Palo Alto Cortex EDR - Endpoint Security & Vuln Mgmt

Method: API Keys

Estimated Time to Complete: 15 minutes

Installer: Cortex Administrator

Installation Pre-Setup Requirements

Asset management requires at least one of the following licenses:

• Cortex XDR Prevent

• Cortex XDR Pro per Endpoint

Create API Key

1. In Cortex XDR, navigate to Settings > Configurations > Integrations > API Keys.

2. Select + New Key.

   1. Choose Standard for the type of API Key

   2. Do not set a time limit on the key

   3. Select a role with sufficient access. The following levels of access are required.

      1. READ on /endpoints/get_endpoints

      2. READ on /endpoints/get_endpoint // NOTE: not plural

      3. READ on /incidents/get_incidents

      4. READ on /alerts/get_alerts

3. Generate and copy the API Key.

   1. NOTE: You will not be able to view the API Key again after you complete this step. Ensure that you copy it before closing the notification.

4. Get your Cortex XDR API Key ID.

   1. In the API Keys table, locate the ID field.

   2. Note your corresponding ID number. This value represents the x-xdr-auth-id:{key_id} token.

5. Get your FQDN.

   1. Right-click your API key and select View Examples.

   2. Copy the CURL Example URL. The example contains your unique FQDN with the following format:
      https://api-{fqdn}/public_api/v1/{name of api}/{name of call}/

6. Enter the key, key_id, and fqdn into the installation form below.