Windows DHCP via Elasticsearch Filebeat - Learn more about the Windows DHCP Standard Collector and content pack integrations in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex

Windows DHCP via Elasticsearch Filebeat - Learn more about the Windows DHCP Standard Collector and content pack integrations in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR 5.x Documentation

Product

Cortex XDR

License

XDR + Cloud

Creation date

2025-07-13

Last date published

2026-06-04

Category

Administrator Guide

Abstract

Learn more about the Windows DHCP Standard Collector and content pack integrations in Cortex XDR.

You can configure collecting Windows DHCP logs using a Standard Collector or with a content pack integration:

Windows DHCP vendor	Description
Standard Collector (basic) overview	Forward logs to Cortex XDR from Windows DHCP logs using Elasticsearch Filebeat with the Windows DHCP data source.
Link to Standard Collector instructions	Ingest logs from Windows DHCP using Elasticsearch Filebeat
Link to content pack details	The Microsoft DHCP content pack processes and normalizes audit logs from the Dynamic Host Configuration Protocol (DHCP) service for security analysis in Cortex XDR. It includes modeling Rules and parsing rules for events collected using the XDR Collector via the `microsoft_dhcp_raw dataset`.