Palo Alto Networks XDR

Palo Alto Networks Cortex XDR is a detection and response app that natively integrates network, endpoint, and cloud data to detect threats and stop sophisticated attacks.

Configuring the Connector for Palo Alto Networks Cortex XDR

To configure Lucidum to ingest data from Palo Alto Networks Cortex XDR:

1. Log in to Lucidum.

2. In the left pane, click Connector.

3. In the Connector page, click Add Connector.

4. Scroll until you find the Connector you want to configure. Click Connect. The Settings page appears.

5. In the Settings page, enter the following:

   • FQDN (required) - Specify the fully qualified domain name (FQDN). For example, https://***.xdr.us.paloaltonetworks.com/. For more details, see https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-api-overview/get-started-with-cortex-xdr-apis.html .

   • API Key ID (required) - Specify the API key ID of an Advanced Security Advanced Security Level API, as generated in the Cortex XDR app. For more details on generating an Advanced Security Level API, see https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-api-overview/get-started-with-cortex-xdr-apis.html .

   • API Key (required) - Specify the API key of an Advanced Security Level API, as generated in the Cortex XDR app. For more details on generating an Advanced Security Level API, see https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-api-overview/get-started-with-cortex-xdr-apis.html . 

   • Verify SSL. For future use.

6. To test the configuration, click Test.

   • If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.

   • If the connector is not configured correctly, Lucidum displays an error message.

Supported Actions

• Isolate Endpoints

• Unisolate Endpoints

• Scan Endpoints

• Cancel Scan Endpoints

• Run Script from the Script Library