https://store-images.s-microsoft.com/image/apps.10302.e58b577c-961e-4c26-a0c3-7ba12bcca455.33a8393a-7cc1-4154-bdb8-ab11fb11311d.10bb50d3-e0c2-4e4c-b696-1aa5f6931800
Cortex XDR Data Connector
Defend Limited
Cortex XDR Data Connector
Defend Limited
Cortex XDR Data Connector
Defend Limited
Data connector to ingest incidents from Cortex XDR via API
The solution contains a data connector which is built using the Codeless Connector Platform. The data connector follows a modern approach of using API to collect incidents from Cortex XDR, rather than following the traditional approach of using a syslog/CEF forwarder. This helps organizations save the overhead of deploying and maintaining a virtual machine to act as the syslog forwarder. The solution is also cost-efficient since it doesn't require any extra resource that needs to be hosted in Azure or any environment to collect the incidents from Cortex XDR. It is to be noted that the data connector only pulls the "Incidents" from Cortex XDR and not all raw logs. Future improvements would be to add alerts and raw logs from Cortex XDR into Sentinel via a Codeless Connector Platform.
https://store-images.s-microsoft.com/image/apps.21022.e58b577c-961e-4c26-a0c3-7ba12bcca455.33a8393a-7cc1-4154-bdb8-ab11fb11311d.b885fb55-62e4-4e4b-a2c9-e7457592122a
https://store-images.s-microsoft.com/image/apps.21022.e58b577c-961e-4c26-a0c3-7ba12bcca455.33a8393a-7cc1-4154-bdb8-ab11fb11311d.b885fb55-62e4-4e4b-a2c9-e7457592122a