Apps
PaloAlto Cortex XDR

Interpres Application - PaloAlto Cortex XDR

  • Type: Endpoint
  • Vendor: Palo Alto

The PaloAlto Cortex XDR app will process Cortex XDR Detections, Alerts, Telemetry, and Assets

Vendor setup

  1. In Cortex XDR console go to Settings -> Configurations -> Integrations > API Keys
  2. Create New Key:
    • Security Level — Interpres recommends using Advanced
    • Roles — Select Viewer
  3. Generate and copy API Key
  4. Retrieve the Cortex XDR API Key ID and FQDN in the API Keys table.

App Configuration

App Parameters:

  • Base URL: The URL To the Palo Alto Cortex XDR instance. i.e https://api-{tenant}.xdr.us.paloaltonetworks.com/
  • API Key ID: The API Key ID created
  • API Key: The API Key created
  • Advanced: Enable if using Advanced API keys
  • Proxy: A valid proxy server and port. This should of the form 'http[s]://:'

App Validation

Check there is connectivity (green light) in the integration created.

Implemented Actions

  • Get Assets: Get assets where endpoint agents (connected and disconnected) are installed.
  • Get Available Telemetry: This action just returns a predefined set of telemetry that PaloAlto Cortex XDR provides based on your license.
  • Get Detections: This action processes PaloAlto Cortex XDR alerts which are triggered rules. Each rule found will be added to detections. You can also upload PaloAlto Cortex XDR by exporting the detections in the Cortex XDR UI and import it them into Interpres. Please get in touch with Interpres if you want to import the detections this way.
  • Get Alerts: Get Alerts will process all the PaloAlto Cortex XDR alerts.



Did this page help you?
PREVIOUS
Interpres Application - Ordr Integration
NEXT
Interpres Application - Panorama
Docs powered by Archbee