Set up Managed Threat Hunting - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-16
Category
Administrator Guide
Abstract

Get started with the Managed Threat Hunting service, an add-on security service provided with Cortex XSIAM.

To get started with Managed Threat Hunting:

  1. Open the Cortex XSIAM tenant and approve the pairing request sent to your tenant.

    1. Navigate to Notifications and locate the Request for Pairing notification.

    2. Select Approve and then Yes to confirm.

      After the request is approved, Cortex XSIAM displays the Managed Threat Hunting label at the top of the page.

  2. Configure notification emails for the impact reports and threat inquiries you want to send.

    1. Select SettingsConfigurationsManaged Services.

    2. Enter one or more email addresses to which you want to send reports and inquires and ADD each one.

    3. Save your changes.

  3. Test the email, by going to your defined email address mailbox, and locate the Welcome to the Palo Alto Networks Cortex XSIAM Managed Threat Hunting Service email. If you did not receive the email, contact Customer Support.

  4. (Optional) If desired, forward Managed Threat Hunting alerts to external sources such as email or slack from the SettingsConfigurationsGeneralNotifications page.

    This forwards the alert and the detailed report in a PDF format.