search

Palo Alto Cortex XDR

1

hashtag
Domain

The access URIs for Cortex XDR API resources are built upon a customer-specific and unique Fully Qualified Domain Name (FQDN). This FQDN standardly uses the api-{fqdn} format to enable API access and forms the base address for the API call. For example, a complete base address Domain will look like this: api-prod1.xdr.paloalto.com

circle-info

The FQDN is a unique host and domain name associated with each tenant. When you generate the API Key and Key ID, you are assigned an individual FQDN.

  • Right-click your API key and select View Examples.

  • Copy the CURL Example URL. The example contains your unique FQDN: https://api-{fqdn}/public_api/v1/{name of api}/{name of call}/

2

hashtag
API Key

Get your Cortex XDR API Key:

  • In Cortex XDR, navigate to Settings > Configurations > Integrations > API Keys.

  • Select + New Key.

  • Choose API Key Type: Advanced.

  • If you want to define a time limit on the API key authentication, mark Enable Expiration Date and select the expiration date and time.

  • Select the desired level of access for this key.

  • Generate the API Key.

  • Copy the API key, and then click Done. This value represents your unique Authorization:{key}.

circle-info

You will not be able to view the API Key again after you complete this step so ensure that you copy it before closing the notification.

circle-info

Click for more information.

3

hashtag
API Key ID

Get your Cortex XDR API Key ID:

  • In the API Keys table, locate the ID field.

  • Note your corresponding ID number. This value represents the x-xdr-auth-id:{key_id} token.

circle-info

Click for more information.

4

hashtag
SSL

Use SSL for connection (optional, default: Unencrypted).

circle-exclamation

Please perform a connection test to ensure there is a valid connection to the host. When the discovery operation is finalized, you will be able to see the details on the Assets page.

PreviousOutreachNextPalo Alto PAN OS