search

Palo Alto XSOAR integration (QUX)

hashtag
Please note!! - This article is ONLY for customers using Vectra's Quadrant UX with XSOAR. While similar, there are some differences in the implementation for customers using the Quadrant UX. If you are unsure which UX you are using, please see: Vectra Analyst User Experiences (Respond vs Quadrant) for more information .

hashtag
If you are configuring XSOAR for the Respond UX, please see the following article (instead of this article):

Palo Alto XSOAR Integration Guide for Vectra XDR

hashtag
New Version Available

November 2025 - Content Pack version 2.1.0

The following documentation pertains to the Vectra AI for Palo Alto XSOAR content pack version 2.1.0 integration.

!! Please see the attachment to the right of this screen for the full document.

The following documentation pertains to v2.0.0 and v2.1.0 of the Vectra integration for XSOAR.

Vectra AI for XSOAR v2.1.0 is the second major release that supports Vectra’s Quadrant UX. This major update adds the following functionality:

  • Mirroring support to provide for de-duplication of incidents.

  • Incident layout template for incident management.

  • Lookback functionality to ensure no detections are missed if published after polling.

  • Additional actions to interface with Vectra AI.

  • Playbooks to work with incidents.

  • OAUTH2 Authentication support.

  • Close as workflow actions.

  • Ability to create new incidents instead of re-opening closed incidents.

  • Enhanced fetch to allow for MDR escalation tags to trigger ingestion even on detections with older timestamps.

hashtag
Attachments

file-pdf
144KB
Vectra Content Pack Deprecation Notice.pdf
PDF
arrow-up-right-from-squareOpen
file-pdf
2MB
XSOAR Integration Guide for Vectra QUX v2.pdf
PDF
arrow-up-right-from-squareOpen
PreviousGoogle SecOps SOAR integration (QUX)NextPalo Alto XSOAR integration (RUX)

Last updated

Was this helpful?