10-08-2024 11:12 AM
Good day, I am running in circles trying to figure out whether or not I have the access to the "Identity Analytics" module. I'm looking to alert on several Kerberos related alerts, and a few of them require this detection module. Is this module included by default in Cortex XDR Prevent, or does it require Cortex XDR Pro, or is it an add-on for Cortex XDR Prevent that I need to buy?
Thanks.
10-08-2024 11:21 AM
Hi @ScottCloster, thanks for reaching us using the Live Community.
To use the "Identity Analytics" you need to configure the Cloud Identity Engine to send your directory logs to the XDR tenant, you don't need any add-on or special license. Follow the steps from this document: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Enable-the-Analytics-...
If this post answers your question, please mark it as the solution.
10-08-2024 11:21 AM
Hi @ScottCloster, thanks for reaching us using the Live Community.
To use the "Identity Analytics" you need to configure the Cloud Identity Engine to send your directory logs to the XDR tenant, you don't need any add-on or special license. Follow the steps from this document: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Enable-the-Analytics-...
If this post answers your question, please mark it as the solution.
10-08-2024 11:26 AM
Thanks! I had read that bit in the admin guide but still had a bit of uncertainty. I appreciate the quick response.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
