Configure Data Collection Settings in Cortex® XDR™ to
receive alerts from Prisma Cloud to Cortex® XDR™.
Ingesting alerts from Prisma Cloud requires
a Cortex XDR Pro per TB license.
To receive alerts
from Prisma Cloud, first configure the Collection Integrations settings
in Cortex XDR. After you set up collection integration, Cortex XDR begins
to receive alerts from Prisma Cloud every 30 seconds.
XDR then groups these alerts into incidents and adds them to the
Alerts table. When Cortex XDR begins receiving the alerts, it creates
a new XQL dataset (
which you can use to initiate XQL Search queries and
create Correlation Rules. The in-app XQL Library contains sample
You can also configure Cortex XDR to collect
data directly from other cloud providers using an applicable collector.
For more information on the cloud collectors, see External Data Ingestion
Vendor Support. The Prisma Cloud alerts are stitched to this
Complete the following tasks before you begin configuring
Cortex XDR to receive alerts from Prisma Cloud.