuvo_eam_clinical_devices]
    Serial Number
    Serial Number
    Palo Alto Networks
    Asset Metrics Queue [x_nuvo_utilization_queue]
    Nuvolo provides several predefined action scripts specifically for IoT Security:
    • The scripts in the
      Discovery Queue
      add new IoT Security-discovered devices to the asset inventory in Nuvolo and update existing assets with IoT Security-provided details. The two action scripts in the Discovery Queue that add devices and update assets are titled
      Palo Alto Networks – Create Device and Palo Alto Networks – Update device automatically if identified by trusted identifier
      .
      To see newly added and updated assets in the Nuvolo interface, click
      Clinical Asset Management
      Inventory
      Devices
      .
    • The action script in the Security Queue is titled
      Palo Alto Networks – Create Alert, map devices, & create WOs
      .
      To see alerts and vulnerabilities sent to Nuvolo from IoT Security, click
      OT Cyber Security
      Queue Management
      Security Queue
      .
      To see work orders for security events sent from IoT Security, click
      Clinical Asset Management
      Work Orders
      All
      .
    • The script in the
      Asset Metrics Queue
      adds utilization metrics to an asset if its MAC address or serial number matches that of the device whose utilization metrics IoT Security reports. The action script in the Asset Metrics Queue is titled
      Palo Alto Networks – Create Device Metrics
      .
      To see this information in the Nuvolo interface, click
      Clinical Asset Management
      Inventory
      Devices
      and click the asset tag link to open a device details page. Scroll down and click the
      Performance
      tab where you can see detailed information about the uptime and downtime of a device.

Recommended For You