Palo Alto Cortex XDR¶
CYDERES supports ingestion of Palo Alto Cortex XDR Alerts, Agent Audit Logs and Management Audit Logs.
- Preferred Method: SYSLOG
Chronicle Data Types¶
- CORTEX_XDR
PART ONE Syslog Destination Forwarder¶
Use this guidewith the fields below to integrate the new destination forwarder
- Name = CYDERES or whatever you decide
- Destination = Enter the FQDN of the cloud forwarder
- Port = CYDERES to provide
- Facility = USER
-
Protocol = TCP + SSL
- NOTE: The CYDERES cloud forwarder supports TLS with PKI (the forwarder DOES NOT support private certificates), leave the certificate field empty.
-
Click 'Save' and move onto part two
PART TWO Log Forwarding Profile¶
Use this guide to configure a forwarding profile for Alerts, Agent Audit Logs and Management Audit Logs.
MITRE ATT&CK Coverage¶
