Skip to main content

Palo Alto Cortex XDR

Strengthen your endpoint security with JupiterOne's Palo Alto Cortex XDR integration. Our guide offers detailed instructions on setting up the integration and utilizing its comprehensive data model to gain visibility into your device and endpoint security data. Learn how the integration can help you detect potential security threats and streamline your security operations.



You will need to create an API key on Palo Alto Cortex XDR platform and get the "API Key ID" and "URL". See their documentation for more information.

To install the Palo Alto Cortex XDR integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Palo Alto Cortex XDR. Click New Instance to begin configuring the integration.

Creating a Palo Alto Cortex XDR instance requires the following:

  • The Account Name used to identify the Palo Alto Cortex XDR account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

  • Description to assist in identifying the integration instance, if desired.

  • Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

  • Your Cortex XDR URL, API Key, API Key Id.

1) Navigate to your Cortex XDR Gateway and sign in. 2) Choose the tenant you want to ingest. 3) On the bottom left of the screen, open Settings > Configurations. 4) Navigate to API Keys. 5) Create a new API Key. Select security level Standard and the appropiate role:

  • To ingest Users, User Groups and Roles it's required that you use the Instance Administrator role.
  • If not, Viewer is enough. 6) Once the API Key is created, copy the code. On the table, the API Key Id should be visible and at the top right the XDR URL is available.

Click Create once all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.