Cortex XDR - Incidents connector for Microsoft Sentinel
Custom Data connector from DEFEND to utilise the Cortex API to ingest incidents from Cortex XDR platform into Microsoft Sentinel.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | {{graphQueriesTableName}} |
| Data collection rules support | Not currently supported |
| Supported by | DEFEND Ltd. |
Query samples
All Cortex XDR Incidents
{{graphQueriesTableName}}
| sort by TimeGenerated desc
Prerequisites
To integrate with Cortex XDR - Incidents make sure you have:
- Cortex API credentials: Cortex API Token is required for REST API. See the documentation to learn more about API. Check all requirements and follow the instructions for obtaining credentials.
Vendor installation instructions
Enable Cortex XDR API
Connect Cortex XDR to Microsoft Sentinel via Cortex API to process Cortex Incidents.
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for