Integrate with Third-party Systems

IoT Security uses Cortex XSOAR to integrate with third-party systems.
In addition to coordinating with Palo Alto Networks next-generation firewalls, IoT Security also integrates with third-party systems, augmenting inventory, network management, network security, and vulnerability detection by making them IoT aware. This requires the purchase and activation of an IoT Security third-party integrations add-on.
After you activate the add-on through the onboarding workflow, a limited, cloud-hosted Cortex XSOAR instance is generated exclusively to support third-party integrations included in the add-on. Even if you already have a full-featured XSOAR instance, the instance generated during the onboarding workflow is the one that IoT Security uses. There is no extra charge for this dedicated XSOAR instance, which supports add-on integrations with the following third-party systems:
When integrating IoT Security with one of the third-party systems, you’ll use the interface of the dedicated XSOAR instance to configure this side of the integration and the user interface of the remote system to configure the other side. The XSOAR interface has been scaled down to just those features and settings essential for IoT Security to integrate with these other systems. To access the XSOAR interface, log in to the IoT Security portal, open the Integrations page, and then click
Launch Cortex XSOAR
. Due to the automatic authentication mechanism that occurs between IoT Security and XSOAR when you click this link, it’s the only way to access the interface of your XSOAR instance.
If you do not see all available third-party integrations in the Cortex XSOAR interface, it's possible that your XSOAR instance hasn't been updated with the latest content pack. Content packs include code changes to the jobs and playbooks of existing integrations as well as additional new third-party integrations. To get the latest XSOAR content pack, log in to your Customer Support Portal account and create a case with your request.
Some integrations such as ServiceNow, Nuvolo, and Qualys occur completely in the cloud, from the IoT Security cloud through Cortex XSOAR to the third-party cloud. Others such as Cisco ISE, SIEM, and Aruba ClearPass occur both in the cloud and on premises. The IoT Security cloud sends data to Cortex XSOAR, which forwards it to an XSOAR engine installed on a VM on premises. The XSOAR engine then forwards the data across the network to a third-party server that’s also on premises.
After configuring and enabling individual integrations, various settings become available for use in the IoT Security portal. For example, options to quarantine a device and release a previously quarantined device only appear after you configure a third-party integration with a network access control (NAC) solution such as Cisco ISE and enable it.
If you have a full-featured Cortex XSOAR instance and your goal is to integrate it with IoT Security—for example, to run an automation or playbook that downloads its inventory of IoT devices—see Palo Alto Networks IoT. There you can learn the commands to create a direct IoT Security-to-Cortex XSOAR integration. However, this is different from the type of integrations in which IoT Security leverages XSOAR to work with third-party systems as described in this guide. A separately purchased XSOAR instance is not involved with IoT Security third-party integrations. IoT Security only uses the special XSOAR instance that’s automatically generated when the IoT Security Third-party Integrations Add-on is activated.

Recommended For You