✅ Palo Alto Connector – Setup Guide

This guide outlines the connector configuration steps and API key generation process for integrating Palo Alto Firewalls with the XDR platform.

🔹 Prerequisites

• Palo Alto Firewall running on a private network
• XDR App Connector to communicate with the firewall
• Admin credentials for API access
• Ensure that the system (App Connector host) is reachable from the firewall

🔐 Generate API Key from Palo Alto Firewall

To allow the App Connector to authenticate with the firewall, generate an API key using the below curl command:

curl -k "https://<Firewall-IP>/api/?type=keygen&user=<admin-username>&password=<admin-password>"

• Replace:

  • <Firewall-IP> with the actual IP of the Palo Alto firewall
  • <admin-username> and <admin-password> with valid admin credentials

The API key returned will be used as the AccessToken in the connector configuration.

⚙️ Configure Palo Alto Connector in XDR

Steps:

1. Go to XDR Console → Connectors → Ingestion
2. Select PaloAlto Connector
3. Click Configure

4. Fill in the following details:

   • Server URL – Example: https://<Firewall-IP>
   • AccessToken – API key generated in the previous step
   • Trust any certificate – true or false depending on SSL setup
   • Has public access? – Set to no (since it’s a private network)
   • App Connector Identifier – Provide the ID or name of the registered App Connector
5. Click Validate and Save