# Cortex XDR By integrating **Cortex XDR** with **CybrHawk** via Cortex XDR’s APIs, you can seamlessly ingest alerts into CybrHawk and take advantage of Cortex XDR’s advanced alert stitching and investigation features. This integration enables CybrHawk to manage incidents by reviewing and updating incident details, statuses, and assignees directly within your existing workflows. Additionally, CybrHawk can: * Retrieve detailed endpoint information * Trigger response actions on endpoints * Deploy installation packages through Cortex XDR APIs . This enhances automation, visibility, and response across your security environment. *** ## Prerequisites Before proceeding, please ensure that Cortex XDR is properly configured and activated with the necessary permissions.\ If it hasn’t been set up yet, refer to the onboarding checklist here:\ [➡ Cortex XDR Onboarding Checklist](https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Cloud-Documentation/Cortex-XDR-onboarding-checklist) *** ## Step 1. Obtain Cortex XDR API Key 1. Access the **Cortex XDR Application Dashboard**. 2. Navigate to **Settings → Configurations**. ![Cortex XDR Settings](/files/VMrX8IrBZ3i9zOKjkcSu) 3. Go to **Integrations → API Keys**. ![Cortex XDR API Keys](/files/64GAu5A2zz5bUfUQLZZb) 4. Select **+ New Keys**. 5. Assign the **Advanced** security level. ![Cortex XDR New API Key](/files/E17E64AhtZdmNWflIqxD) 6. Copy the **API Key**. ![Cortex XDR Copy API Key](/files/ehuKyU6nIqOgmsui6mAK) *** ## Step 2. Obtain Cortex XDR API ID 1. Navigate to the **API Keys** page. 2. Copy the **API ID** value for the created API Key. *** ## Step 3. Obtain Cortex XDR FQDN 1. On the **API Keys** page, right-click your created API Key and select **View Example**. ![Cortex XDR View Example](/files/sfnd7F9PBrCzLANmD5F7) 2. Review the CURL Example URL — it contains your unique **FQDN**, for example: ``` https://TENANT.xdr.us.paloaltonetworks.com/ ``` ![Cortex XDR FQDN Example](/files/okemHw4hLTCYnvhHOA4i) *** ## Step 4. Configure CybrHawk Integration Provide the following information to CybrHawk: * API Key * API ID * Cortex URL (FQDN) *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cybrhawksoc.gitbook.io/cybrhawk-docs/siem-integrations/endpoint-protection/cortex-xdr.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.