Cortex XDR supports integration with cloud platforms like Microsoft Azure to ingest asset data, improving visibility into cloud-based assets and enhancing incident investigation by correlating cloud events with endpoint and network data. TheCloud Inventoryfeature in Cortex XDR is designed to collect and manage asset data from cloud providers, including Azure, providing details such as virtual machines, storage accounts, and network configurations.
Correct Answer Analysis (C):Cloud Inventoryshould be configured to integrate asset data from Microsoft Azure. This feature allows Cortex XDR to pull in metadata about Azure assets, such as compute instances, networking resources, and configurations, enabling better visibility and correlation during incident investigations. Administrators configure Cloud Inventory by connecting to Azure via API credentials (e.g., using an Azure service principal) to sync asset data into Cortex XDR.
Why not the other options?
A. Azure Network Watcher: Azure Network Watcher is a Microsoft Azure service for monitoring and diagnosing network issues, but it is not directly integrated with Cortex XDR for asset data ingestion.
B. Cloud Identity Engine: The Cloud Identity Engine integrates with identity providers (e.g., Azure AD) to sync user and group data for identity-based threat detection, not for general asset data like VMs or storage.
D. Microsoft 365: Microsoft 365 integration in Cortex XDR is for ingesting email and productivity suite data (e.g., from Exchange or Teams), not for Azure asset data.
Exact Extract or Reference:
TheCortex XDR Documentation Portalexplains cloud integrations: “Cloud Inventory integrates with Microsoft Azure to collect asset data, enhancing visibility and incident investigation byproviding details on cloud resources” (paraphrased from the Cloud Inventory section). TheEDU-260: Cortex XDR Prevention and Deploymentcourse covers cloud data integration, stating that “Cloud Inventory connects to Azure to ingest asset metadata for improved visibility” (paraphrased from course materials). ThePalo Alto Networks Certified XDR Engineer datasheetincludes “data ingestion and integration” as a key exam topic, encompassing Cloud Inventory setup.
[References:, Palo Alto Networks Cortex XDR Documentation Portal:https://docs-cortex.paloaltonetworks.com/, EDU-260: Cortex XDR Prevention and Deployment Course Objectives, Palo Alto Networks Certified XDR Engineer Datasheet:https://www.paloaltonetworks.com/services/education/certification#xdr-engineer, ]
Submit