Set up Managed Threat Hunting

Cortex XDR provides the Managed Threat Hunting service as an add-on security service. To use Cortex XDR Managed Threat Hunting, you must purchase a Managed Threat Hunting license and have a Cortex XDR Pro for Endpoint license with a minimum of 500 endpoints.
Managed Threat Hunting augments your security by providing 24/7, year-round monitoring by Palo Alto Networks threat researchers and Unit 42 experts. The Managed Threat Hunting teams proactively safeguard your organization and provide threat reports for critical security incidents and impact reports for emerging threats that provide an analysis of exposure in your organization. In addition, the Managed Threat Hunting team can identify incidents and provide in-depth review of related threat reports.
To get started with Managed Threat Hunting:
  1. Access the Cortex XDR app and approve the pairing request sent to your Cortex XDR tenant.
    1. Navigate to notification-icon.png and locate the
      Request for Pairing
      notification.
      pairing-request.png
    2. Select
      Approve
      and then
      Yes
      to confirm.
      After the request is approved, Cortex XDR displays the Managed Threat Hunting label at the top of the page.
  2. Configure notification emails for the impact reports and threat inquiries you want Cortex XDR to send.
    1. Select
      gear.png
      Settings
      Managed Threat Hunting
      .
    2. Enter one or more email addresses to which you want to send reports and inquires and
      ADD
      each one.
      report-forwarding.png
    3. Save
      your changes.
  3. (Optional) If desired, forward Managed Threat Hunting alerts to external sources such as email or slack from the
    gear.png
    Settings
    Notifications
    page.
    This will forward both the alert itself and the detailed report in a PDF format.

Recommended For You