Use Palo Alto Networks Cortex XSOAR with Censys Platform to enrich investigations and automate analyst workflows with Internet intelligence from Censys. This vendor-developed integration helps SOC and CTI teams add external context to suspicious infrastructure directly inside XSOAR.
Use cases
Indicator enrichment: Add Censys context to IP addresses, domains, SHA-256 fingerprints, and certificates to better understand what an observable is, how it is exposed, and what infrastructure is associated with it.
Automated playbook support: Use XSOAR playbooks to automate enrichment at scale so analysts receive external context without repetitive manual lookups.
War Room investigation: Perform Censys searches directly from the War Room CLI to pivot quickly from a suspicious observable to broader internet-facing infrastructure context.
Threat intelligence workflows: Give CTI teams additional context on exposed services, certificates, and related infrastructure when analyzing suspicious activity.
Benefits
Broad observable support: Enrich multiple common observable types from a single workflow.
Automation at scale: Support full XSOAR playbook-based enrichment for faster and more consistent investigations.
Deeper Internet context: Access real-time scan data including service banners, protocol details, and historical WHOIS.
Actionable analyst workflow: Investigate and pivot directly inside XSOAR without breaking workflow.
Censys Supported Products:
- Platform
Category:
- SOAR
Vendor:
- Palo Alto Networks
Maintained By:
- Palo Alto Networks