Palo Alto Networks Cortex Monitoring

Updated Sep 5, 2023

Configure Palo Alto Networks Cortex for Arctic Wolf monitoring

You can configure Palo Alto Networks (PAN) Cortex® to send the necessary logs to Arctic Wolf for security monitoring.

Requirements

Steps

  1. Generate the PAN Cortex XDR API key.
  2. Retrieve the PAN Cortex XDR API key ID and FQND.
  3. Provide credentials to Arctic Wolf.

Step 1: Generate the PAN Cortex XDR API key

  1. Sign in to the PAN Cortex XDR console as an administrator.

  2. In the PAN Cortex XDR console, click Settings, and then click Configurations > Integrations > API Keys.

  3. Click +New Key.

  4. In the Generate API Key window, configure these settings:

    • Security Level — Select Advanced.
    • Roles — Select Viewer.
    • Comment — (Optional) Identify this integration as an Arctic Wolf integration.
  5. Click Generate.

    The new API key displays in the dialog.

    Note: This API key only displays once. It is not accessible after you close this window. Save the API key in a safe encrypted location. You will provide it to Arctic Wolf later.

Step 2: Retrieve the PAN Cortex XDR API key ID and FQDN

  1. In the API Keys table, locate the new API key ID value and store it in a secure location to provide to Arctic Wolf later.

  2. Click Copy URL to obtain the FQDN and store it in a secure location to provide to Arctic Wolf later.

    Tip: The PAN Cortex XDR API URL typically follows this format: https://api-%<customer_subdomain>%.xdr.%<country_code>%.paloaltonetworks.com/, where <customer_subdomain> is your subdomain and <country_code> is the country code.

Step 3: Provide credentials to Arctic Wolf

  1. Do one of these actions:

    • If you do not have a beta cloud integration:
      1. Sign in to the Arctic Wolf Unified Portal.
      2. In the menu bar, click Telemetry Management > Connected Accounts.
      3. Click Add Account +.
    • If you have a beta cloud integration, go to the URL that Arctic Wolf provided.
  2. On the Add Account page, from the Account Type list, select Cloud Detection and Response.

  3. From the list of cloud services, select PAN Cortex.

  4. On the Add Account page, configure these settings:

  5. Click Test and Submit Credentials.

    After your Concierge Security® Team (CST) enables security monitoring for this account, the connected account status changes to Healthy.

See also