Criminal IP and Palo Alto Networks Cortex XSOAR integrate to bring AI-driven exposure intelligence to automated incident response

Criminal IP (criminalip.io), the AI-powered threat intelligence and attack surface monitoring platform developed by AI SPERA, is now officially integrated into Palo Alto Networks’ Cortex XSOAR. The integration embeds real-time external threat context, exposure intelligence, and automated multi-stage scanning directly into Cortex XSOAR’s orchestration engine, giving security teams higher incident accuracy and faster response than conventional log-centric approaches.

For Palo Alto Networks, widely regarded as the global leader in cybersecurity, Cortex XSOAR is a central hub for SOC automation. With Criminal IP added as an integration through the Cortex Marketplace, Cortex XSOAR can now offer users the ability to evaluate suspicious IPs and domains not only through static reputation data but also through behavioral signals, exposure history, infrastructure correlations, and AI-driven threat scoring, without requiring additional systems or analyst-driven lookups.

AI Context to Address the Limits of Log-Only Incident Response

Automated playbook example — detecting malicious domains using the ...