Set Up Cloud Identity Engine - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-16
Category
Administrator Guide
Abstract

Learn more about setting up Cloud Identity Engine in Cortex XSIAM.

Cloud Identity Engine (previously called Directory Sync Service (DSS)) is an optional service that enables you to leverage Active Directory user, group, and computer information in Cortex XSIAM, and to provide context when you investigate alerts. You can use Active Directory information in policy configuration and endpoint management. Cortex XSIAM supports on-prem Active Directory and Microsoft Entra.

Note

When using the Cloud Identity Engine , you can use XQL Query to query the data using the pan_dss_raw dataset.

After you finish the setup, Cortex XSIAM automatically updates when the Cloud Identity Engine updates.

To set up the Cloud Identity Engine:

  1. Navigate and log into the hub.

  2. Activate and configure your Cloud Identity Engine instance as described in the Cloud Identity Engine Getting Started guide.

    Note

    The Cloud Identity Engine must be activated in the same region as Cortex XSIAM.

    Activating a Cloud Identity Engine instance on your Cortex XSIAM account will allow you to pair your Cortex XSIAM tenant with the Active Directory information collected by the Cloud Identity Engine instance. During the Activation step, make sure to take note of the instance name you create.

  3. After you complete the Cloud Identity Engine Getting Started steps, navigate and log into your Cortex XSIAM management console.

    Note

    Wait about ten minutes after you have activated the instance before you do this.

    1. In the Cortex XSIAM app, select SettingsConfigurationIntegrationsCloud Identity Engine.

    2. Add the Cloud Identity Engine instance you want to Cortex XSIAM to use.

    3. In the Add Cloud Identity Engine dialog, select the App Instance Name you created in the hub and Save.