Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Palo Alto Cortex

            Introduction

            Integrating Palo Alto Cortex XDR with Field Effect MDR allows Field Effect MDR to query your Cortex XDR environment for recent Cortex incidents. This level of access to your environment enriching Field Effect MDR's monitoring fidelity, and enables ARO generation, as appropriate, based on high severity alerts.


            Requirements

            To perform this procedure, you will need administrator level access to both the Field Effect MDR Portal and Cortex XDR's reporting data. 


            Integration Instructions

            The following sections outline what has to be done within each solution to complete the integration.  


            Set Up Cortex XDR For the Integration

             Within Cortex XDR, you will need to genera an API Key. The API key and its API Key, along with your organization's Fully Qualified Domain Name (FQDN). 


            The basic instructions are as follows: 

            1. Log into your Cortex XDR Portal.  
            2. Navigate to the API Keys page (Settings > Configurations > Integrations > API Keys).
            3. Click +New Key
            4. In the Generate API Key dialogue, set the following parameters: 
              1. Security Level: Advanced
              2. Roles: Viewer
            5. Click Generate
            6.  Make note of the following, as you will need to provide them in the Field Effect MDR Portal: 
              1. API Key 
              2. API Key ID (API Keys table)
              3. FDQN


            You can find more information from visiting Cortex XDR's help content


            Complete the Integration in the MDR Portal

            After completing the procedure above, log into the MDR Portal's Administration > Integrations Page. From the Cybersecurity tab, click +Add for Paul Alto Cortex XDR. 



            The integration wizard will open. Provide the API Key, API Key ID, and FQDN you gathered in the previous procedure. When ready, click Submit. 


            A Note for the FQDN: 

Your FQDN must use the following format: 

api-mycompany.xdr.eu.paloaltonetworks.com 

In the example above, "mycompany" should be your company name and the "eu" should be your country code.




            You'll be taken back to the integrations page, and the integration card will show that the integration is connected and promoted to the top, alongside any other connected integrations. 



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0