Palo Alto Cortex XSOAR
On SEKOIA.IO XDR, create an API KEY with the following permission:
8d9901dc-0508-4472-b3c1-5ad5efc96032): Read objects from InThreat
More information on API KEY creation
In your Palo Alto Cortex XSAOR instance go to "Marketplace" and search for "sekoia".
Choose the "SEKOIAIntelligenceCenter" pack to open pack description and use the "Install" button to add the pack to your instance.
Navigate to "Settings" where "SEKOIAIntelligenceCenter" should have appeared and clic the "Add instance" button to add a new instance.
Input a SEKOIA.IO XDR API KEY and save your configuration.
Use the test button to validate your configuration (your result should be green).
Example of failed test.
Example of successful test.
You can now use the integration by typing for example
!GetObservable value="firstname.lastname@example.org" type="email-addr".
To learn how to use the integration, please read the following documentation which describe every command input and output.