Pairing Prisma Cloud Compute with Cortex XSIAM - Learn how to pair Prisma Cloud Compute with Cortex XSIAM for use with the Cortex XDR Agent for Cloud. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation
Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2025-12-29
Category
Administrator Guide
Abstract

Learn how to pair Prisma Cloud Compute with Cortex XSIAM for use with the Cortex XDR Agent for Cloud.

Cortex XSIAM and Prisma Cloud Compute are offering a unified cloud security agent for Windows and Linux. The Cortex XDR Agent for Cloud provides end to end prevention and vulnerability coverage on Linux cloud environments. 

Cortex XDR Agent for Cloud has a single management server that is based on a Cortex XSIAM tenant. Policy management, data, and alerts are first managed between the Cortex XSIAM tenant and Cortex XDR Agent for Cloud, and then runtime protection and vulnerability coverage can be provided on Prisma Cloud Compute and Cortex XSIAM.

Prerequisites

To enable the capabilities of Cortex XDR Agent for Cloud, the Prisma Cloud Compute tenant must be paired with an existing Cortex XSIAM tenant. Pairing is one to one, with the two tenants being in the same region.

Pairing Prisma Cloud Compute to Cortex XSIAM can only be done when both Cortex XSIAM and Prisma Cloud Compute tenants are already active.

Requirements for Windows Hosts

The following are required in order for Windows agents to be visible in the Prisma Cloud Compute tenant:

  • The tenant must have the XDR Cloud per Host license and the Host insights add-on.

  • In the XDR Pro Endpoints section of the Agent Settings profile, enable the XDR Pro Endpoints Capabilities and then enable the Host Insights capabilities.

Note

Vulnerabilities are based on the Cortex vulnerability assessment engine, which may be different than Prisma vulnerability scanning.

Cloud metadata information is not reported for results collected by the Cortex XDR agent running on a Windows endpoint and Compliance Assessment is not supported by the Cortex XDR agent for Cloud.

Pair Prisma Cloud Compute with Cortex XSIAM

  1. From the Prisma Cloud Compute console, copy the access pairing key.

    1. Select ManageSystem, and scroll to Pair Cortex XDR Tenant.

    2. Click the copy icon to copy the Access Key, which is the pairing key used in Cortex XSIAM.

  2. Paste the pairing key in Cortex XSIAM.

    1. Select  SettingsConfigurationsServer Settings, and scroll to Prisma Cloud Compute Tenant Pairing.

    2. Paste the Prisma Cloud pairing key and click Pair.

    After a few seconds, the Cortex XSIAM and Prisma Cloud Compute tenants are paired.

    A Successfully paired with <Prisma Tenant URL> message will be shown.

Unpair Prisma Cloud Compute from Cortex XSIAM

  1. The two paired tenants can be unpaired from either console.

    • In Cortex XSIAM, select SettingsConfigurationsServer Settings, and scroll to Prisma Cloud Compute Tenant Pairing.

    • In Prisma Cloud Compute, select ManageSystem, and scroll to Pair Cortex XDR Tenant.

  2. Click Unpair.

    Note

    Note that all Advanced Vulnerability settings (under the Agent Settings profile) will be reset and all Agent Installations created via the Prisma Cloud Compute console will be deleted.

  3. Confirm the unpairing by clicking Yes at the warning message.

    After a few seconds, the Cortex XSIAM and Prisma Cloud Compute tenants are unpaired.

    Note

    • When unpairing, the Active Vulnerability Analysis Module under the Agent Settings profile is reset to Disable mode.

    • If Prisma Cloud and Cortex XSIAM are to be paired again, the Active Vulnerability Analysis Module must be enabled manually.