IoT Security - Learn more about the IoT Security content pack integration in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Data Source overview

The Palo Alto Networks IoT Security solution discovers unmanaged devices, detects behavioral anomalies, recommends policy based on risk, and automates enforcement without the need for additional sensors or infrastructure. The Cortex XSIAM IoT Security integration enables you to ingest alerts and device information from your IoT Security instance.

Link to Data Source instructions

Ingest alerts and assets from IoT Security

Links to content pack/integration details

The IoT by Palo Alto Networks content pack enables Cortex XSIAM to integrate with the Palo Alto Networks IoT Security Portal for retrieving device details, listing and managing alerts and vulnerabilities, and integrating with ticketing systems like ServiceNow for streamlined incident response. It contains the PANW IoT ServiceNow Tickets Check playbook, the PANW IoT Incident Handling with ServiceNow playbook, the PANW IoT Alert Handling with ServiceNow playbook, the iot-security-get-raci automation script, the iot-security-alert-post-processing automation script, the iot-security-check-servicenow automation script, and the iot-security-vuln-post-processing automation script, along with the IoT Alert and IoT Vulnerability issue types and custom issue fields.