App to pull alert information from Palo Alto's Cortex XDR Get Alerts API endpoint.
The app can be installed on a forwarder or a search head (in the case of Cloud Victoria Experience).
The default sourcetype for this addon is cortex:xdr:alerts, which by default will poll the Cortex XDR API once per minute.
Version 1.0.0 is the initial release.
None, this is the initial release.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.