Palo Alto HyperVisor Integration
Last updated
Was this helpful?
Last updated
Was this helpful?
The CyberCyte portal can integrate with Palo Alto for further analysis and investigations. To integrate, please follow these steps:
Please navigate to "Settings & Reporting" -> "Credential Settings". Click on the "+ Credential" button to create a new credential. Select the "Palo Alto Cortex API Credential" as a "Credential Type". The password should be provided by user. These uniqe variable can be get it from Palo Alto platform.
Please navigate to "Rules & Policies" -> "Policy Management" -> Edit the "Palo Alto XDR Health Analysis" policy that we created in the previous page. Please select the "Supervisor Credential" and optionally enable the futures like "Uninstall If Not Running", "Perform Repair", "EDR/DLP Enabled", "Host Firewall Enabled". Demonstration is provided below:
If XDR agent is not running on users devices, CyberCyte can detect that and install it or attempt to repair the agent. The users can define custom installation command for these actions. Also, users can enable EDR, DLP and host firewall on the Palo Alto HypverVisor.
The results can be observed from under the "Threat Hunting" -> "Analysis & Investigation" -> "Assets" -> "Palo Alto Cortex XDR Alerts/Incidents".
Also, please navigate to "Threat Hunting" -> "Assets" -> "Palo Alto Cortex XDR Analysis" to analyze the CrowdStrike events on the CyberCyte portal.
