In the Deployment Wizard, follow the list of What needs to be done in each step to guide you through the required configurations, including the relevant API credentials.
Configure your fetching integration.
For this tutorial, configure a Palo Alto Networks Cortex XDR - Investigation and Response integration instance for endpoint detection.
In Cortex XDR, generate the API key.
Under → → , click New Key to generate the API Key and API Key ID.
Copy the server URL for your integration instance by clicking Copy URL from the API Keys page.
In the Security Level field, select Advanced.
In the Role field, select the appropriate role for your required actions, for example Instance Administrator.
Click Save.
Copy the API key.
Copy the ID from the API keys table.
In the Deployment Wizard, paste the API API Key and ID into the fetching integration settings and follow the list of What needs to be done .
Set up your playbook to process incoming incidents.
Use the Malware Investigation & Response Incident Handler playbook (recommended) with the out of the box settings. You can later modify it as needed to optimize your investigation. See Review the Malware Investigation & Response Incident Handler Playbook and Customize the Malware Investigation & Response Incident Handler Playbook.
Set up any supporting integrations.
For this tutorial, configure integration instance settings for:
Palo Alto Networks Wildfire v2 (forensics and malware analysis)
EWS V2 (mail sender)
Palo Alto Networks Autofocus v2 (data enrichment and threat intelligence)
VirusTotal (API v3) (data enrichment and threat intelligence)
Enable your the Palo Alto Networks Cortex XDR - Investigation and Response integration instance to start fetching incidents.