Cortex XDR – guardsix Service Desk

Alert Rules

The Cortex XDR integration pulls incidents from Palo Alto Cortex XDR into Logpoint so you can review and take action on them from Logpoint’s Incidents page. The integration uses Universal REST API Fetcher-based CortexXDRFetcher to poll the Cortex XDR API on a schedule and creates or updates the corresponding incidents in Logpoint.

If you manage Logpoint nodes with Director, you can configure the integration once in Director and deploy it to your fleet using the Director Console or the Director Console API.

Release Details

Version:1.0.0

Release date: April 07, 2026

Supported On: Logpoint v7.4.0. or later, Universal REST API Fetcher v3.0.0

Documentation: Cortex XDR guide

SHA 256: e1a51052cbc04feea4761ea06278f687d95f29b930c6e254b542805bbf15ef4f

Download

Key Information

The integration fetches incident data only.
Data sync is one-way from Cortex XDR to Logpoint.
Incidents created in Logpoint are assigned to the admin user.
Cortex XDR is not supported in the distributed Logpoint setup.

Support

If you have any questions or require assistance, create a support ticket.

Alert Rules

Key Information

Support

Comments