Ingest logs from a Syslog receiver - To extend visibility, Cortex Cloud can receive Syslog from additional vendors that use CEF or LEEF formatted over Syslog (TLS not supported). - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation
Product
Cortex Cloud Application Security > Cortex CLOUD
License
Cloud Runtime Security
Creation date
2024-12-24
Last date published
2026-06-04
Category
Administrator Guide
Abstract

To extend visibility, Cortex Cloud can receive Syslog from additional vendors that use CEF or LEEF formatted over Syslog (TLS not supported).

Notice

Requires the Data Collection add-on.

Cortex Cloud can receive Syslog from a variety of supported vendors (see External data ingestion vendor support). In addition, Cortex Cloud can receive Syslog from additional vendors that use CEF, LEEF, CISCO, CORELIGHT, or RAW formatted over Syslog.External data ingestion vendor support

After Cortex Cloud begins receiving logs from the third-party source, Cortex Cloud automatically parses the logs in CEF, LEEF, CISCO, CORELIGHT, or RAW format and creates a dataset with the name <vendor>_<product>_raw. You can then use XQL Search queries to view logs and create new IOC, BIOC, and Correlation Rules.

To receive Syslog from an external source:

  1. Set up your Syslog receiver to forward logs.

  2. Activate the Syslog collector applet on a Broker VM within your network. For more information, see Activate the Syslog Collector.

  3. Use the XQL Search to search your logs.