Configure Palo Alto Networks Cortex for Arctic Wolf monitoring

You can configure Palo Alto Networks (PAN) Cortex® to send the necessary logs to Arctic Wolf® for security monitoring.

These resources are required:

  • PAN Cortex XDR® console administrator permissions

Generate the PAN Cortex XDR API key

  1. Sign in to the PAN Cortex XDR console as an administrator.
  2. In the PAN Cortex XDR console, click Settings, and then click Configurations > Integrations > API Keys.
  3. Click +New Key.
  4. In the Generate API Key window, configure these settings:
    • Security Level — Select Advanced.
    • Roles — Select Viewer.
    • Comment — (Optional) Identify this integration as an Arctic Wolf integration.
  5. Click Generate.

    The new API key displays in the dialog.

    Note:

    This API key only displays once. You cannot access it after you close this window. Save the API key in a safe, encrypted location to provide to Arctic Wolf later.

Retrieve the PAN Cortex XDR API key ID and FQDN

  1. In the API Keys table, find the new API key ID value and store it in a secure location to provide to Arctic Wolf later.
  2. Click Copy URL to copy the FQDN, and then save it in a safe, encrypted location to provide to Arctic Wolf later.
    Tip:

    The PAN Cortex XDR API URL typically follows this format: https://api-%customer_subdomain%.xdr.%country_code%.paloaltonetworks.com/, where customer_subdomain is your subdomain and country_code is the country code.

Provide PAN Cortex credentials to Arctic Wolf

  1. Do one of these actions:
    • If you do not have a beta cloud integration:
      1. Sign in to the Arctic Wolf Unified Portal.
      2. In the navigation menu, click Data Collection > Cloud Sensors.
      3. Click Add Account +.
    • If you have a beta cloud integration, go to the URL that Arctic Wolf provided.
  2. On the Add Account page, click PAN Cortex.
  3. Configure these settings:
  4. Click Test and submit credentials.