Overview
This topic describes the steps to collect the API KEY, API ID & URL on the Palo Alto Cortex XDR Alert instance.
Prerequisites
Need to have Administrator login credentials.
Collection of API Key, API ID & URL
A. To Collect API Key
Step 1. Sign in to the Cortex XDR portal.
Step 2. On the left-hand panel of the dashboard, locate the Settings option and click on it. Then select Configurations.
Step 3. In the Configurations panel, navigate to the Integrations option and select API Keys.
Step 4. Click +New Key button to add a new API key.
Step 5. Now it will be directed to a page to generate the key.
- Security Level: Advanced
- Role: Viewer
Step 6. Click Generate.
Step 7. Copy the API key, and then click Done.
Note: The API key represents your unique authorization key and is displayed only at the time of creation.
B. To Collect API ID & URL
Step 1. After copying the API Key, the next step is to retrieve the associated API ID and URL.
Step 2. To do this, go to the API Keys page, where all created APIs are listed.
- The API ID is located next to the API key you generated.
- In the top-right corner, you'll find the Copy URL option, which provides a URL in the format: api-XXX.xdr.XX.paloaltonetworks.com.
Configuring a Feed in Chronicle
1. Click Feeds -> ADD NEW
2. Now Add the following Details.
- FEED NAME: Palo Alto Cortex XDR Alerts
- SOURCE TYPE: Third party API
- LOG TYPE: Palo Alto Cortex XDR Alerts
3. Click Next
4. Now add Following the details,
- AUTHENTICATION HTTP HEADERS: provide the Authorization Key and Authorization Key ID that you have obtained previously.
Example:
Authorization:ghurjGjfwjfhs-grifhsnsdfdfhfk-wehfkjwbefkwe
x-xdr-auth-id:3
- API HOSTNAME: provide the URL that you have obtained previously.
Example:
api-xxxx.xdr.xx.paloaltonetworks.com
- ENDPOINT: specify the endpoint
Example:
alerts
5. Click Next & Submit.
Comments
0 comments
Please sign in to leave a comment.