You can set up any of the following optional outbound integrations:
Integrate with Cortex XSOAR—Send alerts to Cortex XSOAR for automated and coordinated threat response. From Cortex XSOAR, you define, adjust, and test playbooks that respond to Cortex XDR alerts. You can also manage your incidents in Cortex XSOAR with any changes automatically synced to Cortex XDR. For more information, see the in-app documentation in Cortex XSOAR.
Integrate with external receivers such as ticketing systems—To manage incidents from the application of your choice, you can use the Cortex XDR API Reference to send alerts and alert details to an external receiver. After you generate your API key and set up the API to query Cortex XDR , external apps can receive incident updates, request additional data about incidents, and make changes such as setting the status and changing the severity or assign an owner. To get started, see the Cortex XDR API Reference Guide.