Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Cortex XDR: API Configuration

            Modified on Fri, 8 May at 11:37 AM

            Overview

            This article outlines the process for integrating Cortex XDR with ARIA aiSIEM using API-based connectivity. Once configure, Cortex XDR logs and alerts will be ingested into aiSIEM for real-time monitoring, threat detection, and correlation analysis.



            Prerequisites

            To configure the integration, the customer must provide the following details from Cortex XDR:

            • API Key
            • API Key ID
            • FQDN (Fully Qualified Domain Name)

            Ensure that you have Administrative access to both:

            • The Cortex XDR Console
            • The ARIA aiSIEM Dashboard


            Generate Cortex XDR API Credentials

            1. Generate the API Key
              1. Login to the Cortex XDR Console. 
              2. Navigate to: Settings > Configurations > Integrations > API Keys
              3. Click + New Key.
              4. Choose the type of API Key you want to generate based on your desired security level: Advanced or Standard
              5. (Optional) Add a description or comment for the key. 
              6. Assign Appropriate access permissions.
                - Select from predefined Roles or choose Custom for granular permissions.
              7. Click Generate.
              8. Copy and record the API Key. 
              9. Click Done to finish.
            2. Retrieve the API Key ID
              1. In the API Keys section, locate the newly created key. 
              2. Copy the value from the ID column. 
              3. This represents the x-xdr-auth-id:{key_id} used for authentication. 
            3. Retrieve the FQDN
              1. In the API Keys section, locate the newly created key. 
              2. In the cURL example, locate the URL:
                https://api-{fqdn}/public_api/v1/{api_category}/{api_call}/
              3. Extract the FQDN portion. Example: 
                api-xxxxxxxxxxxx.xdr.traps.paloaltonetworks.com

            Configuration on ARIA aiSIEM

            1. Login to the ARIA aiSIEM Dashboard.
            2. Navigate to: Administration > Add-on Store
            3. Use the filter/search to find and select Cortex XDR.
            4. Enter the following details:
              - Access ID/Username: Enter the API Key ID
              - Password/Secret Key: Enter the API Key
              - CCE Host: Enter the CCE Server IP Address (Can be found in Administration > CCE Control)
              - Config (JSON Format): Provide FQDN as follows:
              "fqdn": "api-xxxxxxxxxxxx.xdr.traps.paloaltonetworks.com","key_type":"YOUR_KEY_TYPE" }
            5. Click Save to complete configuration. 

            Verification

            1. Login to the ARIA aiSIEM Dashboard.
            2. Navigate to: System > Log/Flow Collection Status
            3. Verify that Cortex XDR is listed and logs are being received. 


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0