External integrations - Gain additional verification on key artifacts by integrating Cortex XSIAM with other Palo Alto Networks and third-party security products. - Administrator Guide - Cortex XSIAM - Cortex

External integrations - Gain additional verification on key artifacts by integrating Cortex XSIAM with other Palo Alto Networks and third-party security products. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-11

Threat intelligence

Integration	Description
WildFire	Cortex XSIAM automatically includes WildFire threat intelligence in the case and issue investigation. WildFire detects known and unknown threats, such as malware. The WildFire verdict contains detailed insights into the behavior of identified threats. The WildFire verdict is displayed next to relevant Key Artifacts in the Cases page. See Review WildFire analysis details for more information.
VirusTotal	VirusTotal provides aggregated results from over 70 antivirus scanners, domain services included in the block list, and user contributions. The VirusTotal score is represented as a fraction. For example, a score of 34/52 means out of 52 queried services, 34 services determined the artifact to be malicious. To view VirusTotal threat intelligence in cases, you must obtain the license key for the service and add it to the Cortex XSIAM Configuration. When you add the service, the relevant VirusTotal (VT) score is displayed in the Cases page under Key Artifacts.

Integration

Description

WildFire

Cortex XSIAM automatically includes WildFire threat intelligence in the case and issue investigation.

WildFire detects known and unknown threats, such as malware. The WildFire verdict contains detailed insights into the behavior of identified threats. The WildFire verdict is displayed next to relevant Key Artifacts in the Cases page. See Review WildFire analysis details for more information.

VirusTotal

VirusTotal provides aggregated results from over 70 antivirus scanners, domain services included in the block list, and user contributions. The VirusTotal score is represented as a fraction. For example, a score of 34/52 means out of 52 queried services, 34 services determined the artifact to be malicious.

To view VirusTotal threat intelligence in cases, you must obtain the license key for the service and add it to the Cortex XSIAM Configuration. When you add the service, the relevant VirusTotal (VT) score is displayed in the Cases page under Key Artifacts.

Case management

Integration	Description
Third-party ticketing systems	To manage cases from the application of your choice, you can use the Cortex XSIAM API Reference to send issues and issue details to an external receiver. After you generate your API key and set up the API to query Cortex XSIAM, external apps can receive case updates, request additional data about cases, and make changes such as setting the status and changing the severity or assigning an owner. To get started, see the Cortex XSIAM API Reference guide.

Integration

Description

Third-party ticketing systems

To manage cases from the application of your choice, you can use the Cortex XSIAM API Reference to send issues and issue details to an external receiver. After you generate your API key and set up the API to query Cortex XSIAM, external apps can receive case updates, request additional data about cases, and make changes such as setting the status and changing the severity or assigning an owner. To get started, see the Cortex XSIAM API Reference guide.