>
    Set up Cortex XDR for Integration
    Focus
    Download PDF
    Focus
    1. Home
    2. IoT Security
    3. Endpoint Protection
    4. Integrate IoT Security with Cortex XDR
    5. Set up Cortex XDR for Integration
    Download PDF
    IoT Security

    Set up Cortex XDR for Integration

    Table of Contents

    Set up Cortex XDR for Integration

    Set up Cortex XDR for integration with IoT Security through Cortex XSOAR.
    Where Can I Use This?What Do I Need?
    • IoT Security (Managed by IoT Security)
    • IoT Security subscription for an advanced IoT Security product (Enterprise Plus, Industrial OT, or Medical)
    One of the following Cortex XSOAR setups:
    • An IoT Security Third-party Integration Add-on license that includes a cohosted, limited-featured Cortex XSOAR instance
    • A full-featured Cortex XSOAR server
    Generate an advanced API key, which Cortex XSOAR will use when querying the XDR for device attributes. Copy and record the key string, its key ID, and XDR URL into a text editor, so you can enter them in the XSOAR UI when configuring an XDR integration instance.
    1. Generate an advanced API key.
      For more details about creating an API key in Cortex XDR, see Get Started with Cortex XDR APIs.
      1. Log in to Cortex XDR and select SettingsConfigurationsIntegrationsAPI Keys.
      2. Select + New Key, enter the following settings, and then Generate:
        Security Level: Advanced
        Roles: Viewer
        Views: Endpoint Administration
    2. Copy the API key and note its key ID.
      1. Copy the API key and then click Done.
      2. In the API Keys table, note the number in the ID column for the key you just generated.
      3. Open a text editor, paste the key string you just copied, and type the key ID you just noted.
    3. Copy the URL of the XDR server.
      1. Return to SettingsConfigurationsIntegrationsAPI Keys in Cortex XDR, right-click your API key, and then View Examples.
      2. Copy the CURL Example URL.
        This contains your unique FQDN: https://api-<fqdn>
      3. Paste the URL below the API key string and key ID in your text editor.

    © 2025 Palo Alto Networks, Inc. All rights reserved.