The PaloAlto XSOAR/XSIAM - Cortex Plugin allows you to obtain a detailed report from CrowdSec's CTI smoke database.
The integration is available directly from within Cortex XSOAR.
- Find and add an instance of the CrowdSec data enrichment.
- Fill in the API key you generated from the console interface.
If you need to download it you can find it here.
You can also refer to the integration documentation.
Once the CrowdSec enrichment is activated, your incidents will benefit from CrowdSec's CTI data on the incident's IP.
Date of the incident and attack details will be visible in the quick view and the full view.