Cloud Identity Engine is an optional service that enables you to leverage Active Directory user, group, and computer information in Cortex XDR, and to provide context when you investigate alerts. You can use Active Directory information in policy configuration and endpoint management.
When using the Cloud Identity Engine (previously called Directory Sync Service (DSS)) with a Cortex XDR Pro license, you can use XQL Query to query the data using the
After you finish the setup, Cortex XDR automatically updates when the Cloud Identity Engine updates.
To set up the Cloud Identity Engine:
Navigate and log into the hub.
Activate and configure your Cloud Identity Engine instance as described in the Cloud Identity Engine Getting Started guide.
The Cloud Identity Engine must be activated in the same region as Cortex XDR.
Activating a Cloud Identity Engine instance on your Cortex XDR account will allow you to pair your Cortex XDR tenant with the Active Directory information collected by the Cloud Identity Engine instance. During the Activation step, make sure to take note of the instance name you create.
After you complete the Cloud Identity Engine Getting Started steps, navigate and log into your Cortex XDR management console.
Wait about ten minutes after you have activated the instance before you do this.
In the Cortex XDR app, select → → → .
Add the Cloud Identity Engine instance you want to Cortex XDR to use.
In the Add Cloud Identity Engine dialog, select the App Instance Name you created in the hub and Save.