Palo Alto XSOAR Integration

Full SOAR integration with Palo Alto Cortex XSOAR. Piscium validated exposures automatically create XSOAR incidents with structured context — CVE details, affected assets, attack path visualization, and recommended fix actions. XSOAR playbooks can orchestrate Piscium re-scans, update remediation status, and close the loop on validated fixes.

Back to Features

What You Get

Why Palo Alto XSOAR?

SOAR platforms are most effective when fed high-fidelity data. Piscium eliminates noise by sending only validated, exploitable exposures to XSOAR — ensuring playbooks trigger on real risk rather than theoretical vulnerabilities, dramatically improving mean time to respond.

Example Scenario

Piscium validates a critical exposure chain: an unpatched Apache Struts instance on a DMZ web server allows remote code execution, which chains through a misconfigured firewall rule into the OT historian database. XSOAR receives the incident with full attack path context. A playbook automatically isolates the web server, creates a Jira ticket for patching, notifies the OT team, and schedules a Piscium verification scan for 48 hours later.

Implementation Notes

Requires XSOAR 8.x+ with the Piscium content pack installed from the XSOAR Marketplace. Authentication uses an API key generated in the Piscium console. The content pack includes pre-built playbooks for exposure triage, remediation orchestration, and verification scanning. Supports multi-tenant XSOAR deployments.

Webhook Payload Example

{
  "event": "exposure.validated",
  "timestamp": "2026-03-13T16:45:00Z",
  "exposure_id": "EXP-2026-00412",
  "severity": "critical",
  "cvss_score": 9.1,
  "cve": "CVE-2025-31337",
  "affected_asset": "dmz-web-03.corp.local",
  "attack_path_id": "AG-1054",
  "blast_radius": 22,
  "remediation_status": "in_progress",
  "xsoar_incident_id": "INC-88421"
}

Ready to Connect Palo Alto XSOAR?

See the integration running live in your environment.

Request a Demo All Features