Automox Content Pack for Palo Alto Networks Cortex XSOAR

Cortex XSOAR is the Palo Alto Networks security orchestration automation and response (SOAR) product.

The Automox content pack for Cortex XSOAR provides organizations with the necessary tools to immediately and autonomously take action in the Automox platform from XSOAR.

What does the content pack do?

  • Upload Vulnerability Reports
  • Get and approve/reject batches of tasks
  • Get, update, and delete device groups
  • Get and update devices
  • Get organizations and their users
  • Get and run policies

The content pack includes:

  • The Automox integration, containing a multitude of commands which can be used ad-hoc from incident war rooms, or as the building blocks in playbooks and scripts to address specific administration or remediation incidents.
  • A sub-playbook titled "Upload Vulnerability Report to Automox" which automates the upload and approval process for vulnerability remediation in Automox. This sub-playbook provides your incident team with complete control over remediation efforts using Automox.

You can find and install the latest version of the Automox Content Pack for XSOAR in the marketplace of your licensed version of Cortex XSOAR.

Additionally, to view the complete documentation of this pack and to download the files to install manually, you can visit the Cortex XSOAR Marketplace.

Using the "Upload Vulnerability Report to Automox" sub-playbook

After installing the Automox content pack, you will see a new playbook appear in your playbooks catalog titled "Upload Vulnerability Report to Automox." This playbook accepts the entryId of a Vulnerability Report CSV file as its input. 

Integrate this sub-playbook into other playbooks that generate vulnerability reports to automatically upload those reports, and create the tasks for remediation in Automox.