Torrance, United States / California, December nineteenth, 2025, CyberNewsWire
Prison IP (criminalip.io), the AI-powered risk intelligence and assault floor monitoring platform developed by AI SPERA, is now formally built-in into Palo Alto Networks’ Cortex XSOAR.
The combination embeds real-time exterior risk context, publicity intelligence, and automatic multi-stage scanning immediately into Cortex XSOAR’s orchestration engine, giving safety groups increased incident accuracy and quicker response than typical log-centric approaches.
For Palo Alto Networks, broadly considered the worldwide chief in cybersecurity, Cortex XSOAR is a central hub for SOC automation.
With Prison IP added as an integration by the Cortex Market, Cortex XSOAR can now supply customers the power to guage suspicious IPs and domains not solely by static repute knowledge but in addition by behavioral alerts, publicity historical past, infrastructure correlations, and AI-driven risk scoring, with out requiring further techniques or analyst-driven lookups.
AI Context to Handle the Limits of Log-Solely Incident Response
Automated playbook instance — detecting malicious domains utilizing the three-step scan within the built-in API of Prison IP and Palo Alto Networks Cortex XSOAR>
Trendy SOC groups face overwhelming alert volumes, but conventional enrichment nonetheless is dependent upon static repute feeds with restricted context, usually lacking port publicity, CVE ties, certificates reuse, DNS modifications, or anonymization habits.
Prison IP fills this hole by repeatedly analyzing world internet-facing belongings and correlating IP habits, area exercise, SSL/TLS knowledge, port states, CVE publicity, IDS hits, and masking indicators.
When an alert consists of an IP or area, Cortex XSOAR can robotically pull this enriched intelligence into the lively incident through a playbook, permitting analysts to evaluate intent and severity with out leaving Cortex SOAR.
Multi-Stage Scanning and Exterior Publicity Linking
Cortex XSOAR playbooks can set off Prison IP’s automated three-stage scanning workflow: starting with a Fast Lookup, escalating to a Lite Scan, after which performing a Full Scan for full assault floor evaluation.
Full Scan outcomes are delivered as structured studies inside Cortex XSOAR, with generic polling making certain the workflow continues with out guide effort.
Past alert-driven enrichment, the mixing additionally hyperlinks inner telemetry with open-internet intelligence offering historic habits, C2 relationships, anonymization indicators, abuse data, and SSL correlations for every indicator.
Cortex XSOAR also can schedule Micro Assault Floor Administration scans to evaluate uncovered ports, certificates validity, susceptible providers, and outdated software program, providing light-weight, steady ASM capabilities that assist organizations establish weaknesses earlier than they’re exploited.
Accelerating the Shift Towards Intelligence-Pushed Autonomous Safety
Screenshot of the Prison IP pack on the Cortex Market
The combination between Palo Alto Networks and Prison IP displays a broader pattern towards autonomous safety operations.
By combining Cortex XSOAR’s automation and orchestration capabilities with Prison IP’s real-time exterior evaluation, SOC groups can automate choices that beforehand required guide analysis throughout a number of intelligence sources.
This reduces response occasions, improves the accuracy of incident classification, and minimizes analyst fatigue—points which have grown extra extreme as alert volumes and AI-generated threats proceed to rise.
Prison IP is already current on Azure, AWS, and Snowflake marketplaces and maintains integrations with greater than 40 safety distributors, together with Cisco, Fortinet, and Tenable. Its growth into the Palo Alto Networks ecosystem units the inspiration for additional integrations throughout XDR and cloud safety options.
AI SPERA CEO Byungtak Kang said that the mixing “demonstrates the rising significance of AI-driven risk intelligence and publicity analytics in enterprise safety operations,” including that Prison IP goals to play a central position in serving to organizations transition towards totally autonomous protection architectures.
About Prison IP
Prison IP is the flagship cyber risk intelligence platform developed by AI SPERA. The platform is utilized in greater than 150 international locations and offers complete risk visibility by enterprise safety options comparable to Prison IP ASM and Prison IP FDS.
Prison IP continues to strengthen its world ecosystem by strategic partnerships with Cisco, VirusTotal and Quad9.
The platform’s risk knowledge can also be accessible by main US knowledge warehouse marketplaces together with Amazon Internet Providers (AWS), Microsoft Azure and Snowflake. This growth improves world entry to top quality risk intelligence from Prison IP.
Customers can study extra:
Contact
Michael Sena
AI SPERA
