Palo Alto Cortex XDR

XDR is Palo Alto Networks' premier data analytics tool that leverages modern threat detection and response capabilities on centralized data collected in the Cortex data lake.

To learn more about the service see the Cortex XDR documentation.

Prerequisites

Permissions

"Instance Administrator" role in the Palo Alto Cortex XDR console

Configuration steps

Creating an API key

You can refer to this documentation for more details:

IoT Security Integration Guide - Set up Cortex XDR for Integration
Get Started in Cortex XSOAR - API Keys

In the Cortex XDR console, go to Settings → Configurations → Integration Section → API Keys and generate a new key.

Cortex XDR - Configurations - Integrations - API Keys - Generate API Key

Retrieve the key and keep it

Cortex XDR - Configurations - Integrations - API Keys - Generate API Key - Generated Key

Retrieve the tenant FQDN and API key ID

Cortex XDR - Configurations - Integrations - API Keys

Create Azure application secret in MD.ECO

Notify Mondata

Notify Mondata that Palo Alto Cortex XDR is configured.

Prerequisites​

Permissions​

Configuration steps​

Creating an API key​

Retrieve the key and keep it​

Retrieve the tenant FQDN and API key ID​

Create Azure application secret in MD.ECO​

Notify Mondata​