SaasSecurity
SaaS Security API is a cloud-based service that you can connect directly to your sanctioned SaaS applications using the cloud app’s API to provide data classification, sharing and permission visibility, and threat detection. This Content Pack provides insights into risks posed by data exposure and policy violations and enables you to use Cortex XSOAR to effectively manage the incidents discovered by SaaS Security API.
Network Security · SaaS Security by Palo Alto Networks
Configuration parameters
url— Server URL (required)credentials— Client ID (required)isFetch— Fetch incidentsincidentFetchInterval— Incidents Fetch IntervalincidentType— Incident typemirror_direction— Incident Mirroring Directionmax_fetch— Number of incidents per fetch. (required)first_fetch— First fetch timestamp (<number> <time unit>. For example, 12 hours, 7 days)state— Fetch only incidents with matching stateseverity— Fetch only incidents with matching severitystatus— Fetch only incidents with matching statusapp_ids— Fetch only incidents with matching Application IDsclose_incident— Close Mirrored XSOAR Incidentinsecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (10)
-
get-mapping-fieldsReturns the list of fields for an incident type.
-
get-modified-remote-dataGet the list of incidents that were modified since the last update. Note that this method is used for debugging purposes. get-modified-remote-data is used as part of a Mirroring feature, which is available since Cortex XSOAR version 6.1.
-
get-remote-dataGet remote data from a remote incident. Note that this method will not update the current incident. It's used for debugging purposes.
-
saas-security-asset-remediateRemediates an asset.
-
saas-security-get-appsReturns the Application ID, Name, and Type for all applications.
-
saas-security-incident-get-by-idGets an incident by its ID.
-
saas-security-incident-state-updateCloses an incident and updates its category.
-
saas-security-incidents-getRetrieves incidents from the SaaS Security platform.
-
saas-security-remediation-status-getGets the remediation status for a given asset ID.
-
update-remote-systemUpdates local incident changes in the remote incident. This method is only used for debugging purposes and will not update the current incident.