Set up Your Cortex® XDR™ Environment
You can set up the Cortex XDR environment based on your preferences.
To create a more personalized user experience, Cortex XDR enables you to define your
From the Cortex XDR management console, navigate to
to define the following:
Settings ( )
Define Keyboard Shortcuts
Select the keyboard shortcut for the Cortex XDR capabilities.
- In theKeyboard Shortcutssection, change the default settings for:
The shortcut value must be a keyboard letter, A through Z, and cannot be the same for both shortcuts.
- Artifact and Asset Views
- Quick Launcher
Select your own specific timezone. Selecting a timezone affects the timestamps displayed in the Cortex XDR management console, auditing logs, and when exporting files.
- In theTimezonesection, select the timezone in which you want to display your Cortex XDR data.
Define Distribution List Emails
Define a list of email addresses Cortex XDR can use as distribution lists. The defined email addresses are used to send product maintenance, updates, and new version notifications. The email addresses are in addition to e-mails registered with your CSP account.
- In theEmail Contactssection, enter email addresses you want to include in a distribution list. Make sure to select after each email address.
Define Incident Mean Time to Resolve (MTTR)
Define the target incident MTTR you want applied according to the incident severity.
- In theDefine the Incident target MTTR per incident severitysection, enter within how many days and hours you want incidents resolved according to the incident severityHigh,Medium, andLow.The defined MTTR is used to display the Resolved Incident MTTR dashboard widgets.
Define the type of role permissions granted to Palo Alto Networks Support team when opening support tickets. By default, Palo Alto Networks Support is granted read-only access to your tenant.
- In theImpersonation Settingssection, define the level and duration of the permissions.
We recommend that Role permissions are granted only for a specific timeframe, and full administrative permissions is granted only when specifically requested by the support team.
- Select one of the followingRolepermissions:
- Read-Only—Default setting, grants read only access to your tenant.
- Support related actions—Grants permissions to tech support file collection, dump file collection, investigation query,Correlation Rule,BIOC and IOC rule editing, alert starring, exclusion and exception editing.
- Full role permissions—No limitations are applied, grants full permissions to all actions and content on your tenant.
- Set thePermission Reset Timeframe.If you selectedSupport related actionsorFull role permissionsin theRolefield, set a specific timeframe for how long these permissions are valid. Select either7 Days,30 Days, orNo time limitation.
Set up Session Security Settings
The session security settings include:
- Session Expiration—Enables you to define the number of hours after which the user login session will expire. You can also define a one-week expiration time for the Cortex XDR dashboard.
- Allowed Sessions—Enables you to define approved domains and approved IP ranges through which access to Cortex XDR should be allowed.
- User Expiration—Enables you to deactivate an inactive user, and also set the user deactivation trigger period.
- Allowed Domains—Enables you to specify one or more domain names that can be used in your distribution lists.
- From the Cortex XDR management console, select.Settings ( )ConfigurationsSecurity Settings
- UnderSession Expiration, define the following:
- User Login Expiration—Select the amount of session hours after which the user login should expire.
- Dashboard Expiration—Select either7 DaysorAs user login expiration (1 hour)to define the timing of the dashboard expiration.
- UnderAllowed Sessions, define the following:
- Approved Domains—SelectEnabledorDisabled. If enabled, specify the domains from which you want to allow user access to Cortex XDR. You can add or remove domains as necessary.
- Approved IP Ranges—SelectEnabledorDisabled. If enabled, specify the IP ranges from which you want to allow user access to Cortex XDR. You can add or remove IP CIDR addresses as necessary.
- UnderUser Expiration, define if you want toDeactivate Inactive User. By default, user expiration isDisabled, whenEnabledenter the number of days after which inactive users should be deactivated.
- UnderAllowed Domains, specify one or more domain names that users in your organization can be used in your distribution list. For example, when generating a report, ensure the reports are not sent to email addresses outside your organization.
Recommended For You
Recommended videos not found.