Security Integration

Palo Alto XSOAR

Integrate TigerIdentity with Palo Alto XSOAR for automated incident response, security orchestration, and threat intelligence-driven access control.

Book a DemoView Documentation

Key Features

Incident Response Automation

Trigger automated playbooks for identity-related security incidents with real-time access revocation.

Bi-directional Integration

Send access decisions to XSOAR and receive incident signals for dynamic policy enforcement.

Security Orchestration

Coordinate identity governance responses across your entire security stack through XSOAR.

Threat Intelligence

Leverage XSOAR threat intelligence feeds to inform access control decisions in real-time.

Automated Remediation

Automatically revoke access, disable accounts, and trigger workflows based on security incidents.

Audit & Reporting

Comprehensive incident tracking with complete audit trails for compliance and forensics.

How It Works

1

Connect

Configure the XSOAR connector with API credentials to access your XSOAR platform.

2

Orchestrate Security Events

TigerIdentity sends access events to XSOAR and receives incident data, threat intelligence, and playbook triggers.

3

Automate Response

Execute automated workflows that revoke access, trigger investigations, and enforce policies based on security incidents.

Configuration Example

connector:
  type: palo-alto-xsoar
  name: "xsoar-production"

  config:
    api_key: "${XSOAR_API_KEY}"
    api_key_id: "${XSOAR_API_KEY_ID}"
    base_url: "https://xsoar.company.com"
    verify_ssl: true

  sync:
    incidents: true
    playbooks: true
    threat_intel: true
    indicators: true

  events:
    - incident.created
    - incident.critical
    - incident.identity_compromise
    - playbook.completed
    - indicator.malicious

  policies:
    - name: "revoke-on-compromise"
      condition: "incident.severity >= 3 AND incident.category == 'Identity'"
      action: "revoke_all_sessions"
      notify_xsoar: true

    - name: "block-malicious-actors"
      condition: "indicator.reputation == 'malicious'"
      action: "block_access"
      create_incident: true

  playbook_triggers:
    - event: "high_risk_access_denied"
      playbook: "Identity-Investigation"
      params:
        user_id: "{user.id}"
        resource: "{resource.name}"
        risk_score: "{decision.risk_score}"

  mapping:
    incident_attributes:
      - xsoar: owner
        tiger: assignee
      - xsoar: severity
        tiger: risk_level
      - xsoar: closeReason
        tiger: resolution

Use Cases

Automated Incident Response

Trigger XSOAR playbooks when high-risk access is detected, automatically investigating and remediating identity threats.

Compromised Account Containment

Instantly revoke all access and sessions when XSOAR detects a compromised user or service account.

Threat Intelligence-Driven Access

Block access requests from IP addresses or locations flagged as malicious in XSOAR threat feeds.

Security Workflow Orchestration

Coordinate identity governance actions across security tools through XSOAR orchestration workflows.

Ready to connect Palo Alto XSOAR?

See how TigerIdentity integrates with your XSOAR environment for automated security orchestration.

Schedule Your Demo