Allow Radiant to collect alerts from Palo Alto Networks Cortex XSIAM
In this guide, you'll create API credentials in Cortex XSIAM to enable Radiant to collect alerts.
At the end of this configuration, you will provide Radiant Security with these items:
API Key
API Key ID
API URL (FQDN)
Prerequisites
Generate API credentials in Palo Alto
Follow the steps in the Cortex XSIAM guide to generate the three items needed to enable the API connection with Radiant:
Create a new API Key. Be sure to copy and store it carefully, as it cannot be retrieved later and can present a security risk if used in an unauthorized fashion.
Important Note: If you do not see the option to add a new key, it means that you do not have the permissions to create access keys. Make sure that you are logged in as an admin.
Get your Cortex XSIAM API Key ID.
Get your FQDN. (it should have a similar form to <customer>.xdr.us.paloaltonetworks.com)
From the navigation menu, click Settings > Data Connectors and click + Add Connector.
Search for and select the Palo Alto Cortex XSIAM REST API option and then click Data Feeds.
Under Select your data feeds, select the Palo Alto Cortex XSIAM Cases data feed and then click Credentials.
Under Credential Name, give the credential an identifiable name (e.g. PAN Credentials). If you already have a credential in place, select it from the drop-down menu. Click Credentials.
In the Required Credentials field, enter the API Base URL (https://api-<YOUR_FQDN>), API Key and API Key ID.
