Palo Alto Networks Cortex Xpanse
  • 08 Oct 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Palo Alto Networks Cortex Xpanse

  • Dark
    Light
  • PDF

Article summary

Palo Alto Networks Cortex Xpanse (Palo Alto Networks Expanse Expander) discovers, monitors, and tracks Internet Assets automatically, anywhere in the world, and reduces risks and exposures.

Related Enforcement Actions
Palo Alto Network Cortex Xpanse - Tag Assets

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users
  • Vulnerabilities
  • SaaS Applications
  • Compute Services
  • Certificates

Parameters

  1. Host Name or IP Address (required, default: https://expander.expanse.co) - The hostname or IP address of the Palo Alto Networks Cortex Xpanse server.

  2. Client ID (optional) - Specify the user account that has permissions to fetch assets.
    To obtain a Client ID, see Acquiring a Client ID and Client Secret.

  3. Client Secret (optional) - Specify the client secret that has permissions to fetch assets. To obtain a Client Secret, see Acquiring a Client ID and Client Secret.

  4. API Key (optional) - An API Key associated with a user account that has permissions to fetch assets. This is mandatory for API v2.

Note:

When Client ID and Client Secret are provided, API Key is not required.

  1. API Key ID - If you select API v2 you ned to add both an API Key and the API ID. In addition, make sure you enter the correct domain for your API version.

  2. API Version - Select the API Version v1, or v2.

  3. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  4. HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Host Name or IP Address.

  5. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

  6. HTTPS Proxy Password (optional) - The password to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

PaloAltoCortexExpanse


Acquiring a Client ID and Client Secret

  1. Open Palo Alto Networks Cortex Xpanse.

  2. From the Setting tab, select Client Credentials in the left navigation pane.

  3. Click Generate Credentials. The Client Credentials/Add New page is displayed.
    Note: Each user is limited to 10 client credentials at any one time.

  4. Specify the Client Name. Your client name is automatically prefixed with “xpanse_expander_”.
    Note: Client names must be in lowercase.

  5. Enter a description of the purpose of this credential.

  6. Click Generate Credentials. The Client Identifier and Client Secret are displayed. Write the values for future reference.

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Categorize devices - Select this option to categorize devices into different asset categories using their asset type.
  2. Fetch vulnerabilities - Select this option to fetch vulnerabilities.
  3. Fetch Users - Select this option to fetch users.
Note:

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

APIs

Axonius uses the ExpanseV2 API.



Was this article helpful?