Set up Your Cortex® XDR™ Environment

You can set up the Cortex XDR environment based on your preferences.
To create a more personalized user experience, Cortex XDR enables you to define your
Server
and
Security Settings
.
From the Cortex XDR management console, navigate to
Settings ( )
Configurations
General
Server Settings
to define the following:

Define Keyboard Shortcuts

Select the keyboard shortcut for the Cortex XDR capabilities.
  • In the
    Keyboard Shortcuts
    section, change the default settings for:
    • Artifact and Asset Views
    • Quick Launcher
    The shortcut value must be a keyboard letter, A through Z
    , and cannot be the same for both shortcuts
    .

Select Timezone

Select your own specific timezone. Selecting a timezone affects the timestamps displayed in the Cortex XDR management console, auditing logs, and when exporting files.
  • In the
    Timezone
    section, select the timezone in which you want to display your Cortex XDR data.

Define Distribution List Emails

Define a list of email addresses Cortex XDR can use as distribution lists. The defined email addresses are used to send product maintenance, updates, and new version notifications. The email addresses are in addition to e-mails registered with your CSP account.
  • In the
    Email Contacts
    section, enter email addresses you want to include in a distribution list. Make sure to select after each email address.

Define Incident Mean Time to Resolve (MTTR)

Define the target incident MTTR you want applied according to the incident severity.
  • In the
    Define the Incident target MTTR per incident severity
    section, enter within how many days and hours you want incidents resolved according to the incident severity
    High
    ,
    Medium
    , and
    Low
    .
    The defined MTTR is used to display the Resolved Incident MTTR dashboard widgets.

Impersonation Role

Define the type of role permissions granted to Palo Alto Networks Support team when opening support tickets. By default, Palo Alto Networks Support is granted read-only access to your tenant.
  • In the
    Impersonation Settings
    section, define the level and duration of the permissions.
    • Select one of the following
      Role
      permissions:
      • Read-Only
        —Default setting, grants read only access to your tenant.
      • Support related actions
        —Grants permissions to tech support file collection, dump file collection, investigation query,
        Correlation Rule,
        BIOC and IOC rule editing, alert starring, exclusion and exception editing.
      • Full role permissions
        —No limitations are applied, grants full permissions to all actions and content on your tenant.
    • Set the
      Permission Reset Timeframe
      .
      If you selected
      Support related actions
      or
      Full role permissions
      in the
      Role
      field, set a specific timeframe for how long these permissions are valid. Select either
      7 Days
      ,
      30 Days
      , or
      No time limitation
      .
    We recommend that Role permissions are granted only for a specific timeframe, and full administrative permissions is granted only when specifically requested by the support team.

Set up Session Security Settings

The session security settings include:
  • Session Expiration
    —Enables you to define the number of hours after which the user login session will expire. You can also define a one-week expiration time for the Cortex XDR dashboard.
  • Allowed Sessions
    —Enables you to define approved domains and approved IP ranges through which access to Cortex XDR should be allowed.
  • User Expiration
    —Enables you to deactivate an inactive user, and also set the user deactivation trigger period.
  • Allowed Domains
    —Enables you to specify one or more domain names that can be used in your distribution lists.
  • From the Cortex XDR management console, select
    Settings ( )
    Configurations
    Security Settings
    .
  • Under
    Session Expiration
    , define the following:
    1. User Login Expiration
      —Select the amount of session hours after which the user login should expire.
    2. Dashboard Expiration
      —Select either
      7 Days
      or
      As user login expiration (1 hour)
      to define the timing of the dashboard expiration.
  • Under
    Allowed Sessions
    , define the following:
    1. Approved Domains
      —Select
      Enabled
      or
      Disabled
      . If enabled, specify the domains from which you want to allow user access to Cortex XDR. You can add or remove domains as necessary.
    2. Approved IP Ranges
      —Select
      Enabled
      or
      Disabled
      . If enabled, specify the IP ranges from which you want to allow user access to Cortex XDR. You can add or remove IP CIDR addresses as necessary.
  • Under
    User Expiration
    , define if you want to
    Deactivate Inactive User
    . By default, user expiration is
    Disabled
    , when
    Enabled
    enter the number of days after which inactive users should be deactivated.
  • Under
    Allowed Domains
    , specify one or more domain names that users in your organization can be used in your distribution list. For example, when generating a report, ensure the reports are not sent to email addresses outside your organization.
  • Save
    .

Recommended For You