Set up Your Environment - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2024-05-06
Last date published
2024-09-11
Category
Administrator Guide
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XDR/Cortex-XDR-Documentation
Abstract

Learn more about setting up the Cortex XDR environment based on your preferences.

To create a more personalized user experience, Cortex XDR enables you to define your Server and Security Settings.

Note

Keyboard shortcuts, timezone, and timestamp format are not set universally and only apply to the user who sets them.

From the Cortex XDR management console, navigate to SettingsConfigurationsGeneralServer Settings to define the following:

Set up Session Security Settings
Abstract

Learn more about setting up session security settings.

The session security settings include:

  • Session Expiration—Enables you to define the number of hours after which the user login session will expire, and automatic logout for user inactivity. You can also define expiration time for the Cortex XDR dashboard.

  • Allowed Sessions—Enables you to define approved domains and approved IP address ranges through which access to Cortex XDR should be allowed.

    To ensure tenant stability, some of Palo Alto Networks' monitoring tools require external IP address access. When Approved IP ranges are Enabled, access to Palo Alto managed monitoring tools are allowed by default.

  • User Expiration—Enables you to deactivate an inactive user, and also set the user deactivation trigger period.

  • Approved Domains—Enables you to specify one or more domain names that can be used in your distribution lists.

  • Approved IP Ranges—If enabled, specify the IP address ranges from which you want to allow user access (login) to Cortex XDR. You can also choose to limit API access from specific IP addresses.

  1. From the Cortex XDR management console, select SettingsConfigurationsSecurity Settings.

  2. Under Session Expiration, define the following:

    1. User Login Expiration—Select the number of session hours (1 - 24 hours) after which the user login should expire.

    2. Enable Auto Logout—If desired, enable automatic logout, and then select the required period of user inactivity (10 - 30 minutes).

    3. Dashboard Expiration—Select either 7 Days or As user login expiration (hours) to define the timing of the dashboard expiration.

  3. Under Allowed Sessions, define the following:

    1. Approved Domains—Select Enabled or Disabled. If enabled, specify the domains from which you want to allow the user access to Cortex XDR . You can add or remove domains as necessary.

    2. Approved IP Ranges—Select Enabled or Disabled. If enabled, specify the IP ranges from which you want to allow the user access to Cortex XDR . You can add or remove IP CIDR addresses as necessary.

  4. Under User Expiration, define if you want to Deactivate Inactive User. By default, user expiration is Disabled, when Enabled enter the number of days after which inactive users should be deactivated.

  5. Under Approved Domains, specify one or more domain names that users in your organization can use. For example, when generating a report, ensure the reports are not sent to email addresses outside your organization.

  6. Under Approved IP Ranges, specify one or more IP address ranges that can be used to access Palo Alto Networks managed monitoring tools. You can also select whether to limit API access to specific IP addresses.

  7. Save.