Login
    Contents x
    Palo Alto Networks Cortex XDR
    • 28 Sep 2023
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Palo Alto Networks Cortex XDR

    • Updated on 28 Sep 2023
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Palo Alto Networks Cortex XDR is a detection and response app that natively integrates network, endpoint, and cloud data to detect threats and stop sophisticated attacks.

    Related Enforcement Actions
    Palo Alto Networks Cortex XDR - Isolate/Unisolate Assets

    Parameters

    1. Cortex XDR Domain (required) - The hostname of the Palo Alto Networks Cortex XDR API server, for example,
      api-CUSTOMER.xdr.us.paloaltonetworks.com .
    2. URL Base Path (optional) - Specify the fully qualified domain name (FQDN). For more details, see Cortex XDR API Reference - Get Started with Cortex XDR APIs.
    3. API Key ID and API Key (required) - Specify the API key and the API key ID of an Advanced Security Level API, as generated in Cortex XDR app. For more details on generating an Advanced Security Level API, see Cortex XDR API Reference - Get Started with Cortex XDR APIs.
    4. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
    5. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

    To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

    Palo Alto Networks Cortex XDR


    Advanced Settings

    Note:

    Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

    1. Fetch policies - Select whether to fetch policies.
    2. Do not fetch devices with disconnected status - Select to not fetch devices that have the 'Disconnected' status.
    3. Fetch software information - Select whether to fetch information about installed software.
    4. Fetch daemon information - Select this option to fetch daemon information for each device.
    5. Fetch DNS information - Toggle on this option to enrich devices with DNS query information. When you toggle on this option 2 additional options are available
      • XQL timeframe for DNS records - Optional: specify the XQL for DNS record Timeframe
      • XQL filter for DNS records - specify the XQL to filter the included DNS records
    6. Fetch vulnerability information - Select this option to fetch vulnerability information for devices.
    7. Fetch device users information - Select this option to fetch a list of users per device.
    Note:

    To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.


    APIs

    Axonius uses the Cortex XDR APIs.

    For details on generating an Advanced Security Level API, see Cortex XDR API Reference - Get Started with Cortex XDR APIs.


    Required Permissions

    The value supplied in API Key must be associated with credentials that have permissions for the following in order to fetch assets:

    Assets:
    Network config - View
    Compliance - View
    Asset Inventory - View

    Endpoint:
    Endpoint Admin - View, (View/Edit for EC)
    Device Control - View, (View/Edit for EC)

    Incident Response
    Investigations
    Query Center - View
    Personal Query Library - View

    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout