Paloalto Cortex XDR dashboard into Grafana

PuddyPuddy · March 18, 2025, 1:56pm

Hello,

I am trying to set up a dashboard in Grafana to monitor my AV incidents. I followed the instructions in this topic.

I installed the Infinity plugin and configured the authentication for Cortex XDR. However, when I test the authentication, I encounter a 500 error.

Could you provide more context or guidance on resolving this issue? Thank you!

yosiasz · March 18, 2025, 2:21pm

Welcome @PuddyPuddy

What did you try for the authentication, can you share a screen shot? Also something from your grafana logs?

PuddyPuddy · March 18, 2025, 3:35pm

Hello,

Here is what I’m trying to setup the authentification ;

yosiasz · March 18, 2025, 3:37pm

which Auth method did you use? and looks like you do not have the URL set

PuddyPuddy · March 18, 2025, 3:50pm

I’m using the Cortex XDR API (the secret is in the Headers)

yosiasz · March 18, 2025, 3:56pm

did you purposely leave this blank?

PuddyPuddy · March 18, 2025, 3:57pm

Yes, i leave this blank on purpose

yosiasz · March 18, 2025, 4:06pm

you left it blank in order to hide it from your post. if not that might be why it is failing? you either provide that URL here, or in the query for this api in a panel datasource query. if you leave it blank here there is nothing it can authenticate against

PuddyPuddy · March 18, 2025, 4:21pm

It’s optional, but I added it (URL) and nothing changed. When I click on ‘Save & Test’, it authenticates against the health check URL.

yosiasz · March 18, 2025, 6:01pm

can you look at grafana logs, or check the browser console to see what might be wrong and the details error message

PuddyPuddy · March 19, 2025, 12:45pm

Hello,

Here the logs ;

PuddyPuddy · March 19, 2025, 12:46pm

Hello,

the bot keep blocking my reply, but here the logs in txt ;

health check failed with url https://api-apipa.paloaltonetworks.com/api_keys/validate/. error received: unsuccessful HTTP response. 500 Internal Server Error (Grafana)

Failed to load resource: the server responded with a status of 400 (Bad Request) (Browser Console)

PuddyPuddy · March 19, 2025, 1:33pm

I noticed that Grafana (Infinity) trying to execute the following command:

curl --location "command"

it fails. However, when i’m using :

curl -X POST "command"

it works successfully.

yosiasz · March 19, 2025, 1:55pm

hmmm so you api endpoint is called as POST and not GET ?

Also do you have the latest version?

Also which of these auth types are you using?

So configure it as is in datasources but don’t test it as the default seems to not be GET when configuring the datasource, just configure the auth there.

but then when calling your data source make sure to use POST and see what happens

PuddyPuddy · March 19, 2025, 2:01pm

i made it !

i just have to add a body !

Thanks for your help, when i setup all, i update the topic

Topic		Replies	Views
Paloalto Cortex XDR dashboard into Grafana? Configuration api , cortex	15	748	March 18, 2025
Infinity datasource - json query error internal server error 500 Dashboards query-help , datasource , json-api-datasource	17	11800	May 16, 2022
Json query error internal server error 500 Dashboards api	2	1794	November 24, 2022
Connecting to grafana API while using google sso authentication Developers & API	1	881	December 29, 2021
Datasource assistance - Can't seem to get connections to work properly Authentication api , datasource	11	226	May 20, 2024

Paloalto Cortex XDR dashboard into Grafana

Related topics