Cortex Cloud

Cortex Cloud

Overview

The Cortex Cloud integration is currently under development.

This document captures the currently understood API access and permissions needed to import Attack Surface Management (ASM) asset data from Cortex Cloud into the Praetorian Guard Platform (PGP).

Based on the current Cortex Cloud API documentation, we expect this integration to pull ASM-related asset inventory and external service data from Cortex Cloud in a read-only manner.

At this stage, we presume the API endpoints and permissions below will be used to provide better filtering and enrichment of the Cortex Cloud asset data that Guard can import.

We expect the imported data to be used to create or enrich assets in PGP, including items such as:

  • IP ranges
  • Domain assets
  • Other ASM-discovered external assets represented in Cortex Cloud

API Endpoints Needed

The following Cortex Cloud API endpoints are currently expected to be required:

Get Asset Groups

Get Assets

Get External Services

  • Endpoint: /public_api/v1/assets/get_external_services
  • Documentation: Get All Services

Required Permissions

Because this integration is still under development, the exact permission names may change once implementation and validation are complete. However, the Cortex Cloud API credentials will need enough access to perform the following read-only operations:

  • Read asset groups
  • Read assets
  • Read external services

At a minimum, the integration will need API access sufficient to call:

  • /public_api/v1/asset-groups
  • /public_api/v1/assets
  • /public_api/v1/assets/get_external_services

Notes

  • This integration is not yet finalized.
  • The final implementation may refine how filtering and enrichment are performed once the API response formats and permission model are fully validated.
  • The intended integration behavior is read-only: PGP would query Cortex Cloud for ASM data and would not modify Cortex Cloud configuration or assets.