Note: Please refer to the following before installing the solution:

• Review the solution Release Notes

• There may be known issues pertaining to this Solution, please refer to them before installing.

The Palo Alto Networks Cortex XDR Microsoft Sentinel Solution pulls log directly from the Cortex XDR platform via API. The solution is configured to pull the Incidents from the Cortex XDR platform every 5 minutes and ingest them into Microsoft Sentinel. The solution is dependent on the Cortex XDR API Key and API Key ID. The API Key ID is used as the polling key path and the API Key is used as the header for the API request. The solution also includes 3 analytics rules to detect the creation of incidents based on the severities (High, Medium, Low).

Data Connectors: 2, Parsers: 1, Analytic Rules: 3

Learn more about Microsoft Sentinel | Learn more about Solutions