1/2
Palo Alto Cortex XDR - Incidents
1/2
Palo Alto Cortex XDR - Alerts
Palo Alto Cortex XDR is a comprehensive detection and response platform that provides advanced threat protection across endpoints, networks, and cloud environments. It integrates endpoint protection, network security, and analytics to offer real-time visibility and response capabilities and combat sophisticated cyber threats effectively.
This integration ingests the following logs:
- Incident: Represents information of artifacts, assets, and alerts from a threat event, including their severity, status, and the users who handle them.
- Alert: Represents real-time analysis of alerts, including their severity, frequency, and source.
The Palo Alto Cortex XDR integration seamlessly collects the data of Palo Alto Cortex XDR logs using REST APIs. Before ingesting the data, it normalizes and enriches the logs, ensuring a consistent data format and enhancing information content for downstream processing and analysis. The integration provides insights into incidents and alerts using out-of-the-box dashboards.
- Log into your Palo Alto Cortex XDR account.
- Navigate to Settings > Configurations > Integrations > API Keys.
- Click on New Key.
- Choose the type of API key based on your desired security level, Advanced or Standard.
- If you want to define a time limit on the API key authentication, check Enable Expiration Date, and then select the expiration date and time. Navigate to Settings > Configurations > Integrations > API Keys to track the Expiration Time setting for each API key.
- Provide a comment that describes the purpose for the API key, if desired.
- Select the desired level of access for this key from existing Roles, or you can select Custom to set the permissions granularly.
- Click Generate to generate the API key.
- In the API Keys table, locate the ID field.
- Note your corresponding ID number. This value represents the x-xdr-auth-id:{key_id} token.
- Right-click your API key and select View Examples.
- Copy the CURL Example URL. The example contains your unique FQDN.
Add your Palo Alto Cortex XDR credentials.
Parameters | Description |
---|
API key | The API key from Palo Alto Cortex XDR. |
API Key ID | The auth ID from Palo Alto Cortex XDR. |
FQDN | The FQDN from Palo Alto Cortex XDR. It is the baseUrl part of baseUrl/public_api/v1/{name of api}/{name of call}/ |
Click the Save button to save your settings.
The Palo Alto Cortex XDR integration collects and forwards Palo Alto Cortex XDR incident and alert logs to Datadog.
The Palo Alto Cortex XDR integration does not include any metrics.
The Palo Alto Cortex XDR integration does not include any events.
Need help? Contact Datadog Support.