Learn more about activating a Broker VM with a Files and Folders Collector applet.
Notice
Ingesting logs and data from external sources requires a Cortex XDR Pro per GB license.
The Broker VM provides a Files and Folders Collector applet that enables you to monitor and collect logs from files and folders in a network share for a Windows or Linux directory, directly to your log repository for query and visualization purposes. The Files and Folders collector applet only starts to collect files that are more than 256 bytes and is only supported with a Network File System version 4 (NFSv4). After you activate the Files and Folders Collector applet, you can collect files as datasets (<Vendor>_<Product>_raw
) by defining the following.
Details of the folder path on the network share containing the files that you want to monitor and upload to Cortex XDR.
Settings related to the list of files to monitor and upload to Cortex XDR, where the log format is either Raw (default), JSON, CSV, TSV, PSV, CEF, LEEF, Corelight, or Cisco.
Note
Cortex XDR only supports ingestion of files encoded in UTF-8 format.
Danger
Before activating the Files and Folders Collector applet, review and perform the following:
Know the complete path to the files and folders that you want Cortex XDR to monitor.
Ensure that the user permissions for the network share include the ability to rename and delete files in the folder that you want to configure collection.