Home

Location

Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base

Home
Security Operations
Cortex Xpanse
Cortex® Xpanse™ User Guide

Last Updated:

Apr 28, 2022

Table of Contents

Search the Table of Contents

Cortex® Xpanse™ Overview

Cortex® Xpanse™

Cortex Xpanse Products

Service Offerings

Account Basics

Account Access

Expander Access

Provisioning New Accounts

Change Your Password

APIs

Notification Configuration

Cortex Xpanse Product Policies

API Use Policy

Seat Limit Policy

Data Retention Policy

Cortex Xpanse Product Security

Browser Support Policy

Cortex® Xpanse™ Expander

Expander Overview

What is Expander?

Who is Expander for?

Why is Expander valuable?

Expander High-Level Functionality

Assets Overview

Assets API

Assets List View

Filtering and Searching

Filter Options

List View Options

Annotations

Bulk Select

Add Annotations

Remove Annotations

Column

Create Custom Range

Domain Viewing

Exporting Data

Assets Detail View

IP Ranges Detail View

IP Range Section

Attribution, Registration, and GeoIP Data

Annotations for IP Range Detail View

Certificates Detail View

Domains Detail View

Managed Cloud Resources Detail View

Detail View Annotations

Workforce Network Detail View

Workforce Device Detail View

Issues

Issue Data Structure

Issues API

Requesting Changes to Your Organization's Issue Policies

List View

Mini-dashboard

Search and Filter Bar

Issues List

Bulk Edit

Detail View

Toolbar

Evidence

History

Email Digests

Remediation Playbook

Who is the Remediation Playbook for?

Devise your Remediation Game Plan

Setting Issue Status to track progress

Registration Records and Business Units to Investigate Affected Assets

Investigating/Adding a Point of Contact to an Asset

Assigning Issues to a Cortex Xpanse User for Investigation and Follow-Up

Issue Email Updates

Tracking Progress Through Comments

Resolved vs. Acceptable Risk Progress Statuses When Closing Issues

Services

Services Concepts

Activity Status

Discovery Methods

Service Classifications

Cloud Management Status

Services vs Issues

Services Feature Walkthrough

Search

Filtering

Column Customization

Table Details

CSV Export

Service Details Page

Inferred CVEs

Search for a Specific CVE ID

View the Inferred CVEs for a Service

Dashboards

Cortex Xpanse Home Page

Home Page Filters and Dashboard Preferences

Expander Home Page Dashboard

Issues Overview Dashboard

Issues Overview Dashboard Layout

Issues Overview Filter Bar Section

Customize Filter Display

Share Dashboard

Attack Surface Overview Dashboard

Attack Surface Overview Dashboard Layout

Filter Bar Section

Share Dashboard

Summary Charts Section

Top Count Summaries Section

Tag Coverage Section

Unmanaged Cloud Overview Dashboard

Unmanaged Cloud Overview Dashboard Layout

Title and Summary Statistics Section

Unmanaged Cloud Charts Section

Compliance Assessments Dashboard

Compliance Assessment Dashboard Content

CMMC L1-L5 Unevaluated Controls

NIST 800-53 Unevaluated Controls

NIST 800-171 Unevaluated Controls

Remote Attack Surface Overview

Remote Attack Surface with Cortex XDR

Remote Attack Surface with GlobalProtect

Remote Attack Surface Assets

Remote Attack Surface Use Cases

Remote Attack Surface Dashboard

Reports

Network Mapping

How are assets attributed to your organization?

How can you contest assets?

Human-in-the-Loop

Data

Scanning

Known Assets Monitoring

Ports and Protocols

GeoIP Collection

IP Registration Records

Certificates

Domains

CSV Export

APIs and Integrations

Cortex® Xpanse™ APIs and Integrations

Expander APIs and Integrations

Expander APIs

Who are Expander APIs for?

Expander High-Level Functionality

Value Delivered

Expander API Documentation

Request a Refresh Token (Deprecated)

Generate Client Credentials

Revoke Client Credentials

Use the Expander API

Additional Support

Integrations

Integration Use Cases

SIEMS

Splunk TA

Who is Splunk TA for?

Splunk TA High-Level Functionality

Value Delivered

Getting an API Token

Splunk TA Add-On Installation

Additional Support

IBM QRadar

Who is the Xpanse IBM QRadar App for?

High-Level Functionality

Value Delivered

Getting an API Token

Xpanse QRadar App Installation

Additional Support

ITSM Systems

ServiceNow ITSM

Who is the Xpanse ServiceNow App for?

High-Level Functionality

Value Delivered

Getting an API Token

Xpanse ServiceNow App Installation

Xpanse ServiceNow App Configuration

Additional Support

Jira Cloud

Who is the Xpanse Jira Cloud App for?

High-Level Functionality

Value Delivered

Xpanse Jira Cloud Installation

Xpanse Jira Cloud Configuration

Run the Xpanse Jira Cloud App

Additional Support

SOARs

Cortex XSOAR (Demisto)

Who is the Xpanse Cortex XSOAR Integration for?

High-Level Functionality

Value Delivered

Request a Refresh Token (Deprecated)

Xpanse Cortex XSOAR Installation

Additional Support

Splunk Phantom

Who is the Xpanse Phantom App for?

High-Level Functionality

Value Delivered

Request a Refresh Token (Deprecated)

Cortex Xpanse Phantom App Installation

Additional Support

Vulnerability Management

Tenable.io

Who is the Cortex Xpanse Tenable.io Integration for?

High-Level Functionality

Value Delivered

Getting Started

Additional Support

Rapid7 InsightVM

Who is the Xpanse Rapid7 InsightVM Integration for?

High-Level Functionality

Value Delivered

Getting an API Token

Cortex Xpanse Rapid7 InsightVM Installation

Xpanse Rapid7 InsightVM Configuration

Run Xpanse Rapid7 InsightVM Integration

Additional Support

CMDBs

IPAMs

AWS Cloud Connector

High-Level Functionality

Value Delivered

Xpanse Cloud Monitoring Connector Configuration

Documentation

Prisma Cloud API Connectors

High-Level Functionality

Value Delivered

Xpanse Prisma Cloud API Connectors Configuration

Cortex XDR API Connector

Generate an API Key in Cortex XDR

Configure the Xpanse XDR API Connector

GlobalProtect API Connector

Support

Contact Support

Glossary

Glossary Terms

Cortex® Xpanse™ Overview
Cortex® Xpanse™ Expander
Cortex® Xpanse™ APIs and Integrations
- Expander APIs and Integrations
Support
- Contact Support
Glossary
- Glossary Terms

Cortex® Xpanse™ User Guide

PDF Cover Image

Last Updated:

Apr 28, 2022

© 2022 Palo Alto Networks, Inc. All rights reserved.