Cortex Xpanse integrates with third-party tools and services to support many use cases.
Cortex Xpanse integrates with third-party tools and services and other Palo Alto Networks products to support many use cases, including the following:
Maintain accurate asset inventory—Integrate Expander with IT and IT security systems that require an accurate source of truth of your organization's public-facing assets.
Generate notifications—Set up SIEM-configured notifications so you will be alerted on new assets and exposures quickly.
Kick off investigations—Kick off investigations of exposures with IT tickets to drive remediation action and reduce the number of exposures on your network edge.
Automate remediations—Cortex Xpanse Active Response uses automation integrations with playbooks to augment alert investigation and remediate risks automatically.
Types of Integrations
Cortex Xpanse supports the following types of integrations:
Type of Integration | Description | More Information |
---|---|---|
Collection Integrations | Cortex Xpanse supports two types of collection integrations:
Both of these collection integrations bring cloud context into Expander where it can be enriched with ASM data, providing a unified, normalized inventory of your cloud assets. | |
Automation Integrations | Automation integrations are used by Active Response playbooks to enrich an alert or respond to an alert with an action, such as sending notifications or remediating the alert by directly modifying the configuration of an asset, service, or networking infrastructure. | |
Outbound Integrations | Outbound integrations push or pull information from Xpanse into a third party security or workflow tool in order to integrate into to an organization’s existing vulnerability or incident response system. | |
Expander REST APIs | Expander includes a REST API capable of querying, exporting, and interacting with many areas of the product, including assets, services, alerts, and incidents. The API also supports actions such as user management and tagging. In addition to the Expander API, a Python SDK is also available for more rapid development. |
Cortex Xpanse Outbound Integrations
Outbound integrations push or pull information from Xpanse into a third party security or workflow tool. These integrations enable you to to integrate Xpanse into to your organization’s existing vulnerability or incident response system. Cortex Xpanse provides the following outbound integrations:
Integrate with Cortex XSOAR—Forward risks from Expander to XSOAR via API where you can build custom playbooks to triage and remediate. This integration also includes commands to call Expander APIs for enrichment purposes.
Integrate a Syslog Receiver—You can send alert data to third-party systems (such as IBM QRadar and Microsoft Sentinel) using syslog forwarding.
Integrate with partner systems—Partner integrations are typically installed on customer systems or installed within vendor solutions through a third-party marketplace.
Partner Integration
Description
More Information
Jira Server
Automatically forward new alerts along with guidance and related context from Expander to Jira as new tasks.
Contact your Customer Success Manager for configuration details.
QRadar
Automatically forward Xpanse- discovered risks to QRadar to support alert event creation, asset event creation, offense population, and asset details display.
Qualys VM
Automatically import Xpanse assets as new asset groups in Qualys VMDR for scanning.
Contact your Customer Success Manager for configuration details.
Rapid7 InsightVM
Automatically import assets detected by Cortex Xpanse into Rapid7 InsightVM console to be used as scan targets.
Cortex Xpanse Integration: InsightVM Documentation and User Guide
ServiceNow Configuration Compliance (CC)
Ingest security test results (i.e. alerts) into the ServiceNow CC module, Including checking for impacted assets in CMDB.
Cortex Xpanse ServiceNow Configuration Compliance Documentation and User Guide v2.0.0
ServiceNow Configuration Management Database (CMDB)
Automatically ingest assets discovered by Xpanse to the ServiceNow CMDB. These assets are run through the CMDB’s correlation logic to merge with existing assets.
Cortex Xpanse Service Graph Connector for Xpanse (SGCX) (v2.0.0) Documentation and User Guide
Splunk TA v5.0.0
Forward Xpanse-discovered assets, services, and risks for management, visualization, correlation, and alerting within Splunk.
The Cortex Xpanse TA can be installed through the Splunk Marketplace.
Tenable.io
Forward relevant assets that Xpanse discovers to Tenable.io for more detailed assessment and central vulnerability tracking.
Cortex Xpanse Integration: Tenable.io
Contact your Customer Success Manager to proceed with integration configuration.
Venafi TPP Integration
Correlate certificates in the Expander inventory with those in Venafi TTP to help customers understand gaps in their certificate management.
Contact your Customer Success Manager for configuration details.