Configure Palo Alto Networks Cortex for Arctic Wolf monitoring

You can configure Palo Alto Networks (PAN) Cortex® to send the necessary logs to Arctic Wolf for security monitoring.

Requirements

• PAN Cortex XDR® console administrator permissions

Steps

1. Generate the PAN Cortex XDR API key.
2. Retrieve the PAN Cortex XDR API key ID and FQND.
3. Provide credentials to Arctic Wolf.

Step 1: Generate the PAN Cortex XDR API key

1. Sign in to the PAN Cortex XDR console as an administrator.

2. In the PAN Cortex XDR console, click Settings, and then click Configurations > Integrations > API Keys.

3. Click +New Key.

4. In the Generate API Key window, configure these settings:

   • Security Level — Select Advanced.
   • Roles — Select Viewer.
   • Comment — (Optional) Identify this integration as an Arctic Wolf integration.

5. Click Generate.

   The new API key displays in the dialog.

   Note: This API key only displays once. It is not accessible after you close this window. Save the API key in a safe encrypted location. You will provide it to Arctic Wolf later.

Step 2: Retrieve the PAN Cortex XDR API key ID and FQDN

1. In the API Keys table, locate the new API key ID value and store it in a secure location to provide to Arctic Wolf later.

2. Click Copy URL to obtain the FQDN and store it in a secure location to provide to Arctic Wolf later.

   Tip: The PAN Cortex XDR API URL typically follows this format: https://api-%<customer_subdomain>%.xdr.%<country_code>%.paloaltonetworks.com/, where <customer_subdomain> is your subdomain and <country_code> is the country code.

Step 3: Provide credentials to Arctic Wolf

1. Do one of these actions:

   • If you do not have a beta cloud integration:
     1. Sign in to the Arctic Wolf Unified Portal.
     2. In the menu bar, click Telemetry Management > Connected Accounts.
     3. Click Add Account +.
   • If you have a beta cloud integration, go to the URL that Arctic Wolf provided.

2. On the Add Account page, from the Account Type list, select Cloud Detection and Response.

3. From the list of cloud services, select PAN Cortex.

4. On the Add Account page, configure these settings:

   • Account Name — Enter a unique and descriptive name for the account.
   • API key — Enter the value obtained in Generate the PAN Cortext XDR API key.
   • API key ID — Enter the value obtained in Retrieve the PAN Cortex XDR API key ID and FQDN.
   • FQDN — Enter the value obtained in Retrieve the PAN Cortex XDR API key ID and FQDN.
   • Credential Expiry — If the account credentials have an expiration date, enter the expiration date.

5. Click Test and Submit Credentials.

   After your Concierge Security® Team (CST) enables security monitoring for this account, the connected account status changes to Healthy.

See also

• PAN Cortex documentation