Providing Palo Alto Networks (PAN) Cortex Credentials to Arctic Wolf

Configuration Guide

Updated Nov 30, 2022

Providing Palo Alto Networks (PAN) Cortex Credentials to Arctic Wolf

Overview Direct link to this section

This document describes how to retrieve the credentials that Arctic Wolf® needs to monitor Palo Alto Networks (PAN) Cortex. After you complete this configuration, Arctic Wolf can monitor logs from your PAN Cortex environment.

As part of this configuration, you must provide the following information about your PAN Cortex installation to Arctic Wolf:

For more information about generating a PAN Cortex key, see the PAN Cortex documentation.

Before you begin Direct link to this section

You must be an administrator for the PAN Cortex console.

Generate the PAN Cortex XDR API key Direct link to this section

To generate PAN Cortex XDR API key:

  1. Sign in to the PAN Cortex console as an administrator.

  2. In the Cortex XDR console, click the gear icon, and then select Configurations > Integrations > API Keys.

  3. Click +New Key.

  4. In the Generate API Key window, ensure that the following options are selected:

    • In the Security Level panel, select Advanced.
    • In the Roles panel, select Viewer.

  5. (Optional) Add comments to the comment text box to identify the integration as an Arctic Wolf integration.

  6. Click Generate. The new API key is displayed in the dialog box.

    Note: This API key is only displayed once and is not accessible after closing the window. Save the API key in a secure location. You need to provide the API key value to Arctic Wolf later.

  7. Proceed to Retrieve the PAN Cortex XDR API key ID and FQDN.

Retrieve the PAN Cortex XDR API key ID and FQDN Direct link to this section

To retrieve your PAN Cortex XDR API key ID and FQDN:

  1. In the API Keys table, locate the new API key ID value and store it in a secure location to provide to Arctic Wolf later.

  2. Click Copy URL to obtain the FQDN and store it in a secure location to provide to Arctic Wolf later.

  3. Proceed to Provide credentials to Arctic Wolf.

Provide credentials to Arctic Wolf Direct link to this section

To provide your cloud application details to Arctic Wolf on the Arctic Wolf Portal:

Note: If you are configuring a beta cloud integration, follow the URL that Arctic Wolf provided and start at step 4.

  1. Sign in to the Arctic Wolf Portal.

  2. Select Connected Accounts in the banner menu to open the Connected Accounts page.

    Connected Accounts menu

  3. Select +Add Account to open the Add Account form.

  4. Select Cloud Detection and Response as the Account Type.

  5. Select PAN Cortex from the list of cloud services.

    • Enter a descriptive name for the credentials.
    • Paste these values into the form:
      • API key
      • API key ID
      • FQDN

  6. Select Submit to CST.

  7. When prompted with the confirmation message, review your submission, and then select Done. You are returned to the Connected Accounts page.

  8. Verify that the newly-submitted credential entry appears in the cloud services list with the status Connection Pending.

After your Concierge Security® Team provisions security monitoring for your account, the status of your credentials changes to Connected.