- 22 Aug 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Palo Alto Network Cortex Xpanse - Tag Assets
- Updated on 22 Aug 2024
- 3 Minutes to read
- Print
- DarkLight
- PDF
Palo Alto Network Cortex Xpanse - Tag Assets adds tags to Internet assets for each of the entities that are the result of the saved query supplied as a trigger (or devices selected in the asset table).
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
- Add description - Add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
- Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
- Use stored credentials from the Palo Alto Networks Cortex Xpanse adapter - Select this option to use the first connected Palo Alto Networks Cortex Xpanse adapter credentials.NOTE
- To use this option, you must successfully configure a Palo Alto Networks Cortex Xpanse adapter connection.
- The user name and the password used for the adapter connection must have the required permissions to add tags.
Required Fields
These fields must be configured to run the Enforcement Set.
- Tags - The name of the new tag to add. Type the name of a tag and press Enter. Multiple tags can be added. To add a tag as a key:value pair, separate the key and value with a : (colon).
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Additional Fields
These fields are optional.
Connection Parameters
If Use stored credentials from the Recorded Future adapter is disabled, these fields are required.
- Host Name or IP Address (default: https://expander.expanse.co) - The host name or IP address of a Palo Alto Networks Xpanse Cortex server.
- Client ID - Specify the user account that has permissions to add tags.
To obtain a Client ID, see Acquiring a Client ID and Client Secret. - Client Secret - Specify the client secret that has permissions to add tags. To obtain a Client Secret, see Acquiring a Client ID and Client Secret.
- API key - An API Key associated with a user account that has permissions to add tags. This is mandatory for API v2. When Client ID and **Client Secret **are provided, API Key is not required.
- API Key ID - If you select API v2 you need to add both an API Key and the API ID. In addition, make sure you enter the correct domain for your API version.
- API Version - Select the API Version v1, or v2.
- Verify SSL (optional) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
- HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
- HTTPS Proxy User Name (optional) - The user name to use when connecting to the server using the HTTPS Proxy.
- HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.
Required Ports
Axonius must be able to communicate with the value supplied in Hostname or IP Address via the following ports:
- TCP port 80
- TCP port 443
APIs
Axonius uses the Palo Alto Networks Cortex Xpanse API.
Required Permissions
The credentials of the user account used to add tags must have permission to write tags to assets.
For more details about other Enforcement Actions available, see Action Library.