Set Up Directory Sync

Directory Sync is an optional service that enables you to leverage Active Directory user, group, and computer information in Cortex XDR apps to provide context when you investigate alerts. You can use Active Directory information in policy configuration and endpoint management.
After you finish the setup, Cortex XDR syncs with Directory Sync every 24 hours.
To set up Directory Sync:
  1. Add and configure your Directory Sync instance.
  2. Pair the Directory Sync to Cortex XDR apps.
    Pairing can occur during Cortex XDR activation or after you activate Cortex XDR apps.
  3. After you activate and pair Cortex XDR apps with Directory Sync, you must define which Active Directory domain the analytics engine should use.
    Wait about ten minutes after you have paired Directory Sync before you do this.

Pairing Directory Sync

If you did not pair Directory Sync to your Cortex apps during Cortex XDR activation, you can later pair it with your Cortex XDR instance.
  1. Log into the hub.
  2. Click the gear
    Manage Apps
    in the upper-right corner.
  3. Locate the Directory Sync instance that you want to use with Cortex XDR. Make a note of the instance's name, which appears in the left-most column.
    If you have more than one instance, make sure you choose the instance that is in the same region as the Cortex Data Lake instance you are using with your apps.
  4. Pair the Directory Sync instance with your Cortex XDR instance.
    1. Scroll down until you find your Cortex XDR instance in the Cortex XDR section.
    2. Click on its name in the left-most column.
    3. In the resulting pop-up configuration screen, select the desired Directory Sync instance, and then click

Recommended For You