Set Up Directory Sync Service

Directory Sync Service is an optional service that enables you to leverage Active Directory user, group, and computer information in Cortex XDR apps to provide context when you investigate alerts. If you also use Traps for endpoint protection, you can use Active Directory information in policy configuration and endpoint management.
To use the Directory Sync Service:
  1. Activate and configure Directory Sync Service.
  2. Pair the Directory Sync Service to Cortex XDR apps.
    Pairing can occur before or after you activate Cortex XDR apps.

Pairing Directory Sync Service

After Directory Sync Service has been activated and configured, you must pair it with your Cortex XDR – Analytics instance. You can do this when you Activate Cortex XDR Apps. But if you didn't do that, then you can pair Directory Sync with Cortex XDR – Analytics afterwards:
  1. Log into the Cortex Hub.
  2. Click the gear in the upper-right corner.
  3. Locate the Directory Sync Service instance that you want to use with Cortex XDR apps. Make a note of the instance's name, which appears in the left-most column.
    If you have more than one instance, make sure you choose the instance that is in the same region as the Cortex Data Lake instance you are using with your apps.
  4. Scroll down until you find your Cortex XDR – Analytics instance. Click on its name in the left-most column.
  5. In the resulting pop-up configuration screen, select the Directory Sync Service instance that you located in Step 3.
  6. Repeat Steps 4 - 5 to pair the Directory Sync Service with Traps.
  7. Click OK to complete the pairing.

Related Documentation