Palo Alto Cortex XDR - Incidents
Palo Alto Cortex XDR - Alerts
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Overview
Palo Alto Cortex XDR is a comprehensive detection and response platform that provides advanced threat protection across endpoints, networks, and cloud environments. It integrates endpoint protection, network security, and analytics to offer real-time visibility and response capabilities and combat sophisticated cyber threats effectively.
This integration ingests the following logs:
The Palo Alto Cortex XDR integration seamlessly collect the data of Palo Alto Cortex XDR logs using REST APIs.
Before ingesting the data, it normalizes and enriches the logs, ensuring a consistent data format and enhancing information content for downstream processing and analysis. The integration provides insights into incidents and alerts using out-of-the-box dashboards.
Setup
Configuration
Get Credentials of Palo Alto Cortex XDR
Steps to create API key
- Sign into your Palo Alto Cortex XDR instance.
- Navigate to Settings > Configurations > Integrations > API Keys.
- Click on New Key.
- Choose the type of API key based on your desired security level, Advanced or Standard.
- If you want to define a time limit on the API key authentication, check Enable Expiration Date, and then select the expiration date and time. Navigate to Settings > Configurations > Integrations > API Keys to track the Expiration Time setting for each API key.
- Provide a comment that describes the purpose for the API key, if desired.
- Select the desired level of access for this key from existing Roles, or you can select Custom to set the permissions granularly.
- Click Generate to generate the API key.
- Copy the API key, and then click Done. This value represents your unique Authorization:{key}
Steps to get Cortex XDR API Key ID
- In the API Keys table, locate the ID field.
- Note your corresponding ID number. This value represents the x-xdr-auth-id:{key_id} token.
Steps to get FQDN
- Right-click your API key and select View Examples.
- Copy the CURL Example URL. The example contains your unique FQDN.
Palo Alto Cortex XDR DataDog Integration Configuration
Configure the Datadog endpoint to forward Palo Alto Cortex XDR logs to Datadog.
- Navigate to
Palo Alto Cortex XDR
. - Add your Palo Alto Cortex XDR credentials.
Palo Alto Cortex XDR Parameters | Description |
---|
API key | The API key from Palo Alto Cortex XDR. |
API Key ID | The auth id from Palo Alto Cortex XDR. |
FQDN | The FQDN from Palo Alto Cortex XDR. It is the baseUrl part of baseUrl/public_api/v1/{name of api}/{name of call}/ |
Data Collected
Logs
The Palo Alto Cortex XDR integration collects and forwards Palo Alto Cortex XDR Incident and alert logs to Datadog.
Metrics
The Palo Alto Cortex XDR integration does not include any metrics.
Events
The Palo Alto Cortex XDR integration does not include any events.
Support
For further assistance, contact Datadog Support.