Manage credentials - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation
Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-04-25
Category
Administrator Guide

Credentials simplify and compartmentalize administrative tasks, and enable you to save login information without exposing usernames, passwords, certificates, and SSH keys. You can reuse credentials across multiple systems, for example, when using the same administrator password across multiple endpoints.

After you set up a credential, you can configure integration instances to use it instead of entering the name and password manually.

How to add credentials to an integration instance

  1. Create the credential.

    1. Select SettingsConfigurationsIntegrationsCredentialsNew Credential.

    2. Add the following parameters:

      Parameters

      Description

      Credential Name

      The name of the credential. You select this name when adding the credential to the integration instance.

      Username

      The username for the credential.

      Workgroup

      The workgroup to associate this credential with. Relevant for third-party services, such as Active Directory, CyberArk, and HashiCorps.

      Password

      The password for the credential. For example, add the API Key when defining the API credential.

      Certificate

      Certificate or SSH to use for the credential.

    3. Save the credential.

  2. Add the credential to the integration instance.

    1. Go to Data CollectionAutomation & Feed Integrations and select the integration instance you want to add the credential.

    2. Click Add instance.

    3. Locate the relevant section and click Switch to credentials.

      If there is more than one credential, select the relevant credential.

    4. Test and click Save & Exit the integration.

Configure an external credentials vault

Cortex XSIAM integrates with external credential vaults, which enables you to use them without hard coding or exposing the credentials. The credentials are not stored in Cortex XSIAM, but the integration fetches the credentials from the external vault when called. The credentials are passed to the relevant executed integrations as part of the integration parameters.

Sample credentials provider integrations:

After the integration is configured to fetch credentials, you can also use them in scripts and playbooks. To use these credentials in an integration, click Switch to credentials in an integration instance, and select the necessary credential from the drop-down menu.