This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XDR API requests

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cortex XDR API requests

OrkhanM
L1 Bithead

‎06-19-2025 05:25 AM

Hi everyone,

 

There is an problem im facing with. The problem is -- Some of API requests are not shown in "Management Audit Logs". There is another API's which ones can be shown in "Management Audit Logs". Is there other option for this case? To collect unseen API logs? 

0 Likes Likes
1 REPLY 1

eluis
L4 Transporter

‎06-20-2025 06:27 AM

Hello OrkhanM,

 

Related to API logs at Management Audit logs, please refer to the documentation at: 

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Management-audit-log-...

There you can see that there should be logs for the following:

  • API Key: Modification of the Cortex XDR API key.

  • Broker API: Operation related to the Broker application programming interface (API).

  • Public API: Authentication activity using an associated Cortex XDR API key.

If there are missing logs for the documented API logs on the documentation, please open a TAC support ticket with detailed information on which kind of logs there might be missing. 

 

 

Additionally I recommend to perform the following test: 

 

Go to cogwheel settings --> Configurations --> Notifications --> At the top right corner click on black button Add forwarding configuration and then fill out your data, on the filter to add the notifications, please configure/add the following filters: Description contains API OR Type select all APIs options there.

You can add email addresses to send the logs or a syslog server (might be even a siem) or a linux box to store it on a file.

Save it and compare the results of logs you get with this method with the logs you can see from the audit lot window in the XDR tenant configuring the same filters. 

 

 

If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.

 

KR, 

Luis

 

 

  •  



 

  • 291 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks