Third-party Integrations Using a Full-featured XSOAR Server
Table of Contents
Expand all | Collapse all
-
- Integrate IoT Security with AIMS
- Set up AIMS for Integration
- Set up IoT Security and XSOAR for AIMS Integration
- Send Work Orders to AIMS
- Integrate IoT Security with Microsoft SCCM
- Set up Microsoft SCCM for Integration
- Set up IoT Security and XSOAR for SCCM Integration
- Integrate IoT Security with Nuvolo
- Set up Nuvolo for Integration
- Set up IoT Security and XSOAR for Nuvolo Integration
- Send Security Alerts to Nuvolo
- Send Vulnerabilities to Nuvolo
- Integrate IoT Security with ServiceNow
- Set up ServiceNow for Integration
- Set up IoT Security and XSOAR for ServiceNow Integration
- Send Security Alerts to ServiceNow
- Send Vulnerabilities to ServiceNow
-
- Integrate IoT Security with Cortex XDR
- Set up Cortex XDR for Integration
- Set up IoT Security and XSOAR for XDR Integration
- Integrate IoT Security with CrowdStrike
- Set up CrowdStrike for Integration
- Set up IoT Security and XSOAR for CrowdStrike Integration
- Integrate IoT Security with Microsoft Defender XDR
- Set up Microsoft Defender XDR for Integration
- Set up IoT Security and Cortex XSOAR for Microsoft Defender XDR Integration
- Integrate IoT Security with Tanium
- Set up Tanium for Integration
- Set up IoT Security and XSOAR for Tanium Integration
-
- Integrate IoT Security with Aruba AirWave
- Set up Aruba AirWave for Integration
- Set up IoT Security and Cortex XSOAR for Aruba AirWave Integration
- View Device Location Information
- Integrate IoT Security with Aruba Central
- Set up Aruba Central for Integration
- Set up IoT Security and XSOAR for Aruba Central Integration
- Integrate IoT Security with Cisco DNA Center
- Set up Cisco DNA Center to Connect with XSOAR Engines
- Set up IoT Security and XSOAR for DNA Center Integration
- Integrate IoT Security with Cisco Meraki Cloud
- Set up Cisco Meraki Cloud for Integration
- Set up IoT Security and XSOAR for Cisco Meraki Cloud
- Integrate IoT Security with Cisco Prime
- Set up Cisco Prime to Accept Connections from IoT Security
- Set up IoT Security and XSOAR for Cisco Prime Integration
- Integrate IoT Security with Network Switches for SNMP Discovery
- Set up IoT Security and Cortex XSOAR for SNMP Discovery
- Integrate IoT Security with Switches for Network Discovery
- Set up IoT Security and Cortex XSOAR for Network Discovery
-
- Integrate IoT Security with Aruba WLAN Controllers
- Set up Aruba WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Aruba WLAN Controllers
- Integrate IoT Security with Cisco WLAN Controllers
- Set up Cisco WLAN Controllers for Integration
- Set up IoT Security and XSOAR for Cisco WLAN Controllers
-
- Integrate IoT Security with Aruba ClearPass
- Set up Aruba ClearPass for Integration
- Set up IoT Security and XSOAR for ClearPass Integration
- Put a Device in Quarantine Using Aruba ClearPass
- Release a Device from Quarantine Using Aruba ClearPass
- Integrate IoT Security with Cisco ISE
- Set up Cisco ISE to Identify IoT Devices
- Set up Cisco ISE to Identify and Quarantine IoT Devices
- Configure ISE Servers as an HA Pair
- Set up IoT Security and XSOAR for Cisco ISE Integration
- Put a Device in Quarantine Using Cisco ISE
- Release a Device from Quarantine Using Cisco ISE
- Apply Access Control Lists through Cisco ISE
- Integrate IoT Security with Cisco ISE pxGrid
- Set up Integration with Cisco ISE pxGrid
- Put a Device in Quarantine Using Cisco ISE pxGrid
- Release a Device from Quarantine Using Cisco ISE pxGrid
- Integrate IoT Security with Forescout
- Set up Forescout for Integration
- Set up IoT Security and XSOAR for Forescout Integration
- Put a Device in Quarantine Using Forescout
- Release a Device from Quarantine Using Forescout
-
- Integrate IoT Security with Qualys
- Set up QualysGuard Express for Integration
- Set up IoT Security and XSOAR for Qualys Integration
- Perform a Vulnerability Scan Using Qualys
- Get Vulnerability Scan Reports from Qualys
- Integrate IoT Security with Rapid7
- Set up Rapid7 InsightVM for Integration
- Set up IoT Security and XSOAR for Rapid7 Integration
- Perform a Vulnerability Scan Using Rapid7
- Get Vulnerability Scan Reports from Rapid7
- Integrate IoT Security with Tenable
- Set up Tenable for Integration
- Set up IoT Security and XSOAR for Tenable Integration
- Perform a Vulnerability Scan Using Tenable
- Get Vulnerability Scan Reports from Tenable
Third-party Integrations Using a Full-featured XSOAR Server
Set up a full-featured Cortex XSOAR server for IoT Security integration
with third-party solutions.
IoT Security can integrate with third-party systems through a full on-premises or
cloud-hosted Cortex XSOAR server running Cortex XSOAR version 6.8–6.12 and 8.0 (Cortex XSOAR NG). This option
supports the same IoT Security integrations as the cohosted version but
doesn’t require the purchase of an IoT Security Third-party Integrations
Add-on license. In addition, the full-featured Cortex XSOAR product allows
you to create and modify third-party integration playbooks, unlike the cohosted,
purpose-built XSOAR service, which has preconfigured playbooks that can't be
modified.
The following instructions for setting up IoT Security and a full-featured XSOAR server
assume that you’ve already installed an XSOAR server on your network
or in the cloud and that you are now preparing it to provide third-party integration
opportunities for IoT Security. IoT Security supports third-party
integrations through XSOAR servers running Cortex XSOAR version 6.8–6.12 and
version 8.0 (Cortex XSOAR NG).
For FedRAMP compliance, the on-premises XSOAR server must be running a vendor-approved FIPS version that complies with the
FIPS 140-2 standard.
- Choose a Cortex XSOAR server for IoT Security to use for third-party integrations.
- Log in to the IoT Security portal, select Integrations.If you have not bought and activated an IoT Security Third-Party Integrations Add-on license, two options appear on the Integrations page.
- Select Integrate through a full-featured Cortex XSOAR server and then Save.IoT Security takes a few minutes to prepare to use a Cortex XSOAR server for third-party integrations. When done, the Integrations page changes to show XSOAR installation settings and a list of the steps for setting up third-party integrations through a full-featured XSOAR server.After you save your selection, a button appears in the upper right of the page: Switch integration methods. If you have both a full-featured Cortex XSOAR server and an IoT Security Third-party Integrations Add-on license, you can switch between the XSOAR server and the cohosted XSOAR instance. However, you can only use one method at a time.
Download the IoT Security Content Pack.On the Integrations page, download the IoT Security content pack as a .zip file.Do not download and attempt to use the IoT Security content pack from the Cortex XSOAR marketplace. It isn't current and doesn't support all the third-party integrations that the content pack available from the IoT Security portal does. Only download and use the content pack from the IoT Security portal.Create an API access key and then download the key and key ID.If you have the text file for a currently active API access key, you can use that instead of creating a new API access key.- On the Integrations page in IoT Security, click Create under API Access Key.
- In the Create Access Key dialog box, click Create again.
- In the Access Key Created dialog box, Download the access key and key ID as a text file.
Copy the IoT Security tenant URL.Configure the Cortex XSOAR server.Log in to the Cortex XSOAR server, upload the content pack, and use your IoT Security tenant URL, API access key, and key ID to configure the "Palo Alto Networks IoT 3rd Party" integration instance.- Log in to the XSOAR server using credentials for a user account with administrator privileges, which let you upload the IoT Security content pack.
- Cortex XSOAR version 6.8–6.12 Because the IoT Security content pack is
not provided by Cortex XSOAR, set content pack verification
to false. Select SettingsAboutTroubleshooting, enter false in the
content.pack.verify field in the Server Configuration
section, and then Save.orCortex XSOAR version 8.0 Because IoT Security provides the content pack instead of Cortex XSOAR, it cannot be verified. Therefore, to upload it without a verification check, select Settings & InfoServer Settings and then either drag-and-drop the content pack file onto Upload custom content in the Custom Content section or browse to the content pack file and upload it.
- Cortex XSOAR version 6.8–6.12 On the XSOAR server, navigate to the Marketplace, click the three vertical dots icon in the upper right, and then Upload Content Packs.
- Cortex XSOAR version 6.8–6.12 Select the previously downloaded IoT Security content pack for XSOAR to upload and install.
- Select Settings, search for palo alto networks iot 3rd party, and then click Add instance to open the settings panel.
- Enter the following and leave other settings at their default values:Name: Use the default name (Palo Alto Networks IoT 3rd Party_instance_1) or enter a new one.IoT Security Tenant URL: Copy this from the Integrations page in IoT Security and paste it here.Access Key: Copy this from the API access key file you downloaded and paste it here.Key ID: Copy this from the API access key file you downloaded and paste it here.Long running instance: (select; this maintains a session between the XSOAR server and IoT Security, using a regular heartbeat mechanism to monitor connectivity)Single engine: Choose No engine.
- Test the integration instance settings.When finished, click Test. If the test is successful, a Success message appears and Cortex XSOAR and IoT Security have established a link. If not, check that the settings were entered correctly and then test the configuration again.
- Click Save & exit to save your changes and close the settings panel.
Cortex XSOAR version 8.0 and later If the IoT Security content pack incident fields don't appear in the job creation page, create a customized incident layout in Cortex XSOAR.When running Cortex XSOAR version 8.0 and later, the IoT Security third-party content pack custom fields may not appear in the job creation page. Create an incident layout, assign it to a custom incident type for third-party integrations, and add the the customized incident type to all IoT Security third-party integration jobs that you create.- Navigate to Settings & InfoSettingsObject SetupIncidentsLayouts. This brings up the table of incident layouts.
- Select + New Layout"New"/"Edit" Form to create a new layout.
- Enter a descriptive name for the layout for IoT Security third-party integrations.
- From the Library in the left-side panel, add fields into the Custom Fields box in the right-side panel by dragging and dropping. Drag and drop the following fields.
- Asset Attribute Polling IP/Subnet
- Automatically Synchronize Scanners with IoT Security
- Bulk Export Interval (Days)
- Cisco Meraki Networks
- Cisco Meraki Organizations
- Custom IPAM Data List Name
- ExtremeCloud IQ SE End-System Custom Attributes
- Import Aruba Central wired client details to IoT Security
- Import IPAM site definitions to IoT Security
- Import vulnerabilities by CVE severity levels
- Integration Instance Name
- ip
- IPAM subnet Data Overwrite
- jobid
- Network Discovery Skip Neighbor Discovery Patterns
- PANW IoT Device Custom Attributes
- PANW IoT In Scope Tag Enforcement
- PANW-ServiceNow-Category-Map
- Playbook Poll Interval
- Polling Duration in days
- Primary Active Instance Name
- Primary Instance Name(s)
- Primary Standby Instance Name
- profileid
- Rockwell AssetCentre Asset Property UUIDs
- Rockwell AssetCentre Asset Type UUIDs
- Run Once
- scannerid
- Secondary Active Instance Name
- Secondary Instance Name(s)
- Secondary Standby Instance Name
- ServiceNow Discovered IoT Device Table Name
- ServiceNow-IoT Device Category
- ServiceNow-IoT Device Model
- ServiceNow-IoT Device OS
- ServiceNow-IoT Device Profile
- ServiceNow-IoT Device Site
- ServiceNow-IoT Device SSID
- ServiceNow-IoT Device Supported OS
- ServiceNow-IoT Device Tag
- ServiceNow-IoT Device Vendor
- ServiceNow-IoT Device VLAN
- ServiceNow-IoT Wired/Wireless Device
- Site Names
- siteid
- Splunk Index
- Splunk Source Type
- Use IPAM non-site data if the same block or subnet is in IoT Security
- Use IPAM site data if the same root block is in IoT Security
- Select Save Version. This takes you back to the Layouts table.
- Navigate to Types and then select + New Incident Type. This brings up the New Incident Type dialog box.
- Enter a Name, and then under Layout select the layout you just created. Save the new incident type to close the dialog box.
- Make note of the name of your incident type. You will need to assign the incident type to all IoT Security thid-party integration jobs that you create.
Configure IoT Security third-party integrations.After you’ve installed a content pack for IoT 3rd party integrations, you can begin configuring integrations with third-party systems. For IoT Security and Cortex XSOAR to integrate with a third-party system, you must configure XSOAR with an integration instance specifying connection settings and a job running a playbook over the connection.The following is a list of the jobs and their configuration elements for the third-party integrations that IoT Security supports. For detailed configuration instructions, see the section for specific integrations in this guide.Although the integration instructions later in this guide assume that you’re using a cohosted XSOAR module, the configuration instructions for the integration instances and jobs are similar for both cohosted deployments and full-featured Cortex XSOAR server deployments.Asset DiscoveryIntegration Name Playbook Recurring Job Job Parameters Description Details PANW IoT 3rd Party Integration - Rockwell AssetCentreImport Rockwell AssetCentre assets to PANW IoT cloudYes Required: "Integration Instance Name"Optional: "Poll Interval" (If not set, playbook imports all devices.)Imports devices from Rockwell Automation AssetCentre to IoT SecuritySet up IoT Security and XSOAR for AssetCentre Integration PANW IoT 3rd Party Integration - Asset Attribute PollingBulk Import Asset Attributes Using Asset Attribute Polling - PANW IoT 3rd Party IntegrationNo Required: "Integration Instance Name" and "Device Polling IP address/Subnet"Imports device attributes using asset attribute polling.Learn Device Attributes by Polling Asset ManagementIntegration Name Playbook Recurring Job Job Parameters Description Details PANW IoT 3rd Party Integration - AIMS Export AIMS maps and devices to PANW IoT Yes No arguments required. Only a single instance is supported. Exports AIMS facilities, vendors, employees, work order priority list mappings, and device data to IoT Security. Set up IoT Security and XSOAR for AIMS Integration PANW IoT 3rd Party Integration - AIMS Export AIMS assignee and priority lists to PANW IoT Yes No arguments required. Only a single instance is supported. Exports the assignee list and work order priority list from AIMS to IoT Security. Set up IoT Security and XSOAR for AIMS Integration PANW IoT 3rd Party Integration - Microsoft SCCM Import Microsoft SCCM devices to PANW IoT cloud Yes Required: "Integration Instance Name" Fetches available endpoint data from a Microsoft SCCM SQL server and sends it to IoT Security. Set up IoT Security and XSOAR for SCCM Integration PANW IoT 3rd Party Integration - Nuvolo Bulk Export Devices to Nuvolo - PANW IoT 3rd Party Integration No No arguments required. Only a single instance is supported. Retrieves all devices from IoT Security and sends it to a third-party integration instance. Set up IoT Security and XSOAR for Nuvolo Integration PANW IoT 3rd Party Integration - Nuvolo Bulk Import Devices from Nuvolo to PANW IoT Cloud - PANW IoT 3rd Party Integration No No arguments required. Only a single instance is supported. Retrieves all devices from the Nuvolo instance and sends them to IoT Security. Although this job is prebuilt on a cohosted XSOAR instance, it must be manually created on a full-featured XSOAR server. PANW IoT 3rd Party Integration - Nuvolo Incremental Export Devices to Nuvolo - PANW IoT 3rd Party Integration Yes No arguments required. Only a single instance is supported. The fixed poll interval is 15 minutes. Retrieves devices from IoT Security and sends them to the third-party integration instance. Although this job is prebuilt on a cohosted XSOAR instance, it must be manually created on a full-featured XSOAR server. PANW IoT 3rd Party Integration - ServiceNow v2 Incremental Export Devices to ServiceNow - PANW IoT 3rd Party Integration Yes No arguments required. Only a single instance is supported. The fixed poll interval is 15 minutes. Retrieves devices discovered by IoT Security and sends them to a third-party integration instance. Set up IoT Security and XSOAR for ServiceNow Integration PANW IoT 3rd Party Integration - ServiceNow v2 Bulk Export Devices to ServiceNow - PANW IoT 3rd Party Integration No No arguments required. Only a single instance is supported. Retrieves all devices from IoT Security and sends them to a third-party integration instance. Set up IoT Security and XSOAR for ServiceNow Integration Endpoint ProtectionIntegration Name Playbook Recurring Job Job Parameters Description Details PANW IoT 3rd Party Integration - Cortex XDR - IR Incremental Export of Cortex XDR - PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name"Optional: "Site Names", and "Playbook Poll Interval"Retrieves active devices found by IoT Security, queries Cortex XDR to get associated device attributes, and reports the data to IoT Security. Filters for active devices: Site names and playbook poll interval. Set up IoT Security and XSOAR for XDR Integration PANW IoT 3rd Party Integration - CrowdStrike Falcon Incremental Import of CrowdStrike Falcon - PANW IoT 3rd Party Integration No Required: "Integration Instance Name"Optional: "Site Names", and "Playbook Poll Interval"Retrieves active devices found by IoT Security, queries CrowdStrike Falcon to get associated device attributes and reports the data to IoT Security. Filters for active devices: Site names and playbook poll interval. Set up IoT Security and XSOAR for CrowdStrike Integration PANW IoT 3rd Party Integration - Microsoft Defender XDRImport MS Defender devices to PANW IoT cloudYes Required: "Integration Instance Name"Retrieves asset and device information from Microsoft Defender XDR to IoT Security. Set up IoT Security and Cortex XSOAR for Microsoft Defender XDR Integration PANW IoT 3rd Party Integration - Microsoft Defender XDRImport MS Defender Vulnerabilities to PANW IoT cloudYes Required: "Integration Instance Name"Optional: "Playbook Duration in days" and "Import vulnerabilities by CVE severity levels"Imports vulnerabilities from Microsoft Defender XDR to IoT Security.Set up IoT Security and Cortex XSOAR for Microsoft Defender XDR Integration PANW IoT 3rd Party Integration - TaniumImport Tanium Vulnerabilities to PANW IoT cloudYes Required: "Integration Instance Name"Optional: "Import vulnerabilities by CVE severity levels"Imports vulnerabilities from Tanium to IoT Security.Set up IoT Security and XSOAR for Tanium Integration Network ManagementIntegration Name Playbook Recurring Job Job Parameters Description Details PANW IoT 3rd Party Integration - Aruba AirWave Import Aruba AirWave VisualRF Floor Plans to PANW IoT Yes Required: "Integration Instance Name" Retrieves floor plan maps from Aruba AirWave to IoT Security. Set up IoT Security and Cortex XSOAR for Aruba AirWave Integration PANW IoT 3rd Party Integration - Aruba AirWave Import Aruba AirWave VisualRF Clients to PANW IoT Yes Required: "Integration Instance Name" Retrieves asset and device information from Aruba AirWave to IoT Security. Set up IoT Security and Cortex XSOAR for Aruba AirWave Integration PANW IoT 3rd Party Integration - Aruba Central Import Aruba Central devices to PANW IoT cloud Yes Required: "Integration Instance Name"Optional: “Import Aruba Central wired client details to IoT Security”Retrieves client details from Aruba Central. By default, only wireless device details are retrieved. You have the option to retrieve details for both wired and wireless devices Set up IoT Security and XSOAR for Aruba Central Integration PANW IoT 3rd Party Integration - cisco-dnac-IoT extract-dnac-clients Yes Required: "Integration Instance Name"Optional: "Site Names" and "Playbook Poll Interval"Retrieves active devices found by IoT Security, queries Cisco DNA Center to get associated device attributes, and reports the data to IoT Security. Filters for active devices: Site names and playbook poll interval. Set up IoT Security and XSOAR for DNA Center Integration PANW IoT 3rd Party Integration - Cisco Meraki Cloud Get Cisco Meraki Cloud Organizations and Networks - PANW IoT 3rd Party Integration