Set Up Cloud Identity Engine

You can optionally set up directory sync to leverage Active Directory user, group, and computer information in Cortex XDR.

Cloud Identity Engine is an optional service that enables you to leverage Active Directory user, group, and computer information in Cortex XDR , and to provide context when you investigate alerts. You can use Active Directory information in policy configuration and endpoint management.

When using the Cloud Identity Engine (previously called Directory Sync Service (DSS))

with a Cortex XDR Pro license

, you can use XQL Search to query the data using the

pan_dss_raw

dataset.

After you finish the setup, Cortex XDR automatically updates when the Cloud Identity Engine updates.

To set up the Cloud Identity Engine:

Navigate and log into the hub.

Activate and configure your Cloud Identity Engine instance as described in the Cloud Identity Engine Getting Started guide.

Activating a Cloud Identity Engine instance on your Cortex XDR account will allow you to pair your Cortex XDR tenant with the Active Directory information collected by the Cloud Identity Engine instance. During the Activation step, make sure to take note of the instance name you create.

After you complete the Cloud Identity Engine Getting Started steps, navigate and log into your Cortex XDR management console.

Wait about ten minutes after you have activated the instance before you do this.

In the Cortex XDR app, select

Settings

Configuration

Integrations

Cloud Identity Engine

Add the Cloud Identity Engine instance you want to Cortex XDR to use.

In the

Add Cloud Identity Engine

dialog, select the

App Instance Name

you created in the hub and

Save

Document:Cortex® XDR Pro Administrator’s Guide

Set Up Cloud Identity Engine

Set Up Cloud Identity Engine

Recommended For You

Document:Cortex® XDR Pro Administrator’s Guide

Set Up Cloud Identity Engine

Set Up Cloud Identity Engine

Recommended For You

Recommended Videos