Set Up Directory Sync Service

Directory Sync Service is an optional service that enables you to leverage Active Directory user, group, and computer information in Cortex XDR apps to provide context when you investigate alerts. If you also use Traps for endpoint protection, you can use Active Directory information in policy configuration and endpoint management.
To use the Directory Sync Service:
  1. Add and configure your Directory Sync Service instance.
  2. Pair the Directory Sync Service to Cortex XDR apps.
    Pairing can occur during Cortex XDR activation or after you activate Cortex XDR apps.

Pairing Directory Sync Service

If you did not pair Directory Sync Service to your Cortex apps during Cortex XDR activation, you can later pair it with your Cortex XDR – Analytics and Traps instances.
  1. Log into the Cortex hub.
  2. Click the gear
    Manage Apps
    in the upper-right corner.
  3. Locate the Directory Sync Service instance that you want to use with Cortex XDR apps. Make a note of the instance's name, which appears in the left-most column.
    If you have more than one instance, make sure you choose the instance that is in the same region as the Cortex Data Lake instance you are using with your apps.
  4. Pair the Directory Sync Service instance with your Cortex XDR – Analytics instance.
    1. Scroll down until you find your Cortex XDR – Analytics instance in the Cortex XDR section.
    2. Click on its name in the left-most column.
    3. In the resulting pop-up configuration screen, select the desired Directory Sync Service instance, and then click
  5. Repeat Step 4 to pair your Directory Sync Service with your Traps tenant, if desired.

Related Documentation