# Palo Alto XSOAR integration (RUX)

{% hint style="info" %}
**Please Note:**

This article is ONLY for customers using Vectra's Respond UX (RUX) with XSOAR. While similar, there are some differences in the implementation for customers using the Quadrant UX. If you are unsure which UX you are using, please see: [Analyst UX options (RUX vs QUX)](/deployment/getting-started/analyst-ux-options-rux-vs-qux.md) **.**

If you are configuring XSOAR for the Quadrant UX, please see [Palo Alto XSOAR integration (QUX)](/configuration/response/soar/palo-alto-xsoar-integration-qux.md) instead.
{% endhint %}

## New Version Available

**November 2025 - Content Pack version 1.2.0**

The following documentation pertains to the Vectra integration for Palo Alto XSOAR content pack version 1.2.0.

## Contains

* Introduction\
  \- Document and Release Information
* Terminology
* Architecture
* Implementation\
  \- Vectra Pre-requisites\
  \- XSOAR Pre-requisites\
  \- Downloading and Installing the App\
  \- Implementation Checklist\
  \- Initial Configuration of New Asset
* Operational Components\
  \- Incidents\
  \- Incident Template\
  \- Incident Info\
  \- Entity Detections\
  \- War Room\
  \- Work Plan\
  \- Remaining Tabs\
  \- Context Data\
  \- Indicators\
  \- Actions\
  \- Playbooks
* Operations\
  \- Incident Creation Philosophy\
  \- Incident Priority\
  \- Investigate\
  \- Detections\
  \- War Room\
  \- Work Plan\
  \- Sync Assignment\
  \- Basic Workflow\
  \- Intermediate Workflow\
  \- Running Actions - General\
  \- Running Actions - Resolve Assignment
* Working with Playbooks
* Known Limitations
* Troubleshooting
* Worldwide Support Contact Information

### Attachments

{% file src="/files/jh1VMunU0aGHlAgOS3El" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.vectra.ai/configuration/response/soar/palo-alto-xsoar-integration-rux.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.