No Required: "Integration Instance Name" Retrieves Cisco Meraki Cloud organizations and networks. Set up IoT Security and XSOAR for Cisco Meraki Cloud PANW IoT 3rd Party Integration - Cisco Meraki Cloud Import Cisco Meraki Cloud Network Clients - PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name"Optional: "Cisco Meraki Networks"Optional: "Cisco Meraki Organizations"Optional: "Poll Interval" (Range: 1-31 days, default: 31)Imports all the Cisco Meraki Cloud clients to IoT Security. Set up IoT Security and XSOAR for Cisco Meraki Cloud PANW IoT 3rd Party Integration - Cisco Prime Cisco Prime Clients Yes Required: "Integration Instance Name"Optional: "Site Names" and "Playbook Poll Interval"Retrieves active devices found on IoT Security, queries Cisco Prime to get associated device attributes, and reports the data to IoT Security. Filters for active devices: Site names and playbook poll interval. Set up IoT Security and XSOAR for Cisco Prime Integration PANW IoT 3rd Party Integration - SNMP Incremental SNMP data import to PANW IoT Cloud - PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name" Performs an SNMP crawl, retrieves all available endpoint data, and reports it to IoT Security. Set up IoT Security and Cortex XSOAR for SNMP Discovery PANW IoT 3rd Party Integration - Network Discovery Network Discovery - Export Devices using SNMP Yes Required: "Integration Instance Name"Optional: Network Discovery Skip Neighbor Discovery PatternsPerforms an SNMP crawl, retrieves all available L2, L3, and endpoint data and reports it to IoT Security. Set up IoT Security and Cortex XSOAR for Network Discovery IP Address ManagementIntegration Name Playbook Recurring Job Job Parameters Description Details PANW IoT 3rd Party Integration - BlueCat IPAM Bulk Import of subnet network info from BlueCat IPAM to PANW IoT Cloud Yes Required: "Integration Instance Name" Fetches available IPAM data from a BlueCat Address Manager and sends it to IoT Security. Set up IoT Security and XSOAR for BlueCat Integration PANW IoT 3rd Party Integration - Infoblox IPAM Bulk Import of subnet network info from Infoblox IPAM to PANW IoT Cloud Yes Required: "Integration Instance Name" Fetches available IPAM data from an Infoblox Grid Master and sends it to IoT Security. Set up IoT Security and XSOAR for Infoblox Integration Wireless Network ControllersIntegration Name Playbook Recurring Job Job Parameters Description Details PANW IoT 3rd Party Integration - Aruba WLAN Controller Import Aruba WLC devices to PANW IoT cloud Yes Required: "Integration Instance Name" Fetches available endpoint data from an Aruba WLAN controller and sends it to IoT Security. Set up IoT Security and XSOAR for Aruba WLAN Controllers PANW IoT 3rd Party Integration - Cisco WLAN Controller Import Cisco WLC devices to PANW IoT cloud Yes Required: "Integration Instance Name" Fetches available endpoint data from a Cisco WLAN controller and sends it to IoT Security. Set up IoT Security and XSOAR for Cisco WLAN Controllers Security Information and Event ManagementIntegration Name Playbook Recurring Job Job Parameters Description Details PANW IoT 3rd Party Integration - Syslog Sender Bulk Export to SIEM - PANW IoT 3rd Party Integration No Required: "Integration Instance Name" Retrieves all devices, alerts, and vulnerabilities from IoT Security and sends them to a third-party integration instance. Set up IoT Security and XSOAR for SIEM Integration PANW IoT 3rd Party Integration - Syslog Sender Incremental Export to SIEM - PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name". Default poll interval is 15 minutes. Retrieves devices, alerts, and vulnerabilities from IoT Security and sends them to a third-party integration instance. Although this job is prebuilt on a cohosted XSOAR instance, it must be manually created on a full-featured XSOAR server. Network Access ControlIntegration Name Playbook Recurring Job Job Parameters Description Details PANW IoT 3rd Party Integration - Aruba ClearPass Incremental Export to Aruba ClearPass- PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name"Optional: "PANW IoT Device Custom Attributes", "Playbook Poll Interval", "Site Names", and "PANW IoT In Scope Tag Enforcement".Retrieves devices