Set Up Cloud Identity Engine - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide

Learn more about setting up Cloud Identity Engine in Cortex XDR.

Cloud Identity Engine (previously called Directory Sync Service (DSS)) is an optional service that enables you to leverage Active Directory user, group, and computer information in Cortex XDR, and to provide context when you investigate alerts. You can use Active Directory information in policy configuration and endpoint management. Cortex XDR supports on-prem Active Directory and Microsoft Entra.


When using the Cloud Identity Engine with a Cortex XDR Pro license, you can use XQL Query to query the data using the pan_dss_raw dataset.

After you finish the setup, Cortex XDR automatically updates when the Cloud Identity Engine updates.

To set up the Cloud Identity Engine:

  1. Navigate and log into the hub.

  2. Activate and configure your Cloud Identity Engine instance as described in the Cloud Identity Engine Getting Started guide.


    The Cloud Identity Engine must be activated in the same region as Cortex XDR.

    Activating a Cloud Identity Engine instance on your Cortex XDR account will allow you to pair your Cortex XDR tenant with the Active Directory information collected by the Cloud Identity Engine instance. During the Activation step, make sure to take note of the instance name you create.

  3. After you complete the Cloud Identity Engine Getting Started steps, navigate and log into your Cortex XDR management console.


    Wait about ten minutes after you have activated the instance before you do this.

    1. In the Cortex XDR app, select SettingsConfigurationIntegrationsCloud Identity Engine.

    2. Add the Cloud Identity Engine instance you want to Cortex XDR to use.

    3. In the Add Cloud Identity Engine dialog, select the App Instance Name you created in the hub and Save.