Skip to main content

Cortex XSIAM Broker VM

The Palo Alto Networks Broker is a secured virtual machine (VM), integrated with Cortex XSIAM, that bridges our corporate network and Cortex XSIAM. By setting up the broker, we establish a secure connection in which we can route our endpoints, and collect and forward logs and files for analysis.

The Broker can be leveraged for running different services separately on the VM using the same Palo Alto Networks authentication. Once installed, the Broker VM automatically receives updates and enhancements from Cortex XSIAM, providing new capabilities without having to install a new VM.

Broker VM Overview

Following diagram is an illustration of various broker VM features that we can possibly leverage

Broker VM Features

Initial Setup

Perform the following procedures in the order listed below.

Task 1. Generate a token for your broker

  • In XSIAM console, select Settings → Configurations → Data Broker → Broker VMs.
  • Click Add Broker → Generate Token, and copy to your clipboard. The token is valid for 24 hours. A new token is generated each time you select Generate Token.

Task 2. Open the Broker VM URL

Depending on the Broker VM version, navigate to either of the following URLs:

  • From Broker VM version 19.x.x and later: https://<broker_vm_ip_address>:4443
  • From Broker VM version 18.x.x and earlier: https://<broker_vm_ip_address>/

Note

When DHCP is not enabled in your network and there isn’t an IP address for your Broker VM, configure the Broker VM with a static IP using the serial console menu.

Task 3. Log in and set a new password

Log in with the default password !nitialPassw0rd, and then define your own unique password. The password must contain a minimum of eight characters, contain letters and numbers, and at least one capital letter and one special character.

Important

We have configured all of our Broker VM with a common passowrd. And this password is stored in 1Password > MIP Team vault > Broker VM Password

Register the Broker VM

Once the intial setup is complete and a new password has been set. On the Broker VM UI, click on Register and enter the unique Token that was generated in task 1 of the initial setup. This can take up to 30 seconds.

After a successful registration, Cortex XDR displays a notification.

You are directed in Cortex XDR to Settings → Configurations → Data Broker → Broker VMs. The Broker VMs page displays your Broker VM details and allows you to edit the defined configurations.

This page was last reviewed on 12 March 2024. It needs to be reviewed again on 12 March 2025 .
This page was set to be reviewed before 12 March 2025. This might mean the content is out of date.