# Welcome to the Docs!

This supporting add-on comes with prebuilt content for Palo Alto Networks Cortex XDR data to be easily used with Splunk Enterprise Security's Asset database. This documentation will cover the components used in the add-on and advanced configurations.

Important

This Supporting add-on is only intended to work with Splunk Enterprise Security deployments.

Disclaimer

This Splunk Supporting Add-on is not affiliated with Palo Alto Networks and is not sponsored or sanctioned by the Palo Alto Networks team. Please visit https://www.paloaltonetworks.com/ for more information about Palo Alto Networks.

# Assumptions

This documentation assumes the following:

You have a working Splunk Enterprise Security environment. This add-on is not intended to work without Splunk ES.
You already have Palo Alto Networks Cortex XDR data ingested using the Palo Alto Cortex XDR Endpoint Retriever .
Familiarity with setting up a new Asset source in Enterprise Security.

# About

Info	Description
SA-CortexXDRDevices	Splunkbase \| GitHub
Splunk Enterprise Security Version (Required)	7.x \| 6.x
Palo Alto Cortex XDR Endpoint Retriever (Required)	>=1.1.0
Add-on has a web UI	No, this add-on does not contain views.
Author	Dennis Morton