Cortex XDR Configuration Overview

With Cortex XDR you can use a variety of sensors to integrate all your network, endpoint, and cloud data. For the most complete set of correlated data, you can collect network and cloud data from your Palo Alto Networks firewalls, mobile endpoint data from GlobalProtect and GlobalProtect cloud service, and use either Traps or Pathfinder to collect endpoint data. However you can also use Cortex XDR apps with either Palo Alto Networks firewalls, GlobalProtect, or Traps.
The following workflow highlights the tasks that you must perform (in order) to configure Cortex XDR apps. Each individual task focuses on setting up critical components (for example, the Cortex Data Lake, the Cortex XDR apps, and Traps).
  1. Confirm that you have Everything You Need to Configure Cortex XDR.
  2. Assign roles to the users who will activate Cortex XDR apps.
    You must be assigned the four app and service roles when you activate the Cortex XDR or activation will fail.
  3. Set up Cortex Data Lake.
    1. Activate Cortex Data Lake on the Cortex hub.
    2. If you plan to use Traps, and want to use the same Cortex Data Lake instance for both firewall logs and Traps logs, you must associate Panorama with the Cortex Data Lake instance. See License and Install the Cloud Services Plugin.
    3. Manage Logging Storage for Cortex XDR.
  4. (Optional) Set Up Directory Sync Service.
  5. Use the Palo Alto Networks Cortex hub to Activate Cortex XDR Apps.
  6. Set up additional Cortex XDR app components:

Related Documentation