Skip to content

Palo Alto Cortex XSOAR


On XDR, create an API KEY with the following permission: - INTHREAT_READ_OBJECTS (8d9901dc-0508-4472-b3c1-5ad5efc96032): Read objects from InThreat

More information on API KEY creation


In your Palo Alto Cortex XSAOR instance go to "Marketplace" and search for "sekoia".

View of CTI integration in PaloAlto Marketplace

Choose the "SEKOIAIntelligenceCenter" pack to open pack description and use the "Install" button to add the pack to your instance.

Installation of CTI integration

Installed CTI integration

Navigate to "Settings" where "SEKOIAIntelligenceCenter" should have appeared and clic the "Add instance" button to add a new instance.

Add a new instance of the integratino

Input a XDR API KEY and save your configuration.

Configure instance API KEY

Use the test button to validate your configuration (your result should be green).

Example of failed test.

Test configuration, example of failed test

Example of successful test.

Test configuration, example of sucessfull test

You can now use the integration by typing for example !GetObservable value="" type="email-addr".

Example of usage

To learn how to use the integration, please read the following documentation which describe every command input and output.