Enhance your Palo Alto XSOAR environment with Silent Push’s threat intelligence capabilities. This integration enables on-demand lookups and automated workflows for domains, IP addresses, nameservers, and Indicators of Future Attack (IOFA) feeds, streamlining incident response and threat hunting.
Requirements
Palo Alto XSOAR instance
Silent Push content pack (available via the XSOAR Marketplace)
Install the Silent Push Content Pack
In Palo Alto XSOAR, go to the Marketplace.
Search for Silent Push.
Select the Silent Push content pack and click Install in the top-right corner.
Configure the integration
Navigate to Settings > Integrations > Instances in the XSOAR left menu.
Search for Silent Push and click Add Instance.
Follow the prompts to configure the integration settings.
Perform On-Demand Lookups
To query threat intelligence:
Access the Playground or an incident in XSOAR.
Type
!silentpush-to view a list of available commands for use in the Playground, War Room, or playbooks.
The Silent Push integration supports 20 actions, including querying enrichment data, retrieving IOFA feeds, and performing live scans for domains, IPs, and nameservers.
To enrich a domain:
Use the command:
!silentpush-get-enrichment-data resource=domain value=119caipiaokf[.]comExecute the command to retrieve comprehensive data about the domain in the Playground.
Example: Reverse DNS Lookup
To investigate domains associated with an IP:
Use the command:
!silentpush-reverse-padns-lookup qname=103.148.186.162 qtype=ARun the command to return all domains with A records pointing to the specified IP address.
Additional Capabilities
Perform live URL scans and capture screenshots.
Enrich IP addresses and domains with Silent Push's first-party threat intelligence.
Integrate lookup results into XSOAR playbooks for automated threat response workflows.
This integration empowers security teams to leverage Silent Push's proactive threat intelligence within Palo Alto XSOAR, enabling faster detection and response to cyber threats.