Palo Alto Cortex EDR - Endpoint Security & Vuln Mgmt

Created by David Esposito, Modified on Sat, 2 Nov, 2024 at 7:16 AM by David Esposito

Method: API Keys

Estimated Time to Complete: 15 minutes

Installer: Cortex Administrator


Installation Pre-Setup Requirements

Asset management requires at least one of the following licenses:


  • Cortex XDR Prevent

  • Cortex XDR Pro per Endpoint


Create API Key

  1. In Cortex XDR, navigate to Settings > Configurations > Integrations > API Keys.

  2. Select + New Key.

    1. Choose Standard for the type of API Key

    2. Do not set a time limit on the key

    3. Select a role with sufficient access. The following levels of access are required.

      1. READ on /endpoints/get_endpoints

      2. READ on /endpoints/get_endpoint // NOTE: not plural

      3. READ on /incidents/get_incidents

      4. READ on /alerts/get_alerts

  3. Generate and copy the API Key.

    1. NOTE: You will not be able to view the API Key again after you complete this step. Ensure that you copy it before closing the notification.

  4. Get your Cortex XDR API Key ID.

    1. In the API Keys table, locate the ID field.

    2. Note your corresponding ID number. This value represents the x-xdr-auth-id:{key_id} token.

  5. Get your FQDN.

    1. Right-click your API key and select View Examples.

    2. Copy the CURL Example URL. The example contains your unique FQDN with the following format:
      https://api-{fqdn}/public_api/v1/{name of api}/{name of call}/

  6. Enter the keykey_id, and fqdn into the installation form below.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article