Expanse Brings Internet Operations Management to Palo Alto Networks Cortex XSOAR

Expanse is excited to join Palo Alto Networks’ partner network with our first integration with a Security Orchestration, Automation, and Response (SOAR) solution. We have had a number of customers ask for this integration in order to add Internet Asset data to enhance their security posture. 

The Expanse integration for Palo Alto Networks’ Cortex XSOAR provides Expanse users the ability to integrate with hundreds of other IT and security products available through the XSOAR store. XSOAR users now have the ability to create incidents and enrich playbooks with Internet Asset information provided by Expanse’s Internet Operations Management Platform.  

Security teams leveraging both technologies will be able to respond to Internet-based incidents by taking action at the end of playbooks, such as triggering scans and creating tickets.

XSOAR dashboards now show Internet Asset severities.

Detailed and up-to-date information about an organization’s on-premise and cloud assets can now be applied to dozens of SOAR use cases and playbooks including:

  • Assigning incident severity
  • Automating vulnerability management
  • Orchestrating certificate management
  • Diagnosing endpoints
  • Threat hunting for compromised assets

SOAR products draw from multiple sources of security intelligence. Applying information drawn from an Expanse-provided asset inventory can drive incident creation and response relevant to an organization’s specific business risks.  

The release of the Expanse integration for XSOAR adds to the increasing number of ways Expanse customers can apply additional coverage, context, and visibility into their attack surface across key processes and technologies including SIEMs, ticketing systems, vulnerabilities scanners, and other incident response products. 

To access the integration, please see the XSOAR store page or search for Expanse in the Cortex XSOAR store in the Demisto portal.