Add Cortex XDR based on public documentation

[pep-un]

The documentation used is on Corted XDR Pro on 2024-01-15

Pull Request Template

Description

Please provide the below information so we can validate before merging:

1. Does the proposed EDR feature align with our definition of telemetry?(definition here)
2. Could you please provide documentation to support the telemetry you are proposing?(If it is held privately, please reach out to me or @inodee)
3. If no documentation is available for all the categories you are proposing, could you provide screenshots or sanitized logs?

1: Yes \ 2: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Endpoint-Data-Collection \ 3: N/A

Type of change

Please delete options that are not relevant.

• [x] New tool (suggesting additional tools for improving collection and analysis)

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration.

• [x] No test, only documentation review

Test Configuration:

• EDR version: 2024-01-15
• Operating System version: N/A

Checklist:

• [x] My code follows the style guidelines of this project
• [x] I have performed a self-review of my own code
• [ ] I have made corresponding changes to the documentation
• [ ] I have added tests that prove my corrections or additions are accurate
• [ ] I have checked my code and corrected any misspellings

Don't stress yourself out, just answer the above to the best of your ability and we can discuss in the comments 🙂

[tsale]

Thanks very much for this submission @pep-un! I'll be reviewing this over the next couple of days and let you know if I have any questions! 🙏

[Sam0x90]

After discussion with @tsale, here attached is a quick update based on public documentation. Happy to discuss and help on this case. xdr_telemetry.txt