Cortex XDR
Cortex XDR API URIs are made up of your unique FQDN, the API name, and name of call. For example, https://api-{fqdn}/public_api/v1/{name of api}/{name of call}/.
The following steps describe how to generate the necessary key values:
Get your Cortex XDR API Key:
In Cortex XDR, navigate to Settings > Configurations > Integrations > API Keys.
Select + New Key.
Choose the type of API Key you want to generate based on your desired security level: Advanced or Standard. The Advanced API key hashes the key useing a nonce, a random string, and a timestamp to prevent replay attacks. cURL does not support this but is suitable with scripts. Use the provided script to create the advanced API authentication token.
Note: To integrate with Cortex XSOAR you must generate an Advanced Key.
If you want to define a time limit on the API key authentication, mark Enable Expiration Date and select the expiration date and time.
Navigate to Settings > Configurations > Integrations > API Keys to track the Expiration Time field for each API key.
In addition, Cortex XDR displays a API Key Expiration notification in the Notification Center one week and one day prior to the defined expiration date.
Provide a comment that describes the purpose for the API key, if desired.
Select the desired level of access for this key. You can select from the list of existing Roles, or you can select Custom to set the permissions on a more granular level. Roles are available according what was defined in the hub as described in the Manage Roles section of the Cortex XDR Administrator’s Guide.
Generate the API Key.
Copy the API key, and then click Done. This value represents your unique Authorization:{key}.
You will not be able to view the API Key again after you complete this step. Ensure that you copy it before closing the notification.
Get your Cortex XDR API Key ID.
In the API Keys table, locate the ID field.
Note your corresponding ID number. This value represents the x-xdr-auth-id:{key_id} token.
Get your FQDN.
Right-click your API key and select View Examples.
Copy the CURL Example URL. The example contains your unique FQDN: https://api-{fqdn}/public_api/v1/{name of api}/{name of call}/ You can use the CURL Example URL to run the APIs.
Providing Information to Configure SecurIST
After generating the API key, please provide the following information to us to complete the configuration on our side:
- API Key: The API key you generated.
- Unique FQDN
Log Source Details:
- Type of log data (e.g., security events, user activities).
- Any specific identifiers or tags you use.
Log Data Format:
- Format of the logs being sent (e.g., JSON).
Log Source IP Address:
- The IP address from which the logs will be sent.
Please send the above details to our support team via an "Onboard Log source request in your SecurIST platform
Getting Help
If you encounter any issues or need assistance during this process, our support team is here to help. You can reach out to us through:
Support Portal: Submit a ticket via our support portal for detailed assistance. Documentation: Refer to our extensive documentation library for troubleshooting and additional guides.
By providing these details, we will be able to configure SecurIST to accept and process Bitdefender logs for your SIEM service.