from IoT Security and sends it to a third-party integration instance. Filters for IoT Security devices: Custom attributes, poll interval, site names, and tag enforcement. Set up IoT Security and XSOAR for ClearPass Integration PANW IoT 3rd Party Integration - Aruba ClearPass Bulk Export to Aruba ClearPass - PANW IoT 3rd Party Integration No Required: "Integration Instance Name"Optional: "PANW IoT Device Custom Attributes", "Site Names", and "PANW IoT In Scope Tag Enforcement"Retrieves all devices from IoT Security and sends them to the third-party integration instance. Filters for IoT Security devices: Custom attributes, site names, and tag enforcement. Set up IoT Security and XSOAR for ClearPass Integration PANW IoT 3rd Party Integration - Cisco ISE Incremental Export to Cisco ISE - PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name"Optional: "PANW IoT Device Custom Attributes", "Playbook Poll Interval", "Site Names", and "PANW IoT In Scope Tag Enforcement"Retrieves devices from IoT Security and sends them to a third-party integration instance. Filters for IoT Security devices: Custom attributes, poll interval, site names, and tag enforcement. Set up IoT Security and XSOAR for Cisco ISE Integration PANW IoT 3rd Party Integration - Cisco ISE Bulk Export to Cisco ISE - PANW IoT 3rd Party Integration No Required: "Integration Instance Name"Optional: "PANW IoT Device Custom Attributes", "Site Names", and "PANW IoT In Scope Tag Enforcement"Retrieves all devices from IoT Security and sends them to a third-party integration instance. Filters for IoT Security devices: Custom attributes, site names, and tag enforcement. Set up IoT Security and XSOAR for Cisco ISE Integration PANW IoT 3rd Party Integration - Cisco ISE pxGrid Bulk Export to Cisco ISE pxGrid - PANW IoT 3rd Party Integration No Required: "Integration Instance Name"Optional: "PANW IoT Device Custom Attributes", "Site Names", and "PANW IoT In Scope Tag Enforcement"Retrieves all devices from IoT Security and sends them to a third-party integration instance. Filters for IoT Security devices: Custom attributes, site names, and tag enforcement. Set up Integration with Cisco ISE pxGrid PANW IoT 3rd Party Integration - Cisco ISE pxGrid Increment Export to Cisco ISE pxGrid - PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name"Optional: "PANW IoT Device Custom Attributes", "Playbook Poll Interval", "Site Names", and "PANW IoT In Scope Tag Enforcement"Retrieves devices from IoT Security and sends them to a third-party integration instance. Filters for IoT Security devices: Custom attributes, poll interval, site names, and tag enforcement. Set up Integration with Cisco ISE pxGrid PANW IoT 3rd Party Integration - Forescout Incremental Export to Forescout - PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name"Optional: "PANW IoT Device Custom Attributes", "Playbook Poll Interval", "Site Names", and "PANW IoT In Scope Tag Enforcement"Retrieves devices from IoT Security and sends them to a third-party integration instance.Filters for IoT Security devices: Custom attributes, poll interval, site names, and tag enforcement. Set up IoT Security and XSOAR for Forescout Integration PANW IoT 3rd Party Integration - Forescout Bulk Export to Forescout - PANW IoT 3rd Party Integration No Required: "Integration Instance Name"Optional: "PANW IoT Device Custom Attributes", "Site Names", and "PANW IoT In Scope Tag Enforcement"Retrieves all devices from IoT Security and sends it to the third party integration instance.Filters for PANW IoT devices: site name(s), custom attributes, tag enforcement. Set up IoT Security and XSOAR for Forescout Integration Vulnerability ScanningIntegration Name Playbook Recurring Job Job Parameters Description Details PANW IoT 3rd Party Integration - Qualys Incremental Qualys Get Scans and Report Handling V2- PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name" Generates and retrieves all reports from scans generated in the last hour. Get Vulnerability Scan Reports from Qualys PANW IoT 3rd Party Integration - Qualys Bulk Qualys Get Scans and Report Handling V2- PANW IoT 3rd Party Integration No Required: "Integration Instance Name" Generates and retrieves all reports from scans generated in the last 30 days. Get Vulnerability Scan Reports from Qualys PANW IoT 3rd Party Integration - Qualys Get Qualys Scanners and Profiles - PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name" Run this job periodically to retrieve names of all scan engines, sites, and vulnerability scan templates that Qualys uses. Set the interval to run the job based on the frequency of change on the Qualys side of the integration. Although this job is prebuilt on a cohosted XSOAR instance and runs every 15 minutes by default, it must be manually created on a full-featured XSOAR server. PANW IoT 3rd Party Integration - Qualys Qualys Report Handling - PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name" Generates reports for all scans initiated from IoT Security since the last time this job was run. A typical recurring interval is every 20 or 30 minutes. Although this job is prebuilt on a cohosted XSOAR instance, it must be manually created on a full-featured XSOAR server. PANW IoT 3rd Party Integration - Rapid7 Nexpose Incremental Rapid7 Get Scans and Generate Reports V2- PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name" Automatically generates reports of all vulnerability scans that Rapid7 performed in the last hour. Get Vulnerability Scan Reports from Rapid7 PANW IoT 3rd Party Integration - Rapid7 Nexpose Incremental Rapid7 Get Scans and Report Handling V2- PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name" Retrieves all Rapid7 vulnerability scan reports generated in the last hour. Get Vulnerability Scan Reports from Rapid7 PANW IoT 3rd Party Integration - Rapid7 Nexpose Bulk Rapid7 Get Scans and Generate Reports V2- PANW IoT 3rd Party Integration No Required: "Integration Instance Name" Run this job on demand to generate Rapid7 vulnerability scan reports in bulk for the last 30 days. Get Vulnerability Scan Reports from Rapid7 PANW IoT 3rd Party Integration - Rapid7 Nexpose Bulk Rapid7 Get Scans and Report Handling V2- PANW IoT 3rd Party Integration No Required: "Integration Instance Name" Run this job after finishing the bulk report generation job to import the reports from Rapid7 to IoT Security. Get Vulnerability Scan Reports from Rapid7 PANW IoT 3rd Party Integration - Rapid7 Nexpose Get Nexpose Engines, Sites and Templates - PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name" Run this job periodically to retrieve names of all scan engines, sites, and vulnerability scan templates that Rapid7 uses. Set the interval to run the job based on the frequency of change on the Rapid7 side of the integration. Although this job is prebuilt on a cohosted XSOAR instance and runs every 15 minutes by default, it must be manually created on a full-featured XSOAR server. PANW IoT 3rd Party Integration - Tenable.io Incremental Tenable Get Scans and Report Handling V2- PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name" Generates and retrieves all reports from scans generated in the last hour. Get Vulnerability Scan Reports from Tenable PANW IoT 3rd Party Integration - Tenable.io Bulk Export Devices to ServiceNow - PANW IoT 3rd Party Integration No Required: "Integration Instance Name" Generates and retrieves all reports from scans generated in the last 30 days. Get Vulnerability Scan Reports from Tenable PANW IoT 3rd Party Integration - Tenable.io PANW IoT Get Tenable Scanners and Profiles - PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name" Run this job periodically to retrieve names of all scan engines, sites, and vulnerability scan templates that Tenable uses. Set the interval to run the job based on the frequency of change on the Tenable side of the integration. Although this job is prebuilt on a cohosted XSOAR instance and runs every 15 minutes by default, it must be manually created on a full-featured XSOAR server. PANW IoT 3rd Party Integration - Tenable.io Tenable Report Handling - PANW IoT 3rd Party Integration Yes Required: "Integration Instance Name" Generates reports for all scans initiated from IoT Security since the last time this job was run. A typical recurring interval is every 20 or 30 minutes. Although this job is prebuilt on a cohosted XSOAR instance, it must be manually created on a full-featured XSOAR server.