Login
    Contents x
    Palo Alto Cortex XDR
    • 02 Jan 2025
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    Palo Alto Cortex XDR

    • Updated on 02 Jan 2025
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Palo Alto Cortex XDR is the detection and response app that natively integrates network, endpoint and cloud data to stop sophisticated attacks. Cortex XDR accurately detects threats with behavioral analytics and reveals the root cause to speed up investigations.

    Integration: API

    Tables: Detections, Incidents

    Palo Alto Cortex XDR Configuration

    To enable the integration, an API key and other information is needed, including the API Key, API Key ID, and FQDN.

    Create API Key

    • In Cortex XDR, navigate to Settings > Configurations > Integrations > API Keys.

    • Select + New Key.

    • Choose the security level: Standard.

    • Provide a comment that describes the purpose for the API key, if desired.

    • Select the Role: Viewer.

    • Click on the Generate button.

    • Copy the API key, and then click Done. This value represents your unique API_SECRET_KEY.

    Note:

    You will not be able to view the API Key again after you complete this step. Ensure that you copy it before closing the notification.

    Refer Get Started with Cortex XDR APIs for detailed information.

    Get API Key ID

    • In the API Keys table, locate the ‘ID’ field.

    • Note your corresponding ID number. This value represents the API_ACCESS_KEY.

    Get FQDN value

    DataBee Configuration

    • To configure the Data Source, login into the Databee UI and click on Add New Data Source. Search and click on the Palo Alto Cortex XDR as mentioned below.

    • Click on the API Ingest option for the collection method.

    • Provide the name of the Data Source and other relevant information as mentioned below.

    • In the endpoint configuration page, give the FQDN value which can be found in the previous step of the API Key generation. Select the Custom API Key as ‘Authorization Method’. Paste the API Key ID in ‘Access Key’ field which can be found in the API Keys section in Palo Alto Cortex XDR dashboard. Paste the API Key in ‘Secret Key’ field as mentioned below.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence