SaaS Security by Palo Alto Networks v2.0.53
SaaS Security connects directly to your sanctioned SaaS applications to provide data classification, sharing and permission visibility, and threat detection.
- Author:
- Cortex XSOAR
- Support:
- xsoar
- Default data source:
- SaaS Security Event Collector
agentixxsiamEDRcloud_runtime_security
Cloud Security
Classifiers (2)
Incident fields (14)
- Saas Security Asset ID
- Saas Security Asset Name
- Saas Security Asset Owner
- Saas Security Asset Owner Email
- Saas Security Asset URL
- Saas Security Assigned To
- Saas Security Category
- Saas Security Incident Id
- Saas Security Incident Severity Level
- Saas Security Remediation Type
- Saas Security Remove Inherited Sharing
- Saas Security Resolved By
- Saas Security State
- Saas Security Status
Incident types (1)
Integrations (2)
Layouts (1)
Modeling rules (1)
Parsing rules (1)
README
What does this pack do?
- Provides the SaaS Security integration, which allows Cortex XSOAR to collect incidents from the SaaS Security platform.
- Provides a SaaS Security Incident incident type with dedicated incoming mapper, fields and layout.
- Provides a generic polling playbook that handles the remediation of an asset.
Screenshots
-
SaaS Security Incident Layout:

-
Remediate an Asset:
