Use the Marketplace to install, exchange, contribute and manage your content in Cortex XSIAM.
The marketplace enables you to easily do the following:
Discover top-rated, validated content—Identify the content offerings recommended by your peers and validated by the world’s leading cyber security company. Discover how to increase automation with the tools that you already have.
Solve your toughest security use cases—Deploy turn-key security workflows that span integrations, automations, alert fields, types, and playbooks with a single click.
The Marketplace content packs are pre-built bundles of integrations, playbooks, automations and fields, and all the dependencies needed to support specific security orchestration use cases. Content packs, which are free, can be used by all customers and contain any of the following elements:
Feature | Description |
---|---|
You can define the following types of integrations:
| |
You can automate many security processes, including handling investigations and managing tickets and security responses that were previously handled manually. When an alert is ingested, the playbook runs and an alert is created. | |
Alert Types | All alerts that are ingested into Cortex XSIAM are assigned an alert type when they are classified. After you classify the alert, you can then map the relevant fields to the alert. |
Alert Fields | Alert types contain fields that are relevant to the alert type. |
Perform specific actions and are comprised of commands, which are used in playbook tasks and when running commands in the alert War Room. | |
Analyzes correlation of multi-event from multiple sources by using the Cortex XSIAM XQL-based engine for creating these correlations (scheduled) rules. Alerts can then be triggered based on these rules with a defined time-frame and schedule. | |
Data Model rules enable you to normalize logs for out-of-the-box analytics and data enrichment. This allows you to do the following:
Some content packs contain out-of-the-box default Data Model Rules. | |
Enables you to add rules which remove non-required data for analytics, hunting, or regulation, reduce data storage costs, pre-process all incoming data, etc. NoteWhen installed, the parsing rules are enabled and added as Default Rules. When deleted, all related parsing rules (including all Rule sections) are removed from the Default Rules tab. | |
Dashboards consist of visualized data powered by fully customizable widgets, which enables you to analyze data from inside or outside Cortex XSIAM, in different formats such as line charts, tables, text, etc. | |
Reports contain statistical data in the form of widgets (from a dashboard), which enable you to analyze data from inside or outside Cortex XSIAM, in different formats such as line charts, tables, text from information, etc. |
Content Pack Support Types
Marketplace includes the following content pack support types:
Supported content packs
Applies only to content packs published by Palo Alto Networks. These content packs are supported and maintained by Palo Alto Networks according to the Palo Alto Networks End User Support Agreement.
Partner-Supported content packs
Applies to content packs published by Cortex XSIAM Technology Partners. Support and maintenance is provided by the Technology Partner, whose contact information appears in the content pack details. Technology Partners are required to join the industry-standard support framework, TSANet, to deliver support to our mutual customers. Customers engage directly with the Partner for support and maintenance of the partner-supported content pack.
Note
Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party publisher.
Palo Alto Networks does not support content packs that do not have official available documentation.