07-28-2022 01:48 AM
Hi Guys,
is Cisco Threat Grid can be integrated with Palo Alto firewall, as Palo Alto can send unknown files ?
Also other Security Devices belongs to third-party vendor can be integrated with Cisco Threat Grid or not ?
07-28-2022 10:59 AM
Hi Mostafa,
Absolutely! Malware Analytics Cloud (formerly Threat Grid) has full set of RESTful APIs that you can roll your own integration with Palo Alto or any other 3rd party product that would submit files for analysis. If you have a Malware Analytics Cloud account, the APIs are documented in full in the Help Section. You might find these links also helpful:
https://github.com/CiscoSecurity/tg-01-basics
https://xsoar.pan.dev/docs/reference/integrations/threat-grid
07-30-2022 07:07 AM
Hi deantur,
Thanks for your reply.
Do you know the steps from Palo Alto side ?
As I think API integration needs a programming script, how it can be done on palo alto or any other 3rd-party that not allowing me to type a programming code ?
08-01-2022 12:49 PM - edited 08-01-2022 12:50 PM
Hi Mostafa,
Yes, there has to be some code that will use those API credentials and the Malware Analysis API to submit samples or retrieve intelligence. Examples of scripts that do so can be found here: https://github.com/CiscoSecurity?q=tg-
For Palo Alto specifically, I believe they want you to buy their SOAR to enable that. You'd be best served by reading the link Dean gave above (https://xsoar.pan.dev/docs/reference/integrations/threat-grid) and then contacting PAN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide