Integrating Palo Alto Networks and RST Cloud
Organisations can now seamlessly integrate RST Cloud's powerful threat intelligence with Palo Alto Networks' cutting-edge solutions.
Maximise Your Cybersecurity with RST Cloud and Palo Alto Networks:
- Cortex XSOAR/XIAM Integration enhances your incident response using RST Cloud’s IoC Lookup API:
- Enrich incidents with data on malicious IPs, domains, URLs, and hashes
- Access additional context like whois information, ASN details, and malware attributionwith each indicator
- Use calculated RST Cloud risk scores to set actionable thresholds
- Palo Alto NGFW integration enhances real-time threat prevention and malware detection capabilities:
- Integrate TI knowledge directly into Palo Alto NGFW modules for blocking network threats
- Detect and block malicious activities using high-confidence indicators
- Integrate threat intelligence across different Palo Alto NGFW modules. Block network threats based on IP, domain, and URL indicators, and safeguard against malicious file downloads.
Prerequisites:
- API keys obtained from the RST Cloud team (contact us on info@rstcloud.net or via the website contact form)
Cortex XSOAR and XSIAM
The RST Cloud APIs can be accessed via an app published on the Cortex Marketplace.
RST IoC Lookup covers multiple categories of indicators, including phishing, ransomware, stealers, web attacks, C2 servers, botnets, malware, TOR nodes, scanning hosts, bad bots, DDoS, cryptomining, spamming hosts, fraud, and other types.
Each indicator has an individual score calculated based on qualitative and quantitative parameters, such as the type of indicator, the reporter of the indicator, how many others are already aware of the indicator, whether the indicator was exposed previously, and many other contributing factors.
The pack includes access to the RST Threat Feed APIs (RST IoC Lookup) as well as pre-configured enrichment playbook examples.
Documentation is available here:
Integrations instructions:
Name | Description |
RST Threat Feed API (IoC Lookup) | RST Threat Feed integration for interacting with RST Cloud API |
Playbooks:
Name | Description |
URL Enrichment - RST Threat Feed | Enrich URLs using one or more integrations.
URL enrichment includes: |
File Enrichment - RST Threat Feed | Enrich File hashes using RST Threat Feed integrations
File hashes enrichment includes: |
Domain Enrichment - RST Threat Feed | Enrich domains using RST Threat Feed integration
Domain enrichment includes: |
IP Enrichment - External - RST Threat Feed | Enrich IP addresses using one or more integrations:
IP enrichment includes: |
Enhancing Palo Alto NGFW with RST Threat Feed
In today’s evolving threat landscape, organisations can strengthen their network defences by integrating external threat intelligence from RST Cloud with network security solutions. Using the External Dynamic List (EDL) feature, RST Threat Feed for NGFW seamlessly integrates with Palo Alto Networks NGFWs, enabling efficient threat blocking at the perimeter.
Congratulations! You have successfully configured the RST Threat Feed with Palo Alto Networks solutions. You can now leverage the threat intelligence data in your security operations.