Palo Alto HyperVisor Integration

The CyberCyte portal provide Palo Alto - Cortex integration for more comprehensive visibility. We recommend it for observe all the Palo Alto - Cortex security events from users infrastructure from one portal.

1. Create Remote Credential in Portal

Please navigate to "Settings & Reporting" -> "Credential Settings". Click on the "+ Credential" button to create a new credential. Select the "Palo Alto Cortex API Credential" as a "Credential Type". The password should be provided by user. These uniqe variable can be get it from Palo Alto platform.

3. Editing The Policy in the Portal

Please navigate to "Rules & Policies" -> "Policy Management" -> Edit the "Palo Alto XDR Health Analysis" policy that we created in the previous page. Please select the "Supervisor Credential" and optionally enable the futures like "Uninstall If Not Running", "Perform Repair", "EDR/DLP Enabled", "Host Firewall Enabled". Demonstration is provided below:

If XDR agent is not running on users devices, CyberCyte can detect that and install it or attempt to repair the agent. The users can define custom installation command for these actions. Also, users can enable EDR, DLP and host firewall on the Palo Alto HypverVisor.

4. Reviewing the Results

The results can be observed from under the "Threat Hunting" -> "Analysis & Investigation" -> "Threat Analytics" -> "Palo Alto Cortex XDR Alerts / Incidents".

Also, please navigate to "Threat Hunting" -> "Assets" -> "Palo Alto Cortex XDR Analysis" to observe the Palo Alto Cortex XDR health state on the CyberCyte portal.