Palo Alto XDR API
This guide explains how to integrate Palo Alto Cortex XDR with RedCarbon.
Overview
The Palo Alto XDR integration allows RedCarbon to ingest incidents and alerts from the Cortex XDR platform via the public API.
- Vendor Documentation: Palo Alto XDR API
Configuration
To configure the integration, you need to generate an API Key in the Cortex XDR management console.
Step 1: Generate an API Key
- Log in to the Cortex XDR management console.
- Navigate to Configuration > Integrations > API Keys.
- Click Generate New Key.
Step 2: Set Permissions
Configure the API key with the following settings:
- Security Level: Standard
- Role: Investigator (or a custom role with Incident Management: View permissions)
Step 3: Copy Credentials
Once the key is generated, copy the following information (it will not be shown again):
- API Key ID (this is your API Key)
- API Key (this is your Secret)
- API URL (the base URL for your Cortex instance)
Step 4: Configure RedCarbon
- Log in to the RedCarbon Dashboard.
- Navigate to the customer's Integrations page.
- Select Palo Alto Cortex XDR.
- Paste the API Key ID, API Key (Secret), and API URL.
- Click Save and then Test.
Severity Mapping
| Original Severity | RedCarbon Score |
|---|---|
| Low | 10 |
| Medium | 40 |
| High | 70 |
| Critical | 90 |