Palo Alto - Cortex Integration

The CyberCyte portal provide Palo Alto - Cortex integration for more comprehensive visibility. We recommend it for observe all the Palo Alto - Cortex security events from users infrastructure from one portal.

1. Create Remote Credential in Portal

Please navigate to "Settings & Reporting" -> "Integration Settings" -> "Credential Settings". Click on the "+ Credential" button to create a new credential. Select the "Palo Alto Cortex API Credential" as a "Credential Type". The Client ID, Client Secret and Base URL should be provided by user, they are unique variables. These uniqe variables can be get it from Palo Alto platform.

2. Create a Repository on the Portal

Please navigate to "Settings & Reporting" -> "Integration Settings" -> "Integration Management". Click on the "+Integration" button to create a new CrowdStrike repository and select the "Palo Alto Cortex XDR" as Type and fill the rest of the blank fields like below. The "Credentail" section is explained in the previous step. Please enable the integration and edit the sync interval, by default we recommend 15 minutes.

3. Create a Policy in the Portal

Please navigate to "Rules & Policies" -> "Policy Management" -> Click on the "+ Policy" button. Please select the module named "Asset" and type named "Palo Alto Cortex XDR Health Analysis Policy". After the selection, required fields will appeared. Please fill in the blanks with required values, demonstration is provided below:

If XDR agent is not running on users devices, CyberCyte can detect that and install it or attempt to repair the agent. The users can define custom installation command for these actions.

Also, users can enable EDR, DLP and host firewall on the Palo Alto HypverVisor. The HyperVisor integration will be explained in the next page.

4. Reviewing the Results

The results can be observed from under the "Threat Hunting" -> "Analysis & Investigation" -> "Threat Analytics" -> "Palo Alto Cortex XDR Alerts / Incidents".

Also, please navigate to "Threat Hunting" -> "Assets" -> "Palo Alto Cortex XDR Analysis" to observe the Palo Alto Cortex XDR health state on the CyberCyte portal.