...
Log Type | Ingestion label | Preferred Logging Protocol - Format | Log Collection Method | Data Source |
|---|---|---|---|---|
Palo Alto Cortex XDR Alerts | CORTEX_XDR | API-JSON | C2C | https://cloud.google.com/chronicle/docs/reference/feed-management-api#cortex-xdr |
Palo Alto Cortex XDR Alerts (only for Audit Logs) | CORTEX_XDR | API - JSON | CyberHub |
Device Configuration
To Get your Cortex XDR API Key
...
Select + New Key
...
Select Security Level as Standard Advanced and Role as Viewer and click Generate
...
Parameters required from customer for Integration.
Cortex XDR Alerts (for C2C integration):
Property | Default Value | Description |
|---|---|---|
AUTHENTICATION HTTP HEADERS | N/A | The HTTP header used to authenticate Cortex XDR API in key-value format. |
Eg- Authorization:{API Key} & x-xdr-auth-id:{Key ID} | ||
API HOSTNAME | N/A | The fully qualified domain name of your Cortex XDR instance. |
ENDPOINT | alerts | The API endpoint to connect to retrieve logs, which include |
ASSET NAMESPACE |
| To assign an asset namespace to all events that are ingested from a particular feed, set the |
Cortex XDR Audit (for CyberHub integration):
Property | Default Value | Description |
|---|---|---|
API URL | N/A | Enter the FQDN generated during Device Configuration |
API KEY ID | N/A | Enter the API Key ID generated during Device Configuration |
API KEY | N/A | Enter the API Key generated in during Device Configuration |