The following guide will walk you through installing
The Cortex XDR REST API is simple, well organized and ease to consume. Most integrations can be achieved with basic cURL-based Bash scripts using API Keys of the basic security level.
@paloaltonetworks/pan-cortex-xdr NodeJS package, besides implementing a 1:1 mapping between API Endpoints and functions, can help a first time Cortex XDR developer with:
- implementation of the advanced security level API Key nonce process
- auto-completion and type safety if using a TypeScript editor
Installing with npm
Get the module from the public NPM repository
Installing from source
In case you need to play with a pre-release version of the package then you can add dependencies from the GitHub public repo.
Source code is written in TypeScript and the build process produces type definition files which means you can leverage strongly type and code auto-complete features.
Introduction to the XdrApi object
The main component of the
@paloaltonetworks/pan-cortex-xdr library is the
XdrApi object that provides namespaces to reach Cortex XDR API endpoints:
- IncidentApi: to deal with incidents and alerts
- AlertApi: to push alerts from third party sources
- EndpointApi: to interface with endpoints
- DeviceControlApi: to manage device control features
- HashExceptionApi: to manage file hash exceptions
- AuditsApi: to retrieve audit reports
- DistributionsApi: to manage endpoint package distributions
A quick reference to functions is each namespace is availabe in the XdrApi Object Reference document
Just obtain a XdrApi object by calling the top level
Passing API KEY material from environmental variables
Set the following environmental variables before calling
PAN_API_KEY_ID: API KEY identifier
PAN_XDR_FQDN: FQDN of the XDR PRO instance
PAN_BASIC_API_KEYbased on the type of API KEY being used
Passing API KEY material explicitly
Use an object with the following attributes as the first argument to
TypeScript code example
@paloaltonetworks/pan-cortex-xdr features a console logger that can be adjusted to be more verbose. By default it dumps messages of
Info or higher severity.
To debug your application set the log level to debug.
Similarly, you can turn console logging completely by setting the log level to