Palo Alto Networks Firewalls via Cortex XDR Integration

Note: This integration requires Cisco XDR Advantage or Cisco XDR Premier licensing tier.

Palo Alto Networks Firewalls can be configured to send logs to Cortex XDR. The next-generation firewalls (NGFW) provide advanced and integrated security features beyond traditional firewalls. These features include application awareness, URL filtering, content inspection, and threat prevention capabilities. Forwarding NGFW logs to the Cortex XDR service, where they are normalized and enriched with endpoint and cloud data from various products, enables the ability to query NGFW alerts via the Cortex API. Leveraging Palo Alto Networks NGFW alerts allows you to query security detections for observables such as IP addresses, URLs, file names, MD5 hashes, SHA-256 hashes, emails, and email subjects.

Note: Integration with Palo Alto Networks Firewalls requires a Cortex XDR Pro per GB license.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Third-Party tab and navigate to the Palo Alto Networks Cortex Cloud integration.

  3. Click the plus sign (+) in the lower-right corner of the card. The Palo Alto Networks Cortex Cloud integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the Palo Alto Networks Firewalls via Cortex XDR integration in Cisco XDR.

You can perform the following tasks after you integrate Palo Alto Networks Firewalls via Cortex XDR with Cisco XDR:

  • Investigations - Start a new investigation into any combination of IP addresses, URLs, file names, MD5 hashes, SHA-256 hashes, emails, and email subjects, and the results will include any records of them found in your Palo Alto Networks Firewalls via Cortex XDR. To verify that this integration is working, and to see what kind of data is returned, investigate one of more observables about which you know Palo Alto Networks Firewalls via Cortex XDR has recent information. For details, see Investigate.