Palo Alto XSOAR integration (RUX)

**Please note!! - This article is ONLY for customers using Vectra's Respond UX with XSOAR. While similar, there are some differences in the implementation for customers using the Quadrant UX. If you are unsure which UX you are using, please see: **Vectra Analyst User Experiences (Respond vs Quadrant) for more information .

If you are configuring XSOAR for the Quadrant UX, please see the following article (instead of this article):

Cortex XSOAR Integration

This article only applies to customers using Vectra's Respond UX. If you are using the Quadrant UX please see the Sending Vectra Detect Events to Microsoft Sentinel. If you are unsure of which UX you are using, please see Vectra Analyst User Experiences (Respond vs Quadrant).

New Version Available

November 2025 - Content Pack version 1.2.0

The following documentation pertains to the Vectra integration for Palo Alto XSOAR content pack version 1.2.0.

!! Please see the attachment to the right of this screen for the full document.

Contains

• Introduction - Document and Release Information

• Terminology

• Architecture

• Implementation - Vectra Pre-requisites - XSOAR Pre-requisites - Downloading and Installing the App - Implementation Checklist - Initial Configuration of New Asset

• Operational Components - Incidents - Incident Template - Incident Info - Entity Detections - War Room - Work Plan - Remaining Tabs - Context Data - Indicators - Actions - Playbooks

• Operations - Incident Creation Philosophy - Incident Priority - Investigate - Detections - War Room - Work Plan - Sync Assignment - Basic Workflow - Intermediate Workflow - Running Actions - General - Running Actions - Resolve Assignment

• Working with Playbooks

• Known Limitations

• Troubleshooting

• Worldwide Support Contact Information

Attachments