Connector from XDR and AWS portal

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Connector from XDR and AWS portal

L2 Linker

Hello, 

 

Is there a way to create a connector between cortex console and AWS portal that can fetch EC2 information as soon as the agent comes online and then populate the data received by this connector into the XDR.

 

Thanks !

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi @NivedaR it is not clear from your question what you're referring to - whether it is about XDR agents running on EC2 instances in AWS within a private subnet, or metadata about EC2 instances.

 

If it is the former, I believe you have AWS instances that have no route to internet (private subnet).

In this case, you can leverage a NAT instance or a Broker VM (link here). I'd recommend using the Broker VM as it provides additional functionalities that a NAT instance cannot (caching, proxying etc.). Keep in mind that you need to configure the agents to leverage the proxy. You can do it in one of the following ways:
1. during installation - use the proxy_list parameter (link here)

2. post-installation - use cytool proxy set <IP:port> (link here) or set a system-wide proxy

 

If it is the latter, here you go: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/external-data-ingestion/ing...

View solution in original post

2 REPLIES 2

L5 Sessionator

Hi @NivedaR it is not clear from your question what you're referring to - whether it is about XDR agents running on EC2 instances in AWS within a private subnet, or metadata about EC2 instances.

 

If it is the former, I believe you have AWS instances that have no route to internet (private subnet).

In this case, you can leverage a NAT instance or a Broker VM (link here). I'd recommend using the Broker VM as it provides additional functionalities that a NAT instance cannot (caching, proxying etc.). Keep in mind that you need to configure the agents to leverage the proxy. You can do it in one of the following ways:
1. during installation - use the proxy_list parameter (link here)

2. post-installation - use cytool proxy set <IP:port> (link here) or set a system-wide proxy

 

If it is the latter, here you go: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/external-data-ingestion/ing...

L2 Linker

Thank you !

  • 1 accepted solution
  • 1839 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!