Lucidum has been acquired by Cyderes → [Read the announcement]

Lucidum has been acquired by Cyderes → [Read the announcement]

View Categories

Palo Alto Networks Cortex XSIAM

Estimated Reading Time: 1 min read

What is Palo Alto Cortex XSIAM? #

Palo Alto Networks Cortex XSIAM is a next-generation SOC platform that unifies XDR, SIEM, automation, threat intelligence, and attack surface management.

Why Should You Use the Palo Alto Cortex XSIAM Connector? #

The Palo Alto Cortex XSIAM connector provides visibility into the assets in your environment. You can use this visibility to:

  • ensure assets are managed per your security policies
  • derive relationships between assets, users, applications, and data

How Does This Connector Work? #

Meridian executes rad-only requests to the Palo Alto Cortex XSIAM REST API and ingests only meta-data about Palo Alto Cortex XSIAM devices. Meridian does not retrieve any data stored on your assets.

Configuring the Connector in Meridian #

Field

Description

Example

Profile Name

 Name of this profile for the connector production servers
Host Host name of the API host for Palo Alto Cortex XSIAM xdr.us.paloaltonetworks.com
Advanced Authentication Toggle on to use advanced API authentication. When selected, Meridian hashes the API Key using a nonce, a random string, and a timestamp. If you created an API Key of type “Advanced”, enable this option.

Default is toggled off.

 On/Off
API Key A unique string of alphanumeric characters that acts as a credential.

For details on how to generate an API Key and assign permissions, see Manage API keys • Cortex XSIAM 3.x Documentation • Palo Alto Networks documentation portal

 c8a7b3d92f1e4a56890c2d7f3e1b4a89c7d2f1e4a56890c2d7f3e1b4a89c7d2
API Key ID Unique ID for the API Key. To find the API Key:

  1. Go to Settings > Configurations > Integrations > API Keys
  2. Find your key in the table
  3. The ID column contains the numeric Key ID — it is always visible here, unlike the API key value itself
 32

Source Documentation #

Creating Credentials #

To create an API Key:

Manage API keys • Cortex XSIAM 3.x Documentation • Palo Alto Networks documentation portal

Required Permissions #

The Palo Alto Cortex XSIAM token must have read access to asset data, endpoint data, and user data. To assign read-only access to your API Key, assign the Viewer role.

If you have the ASM add-on to XSIAM, you can create a custom role by copying the Viewer role and then adding view-only permissions for Attack Surface Management and External Services. For details, see Manage user roles • Cortex XSIAM Documentation • Palo Alto Networks documentation portal.

API Documentation #

Cortex XSIAM APIs • Cortex XSIAM REST API • Palo Alto Networks documentation portal

Cortex XSIAM APIs • Cortex XSIAM REST API • Palo Alto Networks documentation portal

What are your Feelings