Forcepoint DLP - Learn more about collecting Forcepoint DLP logs using a Syslog Collector applet and content pack integration in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex

Forcepoint DLP - Learn more about collecting Forcepoint DLP logs using a Syslog Collector applet and content pack integration in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR 5.x Documentation

Product

Cortex XDR

License

XDR + Cloud

Creation date

2025-07-13

Last date published

2026-06-04

Category

Administrator Guide

Abstract

Learn more about collecting Forcepoint DLP logs using a Syslog Collector applet and content pack integration in Cortex XDR.

You can configure collecting Corelight Zeek logs using a Broker VM Syslog Collector applet or with a content pack integration:

Forcepoint DLP vendor	Description
Syslog Collector applet overview	If you use Forcepoint DLP to prevent data loss over endpoint channels, you can forward logs to Cortex XDR using the Broker VM Syslog Collector applet in a CEF or LEEF format.
Link to Syslog Collector applet instructions	Ingest logs from Forcepoint DLP
Link to content pack/integration details	The Forcepoint DLP content pack fetches security incidents from Forcepoint DLP and ingests them as events into Cortex XDR for processing and analysis. contains the `Forcepoint DLP Modeling Rule`, and the `Forcepoint DLP Parsing Rule`. It also includes the following integration: Forcepoint DLP Event Collector (Beta): Use this integration to fetch security incidents from Forcepoint DLP as Cortex XDR events. This integration is an event collector and utilizes parsing and modeling rules within the content pack for data normalization.