Cortex XDR Data Connector

Solution: Cortex XDR

Cortex XDR Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Microsoft Corporation
Support Tier	Microsoft
Support Link	https://support.microsoft.com
Categories	domains
Version	3.0.0
Author	Microsoft
First Published	2023-07-12
Solution Folder	Cortex XDR
Marketplace	Azure Marketplace · Popularity: 🔵 Medium (74%)

The Palo Alto Networks Cortex XDR Microsoft Sentinel Solution pulls log directly from the Cortex XDR platform via API. The solution is configured to pull the Incidents from the Cortex XDR platform every 5 minutes and ingest them into Microsoft Sentinel. The solution is dependent on the Cortex XDR API Key and API Key ID. The API Key ID is used as the polling key path and the API Key is used as the header for the API request. The solution also includes 3 analytics rules to detect the creation of incidents based on the severities (High, Medium, Low).

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 2 data connector(s):

Tables Used

This solution uses 5 table(s):

Table	Used By Connectors	Used By Content
`PaloAltoCortexXDR_Alerts_CL`	Palo Alto Cortex XDR	-
`PaloAltoCortexXDR_Audit_Agent_CL`	Palo Alto Cortex XDR	-
`PaloAltoCortexXDR_Audit_Management_CL`	Palo Alto Cortex XDR	-
`PaloAltoCortexXDR_Endpoints_CL`	Palo Alto Cortex XDR	-
`PaloAltoCortexXDR_Incidents_CL`	Cortex XDR - Incidents, Palo Alto Cortex XDR	Analytics

Content Items

This solution includes 4 content item(s):

Content Type	Count
Analytic Rules	3
Parsers	1

Analytic Rules

Name	Severity	Tactics	Tables Used
Cortex XDR Incident - High	High	-	`PaloAltoCortexXDR_Incidents_CL`
Cortex XDR Incident - Low	Low	-	`PaloAltoCortexXDR_Incidents_CL`
Cortex XDR Incident - Medium	Medium	-	`PaloAltoCortexXDR_Incidents_CL`

Parsers

Name	Description	Tables Used
PaloAltoCortexXDR	-	-

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	28-07-2023	Initial Solution Release