Next-Generation Firewall - Learn more ingesting firewall data from your Next-Generation Firewall (NGFW) and Panorama devices in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex

Next-Generation Firewall - Learn more ingesting firewall data from your Next-Generation Firewall (NGFW) and Panorama devices in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR 5.x Documentation

Product

Cortex XDR

License

XDR + Cloud

Creation date

2025-07-13

Last date published

2026-06-04

Category

Administrator Guide

Abstract

Learn more ingesting firewall data from your Next-Generation Firewall (NGFW) and Panorama devices in Cortex XDR.

You can configure collecting Next-Generation Firewall logs and data using an integration configured in Data Sources & Integrations or from Marketplace:

Next-Generation Firewall	Description
Data Source overview	You can forward firewall data from your Next-Generation Firewall (NGFW) and Panorama devices to Cortex XDR.
Link to Data Source instructions	Ingest data from Next-Generation Firewall Ingest Next-Generation Firewall logs using the Syslog collector
Links to content pack/integration details	The PAN-OS by Palo Alto Networks content pack manages Palo Alto Networks Firewalls and Panorama via API, allowing users to create, modify, and manage custom security policies, perform configuration commits, manage dynamic lists, perform system upgrades, and query various log types. It contains various playbooks, a classifier (Panorama Classifier) and mapper (Panorama Mapper), issue fields, issue types, and automations/scripts. It also includes the following integration: Palo Alto Networks PAN-OS: Use this integration to manage Palo Alto Networks Firewall and Panorama, including managing Prisma Access through Panorama, creating and managing security policies, and querying logs. This integration includes commands for managing the master key, checking dynamic updates status, downloading and installing various dynamic updates (for example, AntiVirus, WildFire, GlobalProtect Clientless VPN), listing and deleting policy rules (including new types like application-override, authentication, decryption, nat, and pbf), managing addresses and URL categories, retrieving rule hit counts, disabling rules, and performing hygiene checks on various security profiles and configurations.