Skip to content

Palo Alto Cortex XSOAR

Prerequisite

On Sekoia.io XDR, create an API KEY with the following permission: - INTHREAT_READ_OBJECTS (8d9901dc-0508-4472-b3c1-5ad5efc96032): Read objects from InThreat

More information on API KEY creation

Install

In your Palo Alto Cortex XSAOR instance go to "Marketplace" and search for "sekoia".

View of Sekoia.io CTI integration in PaloAlto Marketplace

Choose the "SEKOIAIntelligenceCenter" pack to open pack description and use the "Install" button to add the pack to your instance.

Installation of Sekoia.io CTI integration

Installed Sekoia.io CTI integration

Navigate to "Settings" where "SEKOIAIntelligenceCenter" should have appeared and clic the "Add instance" button to add a new instance.

Add a new instance of the integratino

Input a Sekoia.io XDR API KEY and save your configuration.

Configure instance API KEY

Use the test button to validate your configuration (your result should be green).

Example of failed test.

Test configuration, example of failed test

Example of successful test.

Test configuration, example of sucessfull test

You can now use the integration by typing for example !GetObservable value="eicar@sekoia.io" type="email-addr".

Example of usage

To learn how to use the integration, please read the following documentation which describe every command input and output.