Set Up Traps

Also available with Cortex XDR are Traps agents and Traps management service. If you choose to use Traps to monitor and collect endpoint data instead of or in addition to Pathfinder, use this workflow to set up Traps management service. After you Activate Cortex XDR and are assigned a role in Cortex hub, you can begin to set up Traps management service and get started with Traps.
  1. Verify the status of your Traps management service tenant.
    1. From the hub, click the gear icon next to your name.
    2. In the Traps area, review the
      STATUS
      for Traps management service tenant you just activated.
      cloud-services-portal-tenant-status.png
      When Traps management service tenant is available, the status changes to the green check mark.
  2. Access your Traps management service tenant for the first time.
    There are two ways to access your Traps management service tenant: Return to the hub (https://apps.paloaltonetworks.com/) and select your tenant from Traps management service tile; or go directly to the web address for your tenant (
    https://
    <prefix>
    .traps.paloaltonetworks.com
    ).
  3. Configure security profiles and assign them to your endpoints.
    Traps provides out-of-the box exploit and malware protection. However, at minimum, you must enable
    Data Collection
    in an Agent Settings profile to leverage Traps data in Cortex XDR apps.
  4. Install Traps on your endpoints.
    Data collection for Windows endpoints is available with Traps 6.0 and later releases and on endpoints running Windows 7 SP1 and later releases. Data collection on macOS and Linux endpoints are available with Traps 6.1 and later releases.
  5. If you haven’t done so already, allocate logging storage in Cortex Data Lake for Traps and Endpoint Data collection.

Related Documentation