Palo Alto Networks Cortex XSOAR now has access to The Total Internet Inventory. ™

Palo Alto Networks Cortex XSOAR now has access to The Total Internet Inventory. ™

Listen to this article

SecurityTrails’ 125,000 users can now integrate with the leading SOAR platform.

We’re excited to announce the immediate availability of our latest API integration into Palo Alto Networks Cortex XSOAR, enabling users to operationalize our security intelligence with over 750 different products.

Palo Alto Networks Cortex XSOAR is one of the most comprehensive security orchestration solutions on the market today, enabling organizations to manage and collect data about security threats and drive responses with reduced human involvement. These automated playbooks are an incredible time-saver for overworked security teams.

SecurityTrails real-time analysis of hostnames, associated domains, IP blocks, SSL certificates, WHOIS, DNS, and historical DNS provides unrivaled context to security investigations.

SecurityTrails XSOAR enrichments can support a wide variety of playbooks including phishing, log-in analysis, vulnerability management, IOC enrichment, and endpoint diagnostics.

How does it work?

In order to configure SecurityTrails on the Cortex XSOAR platform, you’ll need to follow these steps:

  • Navigate to Marketplace

Navigate to MarketPlace

  • Search for SecurityTrails

Search for SecurityTrails

  • Click “Install”

Click Install

  • Navigate to Settings > Integrations > Servers & Services

Navigate

  • Search for SecurityTrails.

Search for SecurityTrails.

  • Click Add instance to create and configure the new integration instance

  • Few parameter configurations are required:

    • API key: api.key.here
    • Trust any certificate (not secure): False
    • Use system proxy settings: False
    • Fetch indicators: False
  • Click Test to check if the URLs, token, and connection are working as expected

Test connection

If you see a “Success” message, then you’re ready to start playing with it.

  • Jump into the playground, and start executing the SecurityTrails commands

Jump into the playground

  • In the footer area, you’ll find a CLI where you can execute any supported SecurityTrails commands, as shown here:

You can execute any supported SecurityTrails commands

Supported commands

The following is a list of supported commands that can be executed within Cortex XSOAR CLI, whether as part of an automation or in a playbook (once you execute a command, a DBot message will be displayed in the War Room showing the command details):

  • securitytrails-get-subdomains
  • securitytrails-get-domain-details
  • securitytrails-get-tags
  • securitytrails-get-company-details
  • securitytrails-get-company-associated-ips
  • securitytrails-get-domain-whois
  • securitytrails-get-dns-history
  • securitytrails-get-whois-history
  • securitytrails-get-ip-neighbors
  • securitytrails-search-domain
  • securitytrails-statistics-domain
  • securitytrails-get-associated-domains
  • securitytrails-search-ip
  • securitytrails-statistics-ip
  • securitytrails-get-ip-whois
  • securitytrails-get-useragents
  • domain

With this new SecurityTrails API integration for XSOAR, we are helping thousands of users access security data from our API in more alternative ways, providing more clarity for security companies to access subdomain and domain data, DNS and WHOIS historical records, associated domains and IPs, company details, user-agent activity, and much more.

Access the SecurityTrails API integration for XSOAR today.

Esteban Borges Blog Author

ESTEBAN BORGES

Esteban is a seasoned security researcher and cybersecurity specialist with over 15 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.

Source of Article