Re: Threat Grid Integration with Palo Alto

Mostafa hasanin · ‎07-28-2022

Hi Guys,

is Cisco Threat Grid can be integrated with Palo Alto firewall, as Palo Alto can send unknown files ?

Also other Security Devices belongs to third-party vendor can be integrated with Cisco Threat Grid or not ?

deantur · ‎07-28-2022

Hi Mostafa,

Absolutely! Malware Analytics Cloud (formerly Threat Grid) has full set of RESTful APIs that you can roll your own integration with Palo Alto or any other 3rd party product that would submit files for analysis. If you have a Malware Analytics Cloud account, the APIs are documented in full in the Help Section. You might find these links also helpful:

https://github.com/CiscoSecurity/tg-01-basics

https://xsoar.pan.dev/docs/reference/integrations/threat-grid

Mostafa hasanin · ‎07-30-2022

Hi deantur,

Thanks for your reply.

Do you know the steps from Palo Alto side ?

As I think API integration needs a programming script, how it can be done on palo alto or any other 3rd-party that not allowing me to type a programming code ?

ben.greenbaum · ‎08-01-2022

Hi Mostafa,
Yes, there has to be some code that will use those API credentials and the Malware Analysis API to submit samples or retrieve intelligence. Examples of scripts that do so can be found here: https://github.com/CiscoSecurity?q=tg-

For Palo Alto specifically, I believe they want you to buy their SOAR to enable that. You'd be best served by reading the link Dean gave above (https://xsoar.pan.dev/docs/reference/integrations/threat-grid) and then contacting PAN.