Palo Alto Networks Firewalls via Cortex XDR Integration
Note: This integration requires Cisco XDR Advantage or Cisco XDR Premier licensing tier.
Palo Alto Networks Firewalls can be configured to send logs to Cortex XDR. In this configuration, you can include firewall security detections in your investigations of observables such as IP addresses, URLs, file names, MD5 hashes, SHA-256 hashes, emails, and email subjects.
Configure Palo Alto Networks Firewalls via Cortex XDR Integration
-
In the Cisco XDR navigation menu, choose Administration > Integrations.
-
On the Integrations page, click the Third-Party tab and navigate to the Palo Alto Networks Cortex Cloud integration.
-
Click the plus sign (+) in the lower-right corner of the card. The Palo Alto Networks Cortex Cloud integration page is displayed.
-
Expand the Integration Guide area and follow the instructions on how to add the Palo Alto Networks Firewalls via Cortex XDR integration in Cisco XDR.
What's Next
You can perform the following tasks after you integrate Palo Alto Networks Firewalls via Cortex XDR with Cisco XDR:
-
Investigations - Start a new investigation into any combination of IP addresses, URLs, file names, MD5 hashes, SHA-256 hashes, emails, and email subjects, and the results will include any records of them found in your Palo Alto Networks Firewalls via Cortex XDR. To verify that this integration is working, and to see what kind of data is returned, investigate one of more observables about which you know Palo Alto Networks Firewalls via Cortex XDR has recent information. For details, see Investigate.