Skip to main content

PaloAlto Cortex XSOAR Cortex Plugin

The PaloAlto XSOAR/XSIAM - Cortex Plugin allows you to obtain a detailed report from CrowdSec's CTI smoke database.

Installation

The integration is available directly from within Cortex XSOAR.

Find and add an instance of the CrowdSec data enrichment.
Fill in the API key you generated from the console interface.

If you need to download it you can find it here.
You can also refer to the integration documentation.

Usage

Once the CrowdSec enrichment is activated, your incidents will benefit from CrowdSec's CTI data on the incident's IP.
Incident Info Main

Date of the incident and attack details will be visible in the quick view and the full view.
Incident Summary
Source Details

Installation
Usage

CrowdSec Console

CrowdSec Console

This website uses cookies to help us improve. Click "accept" to allow us to continue using cookies.