Set Up Cloud Identity Engine

You can optionally set up directory sync to leverage Active Directory user, group, and computer information in Cortex XDR.
Cloud Identity Engine is an optional service that enables you to leverage Active Directory user, group, and computer information in
Cortex
XDR
, and to provide context when you investigate alerts. You can use Active Directory information in policy configuration and endpoint management.
When using the Cloud Identity Engine (previously called Directory Sync Service (DSS))
with a Cortex XDR Pro license
, you can use XQL Search to query the data using the
pan_dss_raw
dataset.
After you finish the setup,
Cortex
XDR
automatically updates when the Cloud Identity Engine updates.
To set up the Cloud Identity Engine:
  1. Navigate and log into the hub.
  2. Activate and configure your Cloud Identity Engine instance as described in the Cloud Identity Engine Getting Started guide.
    Activating a Cloud Identity Engine instance on your
    Cortex
    XDR
    account will allow you to pair your
    Cortex
    XDR
    tenant with the Active Directory information collected by the Cloud Identity Engine instance. During the Activation step, make sure to take note of the instance name you create.
  3. After you complete the Cloud Identity Engine Getting Started steps, navigate and log into your
    Cortex
    XDR
    management console.
    Wait about ten minutes after you have activated the instance before you do this.
    1. In the
      Cortex
      XDR
      app, select
      Settings
      Configuration
      Integrations
      Cloud Identity Engine
      .
    2. Add the Cloud Identity Engine instance you want to
      Cortex
      XDR
      to use.
    3. In the
      Add Cloud Identity Engine
      dialog, select the
      App Instance Name
      you created in the hub and
      Save
      .

Recommended For You