Palo Alto Cortex XDR¶
CYDERES supports ingestion of Palo Alto Cortex XDR Alerts, Agent Audit Logs and Management Audit Logs.
- Preferred Method: SYSLOG
Chronicle Data Types¶
PART ONE Syslog Destination Forwarder¶
Use this guidewith the fields below to integrate the new destination forwarder
- Name = CYDERES or whatever you decide
- Destination = Enter the FQDN of the cloud forwarder
- Port = CYDERES to provide
- Facility = USER
Protocol = TCP + SSL
- NOTE: The CYDERES cloud forwarder supports TLS with PKI (the forwarder DOES NOT support private certificates), leave the certificate field empty.
Click 'Save' and move onto part two
PART TWO Log Forwarding Profile¶
Use this guide to configure a forwarding profile for Alerts, Agent Audit Logs and Management Audit Logs.
MITRE ATT&CK Coverage¶