Set up Nuvolo for Integration
Table of Contents
Set up Nuvolo for Integration
Set up Nuvolo for integration with IoT Security through
Cortex XSOAR.
Nuvolo is preconfigured with most of what
you need to integrate with IoT Security. The following steps explain
what you need to do to complete the Nuvolo configuration.
- Contact Nuvolo and request the creation of a user account to access the Nuvolo API.Because Nuvolo is an application that runs on the ServiceNow platform, only users with ServiceNow administrative rights can create users. The user account selected here must not have any roles or permissions granted to it.Log in to Nuvolo as a user with the system admin role, navigate to the EAM Queue module, and then click .
![]()
In the list of data sources, click the Palo Alto Networks record to open it.![]()
The Palo Alto Networks Data Source record appears with empty Company and Account fields.![]()
Click the Lookup using list icon () next to the Company field to create or select the company vendor record for Palo Alto Networks.![]()
Click the Lookup using list icon () next to the Account field to select the user account record created for API access.![]()
![]()
After you make the company and account selections, click Update.Retrieve the source key for the data source record and record its value.To retrieve the value, enter the OT Cyber Security section, navigate to , right-click Palo Alto Networks, and then click Copy sys_id in the pop-up menu that appears.![]()
This copies the value to your computer’s clipboard. You will later enter this value in the Source Key field in Cortex XSOAR when configuring a Nuvolo instance.Link IoT Security-sourced data with Nuvolo assets.To accomplish this critical element in the integration, configure Nuvolo to use the MAC address or serial number key fields in the key/data pairs it receives from IoT Security in its discovery and security queues. In the EAM Queue section, click , enter the following, and then click Submit:Table Name: Clinical Devices [x_nuvo_eam_clinical_devices]Field Name: MAC AddressKey Name: Mac Address (This must be an exact match for the key name that XSOAR sends.)Data Source: Palo Alto NetworksQueue Type: Discovery Queue [x_nuvo_eam_discovery_queue]![]()
Repeat the previous step three more times to create a total of four key field mappings with the following settings:Table Name Field Name Key Name Data Source Queue Type Clinical Devices [x_nuvo_eam_clinical_devices] MAC Address Mac Address Palo Alto Networks Discovery Queue [x_nuvo_discovery_queue] Clinical Devices [x_nuvo_eam_clinical_devices] Serial Number Serial Number Palo Alto Networks Discovery Queue [x_nuvo_discovery_queue] Clinical Devices [x_nuvo_eam_clinical_devices] MAC Address Mac Address Palo Alto Networks Security Queue [x_nuvo_security_queue] Clinical Devices [x_nuvo_eam_clinical_devices] Serial Number Serial Number Palo Alto Networks Security Queue [x_nuvo_security_queue] Nuvolo provides several predefined action scripts specifically for IoT Security:- The scripts in the Discovery Queue add new IoT Security-discovered devices to the asset inventory in Nuvolo and update existing assets with IoT Security-provided details. The two action scripts in the Discovery Queue that add devices and update assets are titled Palo Alto Networks – Create Device and Palo Alto Networks – Update device automatically if identified by trusted identifier.To see newly added and updated assets in the Nuvolo interface, click .
- The action script in the Security Queue is titled Palo Alto Networks – Create Alert, map devices, & create WOs.To see alerts and vulnerabilities sent to Nuvolo from IoT Security, click .To see work orders for security events sent from IoT Security, click .
