Pairing Prisma Cloud Compute with Cortex XSIAM (Beta) - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide
Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-25
Category
Administrator Guide
Abstract

Learn how to pair Prisma Cloud Compute with Cortex XSIAM for use with the unified cloud security agent.

Cortex XSIAM and Prisma Cloud Compute are offering a unified cloud security agent for Linux. The Cloud Security Agent provides end to end prevention and vulnerability coverage on Linux cloud environments. 

The Cloud Security Agent has a single management server that is based on a Cortex XSIAM tenant. Policy management, data, and alerts are managed first between the Cortex XSIAM tenant and the Cloud Security Agent, and then runtime protection and vulnerability coverage can be provided on Prisma Cloud Compute and Cortex XSIAM.

Prerequisites

To enable the capabilities of the Cloud Security Agent, the Prisma Cloud Compute tenant must be paired with an existing Cortex XSIAM tenant. Pairing is one to one, with the two tenants being in the same region.

Pairing Prisma Cloud Compute to Cortex XSIAM can only be done when both Cortex XSIAM and Prisma Cloud Compute tenants are already active.

Pair Prisma Cloud Compute with Cortex XSIAM

  1. From the Prisma Cloud Compute console, copy the access pairing key.

    1. Select ManageSystem, and scroll to Pair Cortex XDR Tenant.

    2. Click the copy icon to copy the Access Key, which is the pairing key used in Cortex XSIAM.

  2. Paste the pairing key in Cortex XSIAM.

    1. Select  SettingsConfigurationsServer Settings, and scroll to Prisma Cloud Compute Tenant Pairing.

    2. Paste the Prisma Cloud pairing key and click Pair.

    After a few seconds, the Cortex XSIAM and Prisma Cloud Compute tenants are paired.

    A Successfully paired with <Prisma Tenant URL> message will be shown.

Unpair Prisma Cloud Compute from Cortex XSIAM

  1. The two paired tenants can be unpaired from either

    console.

    • In Cortex XSIAM, select SettingsConfigurationsServer Settings, and scroll to Prisma Cloud Compute Tenant Pairing.

    • In Prisma Cloud Compute, select ManageSystem, and scroll to Pair Cortex XDR Tenant.

  2. Click Unpair.

    Note

    Note that all Advanced Vulnerability settings (under the Agent Settings profile) will be reset and all Agent Installations created via the Prisma Cloud Compute console will be deleted.

  3. Confirm the unpairing by clicking Yes at the warning message.

    After a few seconds, the Cortex XSIAM and Prisma Cloud Compute tenants are unpaired.

    Note

    • When unpairing, the Active Vulnerability Analysis Module under the Agent Settings profile is reset to Disable mode.

    • If Prisma Cloud and Cortex XSIAM are to be paired again, the Active Vulnerability Analysis Module must be enabled manually.