> For the complete documentation index, see [llms.txt](https://docs.vectra.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.vectra.ai/configuration/response/soar/palo-alto-xsoar-integration-qux.md). # Palo Alto XSOAR integration (QUX) #### **Please note!! - This article is ONLY for customers using Vectra's Quadrant UX with XSOAR. While similar, there are some differences in the implementation for customers using the Quadrant UX. If you are unsure which UX you are using, please see:** [Vectra Analyst User Experiences (Respond vs Quadrant) for more information](/deployment/getting-started/analyst-ux-options-rux-vs-qux.md) **.** #### **If you are configuring XSOAR for the Respond UX, please see the following article (instead of this article):** [**Palo Alto XSOAR Integration Guide for Vectra XDR**](/configuration/response/soar/palo-alto-xsoar-integration-rux.md) ## New Version Available **November 2025 - Content Pack version 2.1.0** The following documentation pertains to the Vectra AI for Palo Alto XSOAR content pack version 2.1.0 integration. **!! Please see the attachment to the right of this screen for the full document.** The following documentation pertains to v2.0.0 and v2.1.0 of the Vectra integration for XSOAR. Vectra AI for XSOAR v2.1.0 is the second major release that supports Vectra’s Quadrant UX. This major update adds the following functionality: * Mirroring support to provide for de-duplication of incidents. * Incident layout template for incident management. * Lookback functionality to ensure no detections are missed if published after polling. * Additional actions to interface with Vectra AI. * Playbooks to work with incidents. * OAUTH2 Authentication support. * Close as workflow actions. * Ability to create new incidents instead of re-opening closed incidents. * Enhanced fetch to allow for MDR escalation tags to trigger ingestion even on detections with older timestamps. ### Attachments {% file src="/files/44bpP63lAfYdopSfq1uK" %} {% file src="/files/GPUxAyHkwTWPXOwcsEjT" %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.vectra.ai/configuration/response/soar/palo-alto-xsoar-integration-qux.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.