- About Us
We 365 Admin Support, just simplify your IT problems
Call for a free support. +91 96666 59505Platform Partnership
Criminal IP (criminalip.io), an AI-driven threat intelligence platform by AI SPERA, is now fully integrated with Palo Alto Networks’ Cortex XSOAR.
This integration incorporates real-time threat context and exposure intelligence, along with automated multi-stage scans, straight into Cortex XSOAR’s orchestration engine. This enhancement allows security teams to achieve greater incident accuracy and quicker responses compared to traditional log-centric models.
Palo Alto Networks is recognized as a global leader in cybersecurity, and Cortex XSOAR serves as a pivotal hub for security automation. The inclusion of Criminal IP through the Cortex Marketplace allows users to assess suspicious IPs and domains not just via static reputation data, but also by analyzing behavioral signals, exposure history, and AI-enhanced threat scoring—all without needing additional systems or analyst input.
Today’s SOC teams are inundated with alerts, yet traditional enrichment methods still rely heavily on static reputation feeds that lack depth. These methods often overlook critical aspects like port exposure, CVE connections, and anonymization behaviors.
Criminal IP bridges this gap by continuously monitoring global internet-facing assets, correlating IP behaviors, domain activities, SSL/TLS information, CVE exposures, and more.
When an alert involves an IP or domain, Cortex XSOAR can automatically integrate this enriched intelligence into the active incident via a playbook, facilitating thorough assessments of intent and severity right within the Cortex SOAR environment.
Leverage Criminal IP’s Threat Intelligence to proactively spot, assess, and address emerging threats.
Fueled by AI and OSINT, it provides threat scoring, reputation insights, and real-time detections for various malicious indicators, including C2 servers and IOCs, across IPs, domains, and URLs. Its API-first design enables seamless integration into security workflows to enhance visibility, automate tasks, and improve response capabilities.
Cortex XSOAR playbooks can activate Criminal IP’s structured three-stage scanning process: starting with a Quick Lookup, proceeding to a Lite Scan, and culminating with a Full Scan for comprehensive attack surface evaluation.
Results from the Full Scan are provided as organized reports within Cortex XSOAR, with automatic polling ensuring seamless workflow progression.
Additionally, this integration merges internal telemetry with open internet data, delivering insights on historical behavior, C2 relationships, and SSL correlations for every indicator.
Cortex XSOAR can schedule Micro Attack Surface Management scans to evaluate exposed ports, certificate validity, vulnerable services, and outdated software, thereby offering lightweight continuous ASM capabilities that allow organizations to detect vulnerabilities before they can be exploited.
The partnership between Palo Alto Networks and Criminal IP signifies a larger movement towards autonomous security operations. By merging Cortex XSOAR’s automation features with Criminal IP’s real-time external analysis, SOC teams can automate decision-making processes that previously required manual investigation across various intelligence sources.
This advancement not only shortens response times and enhances incident classification accuracy but also lessens analyst burnout—issues that have intensified due to the surge in alert volumes and AI-generated threats.
Criminal IP is already integrated into Azure, AWS, and Snowflake marketplaces and collaborates with over 40 security vendors, including Cisco, Fortinet, and Tenable. Its new integration with Palo Alto Networks establishes a foundation for further collaborations across XDR and cloud security solutions.
According to Byungtak Kang, CEO of AI SPERA, this integration “underscores the rising significance of AI-driven threat intelligence and exposure analytics in enterprise security,” stating that Criminal IP is committed to aiding organizations in transitioning to fully autonomous defense architectures.
Discover more: https://cortex.marketplace.pan.dev/marketplace/details/CriminalIP/
Sponsored and prepared by Criminal IP.
