# Palo Alto Networks Cortex XSIAM

In this guide, you'll create API credentials in Cortex XSIAM to enable Radiant to collect alerts.

At the end of this configuration, you will provide Radiant Security with these items:

* **API Key**
* **API Key ID**
* **API URL (FQDN)**

### Prerequisites

* [ ] System Admin access to Cortex XSIAM

### **Generate API credentials in Palo Alto**

Follow the steps in the [Cortex XSIAM guide](https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM-REST-API/Cortex-XSIAM-Overview) to generate the three items needed to enable the API connection with Radiant:

1. Create a new **API Key**. Be sure to copy and store it carefully, as it cannot be retrieved later and can present a security risk if used in an unauthorized fashion.

{% hint style="warning" %}
**Important Note**: If you do not see the option to add a new key, it means that you do not have the permissions to create access keys. Make sure that you are logged in as an admin.
{% endhint %}

2. Get your **Cortex XSIAM API Key ID**.
3. Get your **FQDN**. (it should have a similar form to `<customer>.xdr.us.paloaltonetworks.com`**)**

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**.
3. Search for and select the **Palo Alto Cortex XSIAM REST API** option and then click **Data Feeds**.
4. Under **Select your data feeds**, select the **Palo Alto Cortex XSIAM Cases** data feed and then click **Credentials**.
5. Under **Credential Name**, give the credential an identifiable name (e.g. `PAN Credentials`). If you already have a credential in place, select it from the drop-down menu. Click **Credentials**.
6. In the **Required Credentials** field, enter the API Base URL (`https://api-<YOUR_FQDN>`), API Key and API Key ID.&#x20;
7. Click **Add Connector**.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/palo-alto-networks-cortex-xsiam.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.