Palo Alto Networks Cortex XDR

What is Palo Alto Cortext XDR? #

Palo Alto Cortex XDR is an extended detection and response (XDR) platform that that integrates data from multiple sources, including networks, cloud environments, applications, and endpoints. This allows for more effective threat hunting, faster incident response times, and improved overall security posture.

Why Should You Use the Palo Alto Cortex XDR Connector? #

The Palo Alto Cortex XDR connector provides visibility into the assets and alerts in your environment. You can use this visibility to:

ensure assets are managed per your security policies
derive relationships between assets, users, applications, and data

How Does This Connector Work? #

Lucidum executes read-only requests to the Palo Alto Cortex XDR REST API and ingests only meta-data about Palo Alto Cortex XDR devices. Lucidum does not retrieve any data stored on your assets.

Configuring the Connector in Lucidum #

Field	Description	Example
URL	The URL of Palo Alto Cortex XDR API (after ‘https://api-‘). For details, see https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-API-Reference/Get-Started-with-APIs	lucidum.xdr.us.paloaltonetworks.com
API Key	API key for a Palo Alto Cortex XDR account. The API Key must be of type Advanced and have the permissions/role specified in the sections below. For details, see https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-API-Reference/Get-Started-with-APIs
Time Frame	Specify the look-back time frame, in days. The default value is is to look back 10 days.	10
API Key ID	API key for a Palo Alto Cortex XDR account. The API Key must be of type Advanced and have the permissions/role specified in the sections below. For details, see https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-API-Reference/Get-Started-with-API

Source Documentation #

Creating Credentials #

To generate an API Key:

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-API-Reference/Get-Started-with-APIs

Required Permissions #

The Viewer role and the Privilege Responder role includes the required permissions. You can also create a custom role.

Component	Permissions
Assets > Asset Inventory	View
Assets > Compliance	View
Assets > Network Config	View
Endpoint > Device Control	View
Endpoint > Endpoint Admin	View
Incident Response > Host Insights	View
Incident Response > Investigations	View
Incident Response > Personal Query Library	View
Incident Response > Query Center	View

API Documentation #

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Preface

Solutions

COMPANY

Resource Library

Ready for
a Demo

What is Lucidum?

Getting Started with Lucidum

Proxy Server

Managing Users

Connectors

Dashboards

Value-Oriented Dashboards (VODs)

Streamlining Queries with SmartLabels and Tags

Value-Oriented SmartLabels (VOSLs)

Risk

Actions

Use Cases

Viewing Data

Running Headless with Webhooks

Lucidum API v1

Lucidum API v2

Sending Alerts to Slack

Managing Your Lucidum System

Palo Alto Networks Cortex XDR

What is Palo Alto Cortext XDR? #

Why Should You Use the Palo Alto Cortex XDR Connector? #

How Does This Connector Work? #

Configuring the Connector in Lucidum #

Source Documentation #

Creating Credentials #

Required Permissions #

API Documentation #

What are your Feelings

Quick LInks

SOLUTIONS

COMPANY

RESOURCES

Solutions

COMPANY

Resource Library

Solutions

COMPANY

Resource Library

Ready fora Demo

What is Palo Alto Cortext XDR? #

Why Should You Use the Palo Alto Cortex XDR Connector? #

How Does This Connector Work? #

Configuring the Connector in Lucidum #

Source Documentation #

Creating Credentials #

Required Permissions #

API Documentation #

What are your Feelings

Share This Article :

Still stuck? How can we help?

Quick LInks

SOLUTIONS

COMPANY

RESOURCES

Solutions

COMPANY

Resource Library

Ready for
a Demo