Set up Overview - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Prevent Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide

Learn more about activating and setting up Cortex XDR Prevent.

Before you can use Cortex XDR Prevent, you must set up and activate the Cortex XDR app and set up related apps and services.

  1. Plan Your Deployment.

  2. Set up Cortex XDR

    1. Activate Cortex XDR.

    2. Assign User Roles and Permissions.

    3. Allocate Log Storage.

  3. Set up Palo Alto Networks Data Ingestion.

    You can configure Cortex XDR to stream data from other Palo Alto Networks products directly to your tenant or via Strata Logging Service. To stream data directly, you need to first deploy your network devices and then set up your Palo Alto Networks Integrations.


    Strata Logging Service licenses created as a part of existing Cortex XDR Licenses will remain intact until the end of your remaining contract.

  4. Set up Endpoint Protection.

    1. Plan your Cortex XDR agent deployment.

    2. Create Cortex XDR agent installation packages.

    3. Define endpoint groups.

    4. Deploy the Cortex XDR agent to your endpoints.

    5. Configure your endpoint security policy.

  5. (Optional) Set up Outbound Integration.

    • Integrate with Slack.

    • Integrate with a Syslog Server.

    • Integrate with Cortex XSOAR.

  6. (Optional) Set up Managed Security.

  7. Get started using Cortex XDR.