Integrate with Third-party Systems
IoT Security uses Cortex XSOAR to integrate with third-party
systems.
In addition to coordinating with Palo Alto Networks
next-generation firewalls, IoT Security integrates with third-party
systems, augmenting their inventory, network management, network
security, and vulnerability detection by making them IoT aware and
by gathering device and network data from other sources to enrich
its own inventory and capabilities. IoT Security does this by leveraging Cortex XSOAR technology
to integrate with third-party systems. It uses either a cohosted,
partially featured Cortex XSOAR instance (available at no extra
charge when you purchase an IoT Security Third-party Integrations
Add-on license) or a full-featured, on-premises Cortex XSOAR server.
There’s also a third option for integrating Cortex XSOAR with IoT
Security through its API. In short, there are three options:
- IoT Security with a cohosted, limited-featured Cortex XSOAR instance– This requires the purchase of an IoT Security Third-party Integrations Add-on license, which comes with an automatically generated, cloud-hosted XSOAR module at no extra charge.
- IoT Security with a full-featured Cortex XSOAR server on premises– No add-on license required.The IoT Security FedRAMP Moderate solution must use an on-premises Cortex XSOAR server.
- Cortex XSOAR with access to the IoT Security API
IoT Security with a Cohosted Cortex XSOAR Instance
If you want to integrate IoT Security with third-party
systems but do not have a Cortex XSOAR server, you can buy an IoT
Security Third-party Add-on license. After you activate it, IoT
Security automatically generates a cohosted XSOAR instance with
the functionality necessary to support IoT Security integrations.
When IoT Security communicates with third-party systems, it does
so through the XSOAR instance, which connects with other systems
and runs various jobs such as importing device data into IoT Security
or sending work orders for security alerts and vulnerabilities to
other systems for investigation and remediation.
More information about cohosted Cortex XSOAR instances is available
in Third-party Integrations Using Cohosted XSOAR.
IoT Security with an On-premises Cortex XSOAR Server
If you already have a full-featured Cortex XSOAR server
deployed on premises, you can use that to integrate IoT Security
with third-party systems without needing to buy an add-on license
and use a limited cloud-hosted XSOAR module. For the Cortex XSOAR
server to support IoT Security third-party integrations, you must
install an IoT Security content pack and configure an integration
instance on the XSOAR server. The content pack provides XSOAR with
all the third-party integration instance settings, playbooks, and
jobs that IoT Security requires, and the Palo Alto Networks IoT
3rd Party integration instance allows XSOAR to establish a permanent
web socket connection with the IoT Security application.
The XSOAR server continues to provide the same functionality
it did before it was set up to work with IoT Security. However,
the IoT Security integrations the XSOAR server supports are limited
to those in the content pack you install. The content pack has the
same set of integrations that a cohosted XSOAR instance has with
one exception: you can modify the playbooks for IoT Security integrations
on an XSOAR server but not on a cloud-hosted instance. To be precise,
you can’t modify the playbooks directly, but you can duplicate them, modify
the duplicate playbooks, and then use those on the server, which
is something you can’t do in a cloud-hosted instance.
When integrating IoT Security with third-party systems in a deployment
that must comply with FedRAMP Moderate, you must use a full on-premises
XSOAR server running a vendor-approved FIPS version that complies
with the FIPS 140-2 standard. This option supports all the same
IoT Security integrations as the cohosted version but is FIPS compliant
and does not require the purchase of a third-party integrations
add-on license.
The IoT Security portal (and this guide) refer to this
as an on-premises Cortex XSOAR server, which is a useful way to
distinguish it from a cohosted Cortex XSOAR instance. Nevertheless,
the XSOAR server only needs to be deployed on premises to comply
with FedRAMP regulations. If your deployment doesn’t need to be
FedRAMP compliant, you can deploy the XSOAR server on premises or
in the cloud. In either case, the XSOAR server connects to IoT Security
in the same way.
The setup of an on-premises XSOAR server to work with IoT Security
is described in Third-party Integrations Using On-premises XSOAR.
Cortex XSOAR Using the IoT Security API
If you have a Cortex XSOAR instance and your goal is
to integrate it with IoT Security—for example, to run an automation
or playbook that downloads its inventory of IoT devices—see Palo Alto Networks IoT.
There you can learn the commands to create a direct IoT Security-to-Cortex
XSOAR integration. Note that this is different from the type of
integrations in which IoT Security leverages XSOAR to work with
third-party systems as described in this guide.
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.
