Palo Alto Networks Cortex Monitoring
Updated Sep 5, 2023Configure Palo Alto Networks Cortex for Arctic Wolf monitoring
You can configure Palo Alto Networks (PAN) Cortex® to send the necessary logs to Arctic Wolf for security monitoring.
Requirements
- PAN Cortex XDR® console administrator permissions
Steps
- Generate the PAN Cortex XDR API key.
- Retrieve the PAN Cortex XDR API key ID and FQND.
- Provide credentials to Arctic Wolf.
Step 1: Generate the PAN Cortex XDR API key
-
Sign in to the PAN Cortex XDR console as an administrator.
-
In the PAN Cortex XDR console, click Settings, and then click Configurations > Integrations > API Keys.
-
Click +New Key.
-
In the Generate API Key window, configure these settings:
- Security Level — Select Advanced.
- Roles — Select Viewer.
- Comment — (Optional) Identify this integration as an Arctic Wolf integration.
-
Click Generate.
The new API key displays in the dialog.
Note: This API key only displays once. It is not accessible after you close this window. Save the API key in a safe encrypted location. You will provide it to Arctic Wolf later.
Step 2: Retrieve the PAN Cortex XDR API key ID and FQDN
-
In the API Keys table, locate the new API key ID value and store it in a secure location to provide to Arctic Wolf later.
-
Click Copy URL to obtain the FQDN and store it in a secure location to provide to Arctic Wolf later.
Tip: The PAN Cortex XDR API URL typically follows this format:
https://api-%<customer_subdomain>%.xdr.%<country_code>%.paloaltonetworks.com/
, where<customer_subdomain>
is your subdomain and<country_code>
is the country code.
Step 3: Provide credentials to Arctic Wolf
-
Do one of these actions:
- If you do not have a beta cloud integration:
- Sign in to the Arctic Wolf Unified Portal.
- In the menu bar, click Telemetry Management > Connected Accounts.
- Click Add Account +.
- If you have a beta cloud integration, go to the URL that Arctic Wolf provided.
- If you do not have a beta cloud integration:
-
On the Add Account page, from the Account Type list, select Cloud Detection and Response.
-
From the list of cloud services, select PAN Cortex.
-
On the Add Account page, configure these settings:
- Account Name — Enter a unique and descriptive name for the account.
- API key — Enter the value obtained in Generate the PAN Cortext XDR API key.
- API key ID — Enter the value obtained in Retrieve the PAN Cortex XDR API key ID and FQDN.
- FQDN — Enter the value obtained in Retrieve the PAN Cortex XDR API key ID and FQDN.
- Credential Expiry — If the account credentials have an expiration date, enter the expiration date.
-
Click Test and Submit Credentials.
After your Concierge Security® Team (CST) enables security monitoring for this account, the connected account status changes to Healthy.