Set up Your Cortex® XDR™ Environment

You can set up the Cortex XDR environment based on your preferences.
To create a more personalized user experience, Cortex XDR enables you to customize the following:

Define Keyboard Shortcuts

Select the keyboard shortcut for the Cortex XDR capabilities.
  1. From the Cortex XDR management console, select
    Settings ( )
    Configurations
    General
    .
  2. In the
    Keyboard Shortcuts
    section, change the default settings for:
    • Artifact and Asset Views
    • Quick Launcher
    The shortcut value must be a keyboard letter, A through Z
    , and cannot be the same for both shortcuts
    .

Select Timezone

Select your own specific timezone. Selecting a timezone affects the timestamps displayed in the Cortex XDR management console, auditing logs, and when exporting files.
  1. From the Cortex XDR management console, select
    Settings ( )
    Configurations
    General
    Server Settings
    .
  2. In the
    Timezone
    section, select the timezone in which you want to display your Cortex XDR data.

Define Distribution List Emails

Define a list of email addresses Cortex XDR can use as distribution lists. The defined email addresses are used to send product maintenance, updates, and new version notifications. The email addresses are in addition to e-mails registered with your CSP account.
  1. From the Cortex XDR management console, select
    Settings ( )
    Configurations
    General
    Server Settings
    .
  2. In the
    Email Contacts
    section, enter email addresses you want to include in a distribution list. Make sure to select after each email address.

Impersonation Role

Define the type of role permissions granted to Palo Alto Networks Support team when opening support tickets. By default, Palo Alto Networks Support is granted read-only access to your tenant.
  1. From the Cortex XDR management console, select
    Settings ( )
    Configurations
    General
    Server Settings
    .
  2. In the
    Impersonation Settings
    section, define the level and duration of the permissions.
    • Select one of the following
      Role
      permissions:
      • Read-Only
        —Default setting, grants read only access to your tenant.
      • Support related actions
        —Grants permissions to tech support file collection, dump file collection, investigation query, BIOC and IOC rule editing, alert starring, exclusion and exception editing.
      • Full role permissions
        —No limitations are applied, grants full permissions to all actions and content on your tenant.
    • Set the
      Permission Reset Timeframe
      .
      If you selected
      Support related actions
      or
      Full role permissions
      in the
      Role
      field, set a specific timeframe for how long these permissions are valid. Select either
      7 Days
      ,
      30 Days
      , or
      No time limitation
      .
    We recommend that Role permissions are granted only for a specific timeframe, and full administrative permissions is granted only when specifically requested by the support team.

Set up Session Security Settings

The session security settings include:
  • Session Expiration
    —Enables you to define the number of hours after which the user login session will expire. You can also define a one-week expiration time for the Cortex XDR dashboard.
  • Allowed Sessions
    —Enables you to define approved domains and approved IP ranges through which access to Cortex XDR should be allowed.
  • User Expiration
    —Enables you to deactivate an inactive user, and also set the user deactivation trigger period.
  1. From the Cortex XDR management console, select
    Settings ( )
    Configurations
    Security Settings
    .
  2. Under
    Session Expiration
    , define the following:
    1. User Login Expiration
      —Select the amount of session hours after which the user login should expire.
    2. Dashboard Expiration
      —Select either
      7 Days
      or
      As user login expiration (1 hour)
      to define the timing of the dashboard expiration.
  3. Under
    Allowed Sessions
    , define the following:
    1. Approved Domains
      —Select
      Enabled
      or
      Disabled
      . If enabled, specify the domains from which you want to allow user access to Cortex XDR. You can add or remove domains as necessary.
    2. Approved IP Ranges
      —Select
      Enabled
      or
      Disabled
      . If enabled, specify the IP ranges from which you want to allow user access to Cortex XDR. You can add or remove IP CIDR addresses as necessary.
  4. Under
    User Expiration
    , define the following:
    1. Deactivate Inactive User
      —Select
      Enabled
      or
      Disabled
      . If enabled, enter the number of days after which inactive users should be deactivated.
  5. Save
    .

Recommended For You