Collecting URL and File log types - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Cortex XDR
Creation date
Last date published
Administrator Guide

Learn about the implications of turning off or on collection of URL and File logs.

For Palo Alto Networks integrations, you can choose whether to collect URL and File type logs. These logs enhance your cyber analytics, correlation rules and visibility for investigation. However, if you want to reduce ingestion charges, you can globally turn off collection of URL and File log types for all Palo Alto Networks Integrations.

When collection is turned off, some detectors won’t detect cyber attacks or provide full context, and correlation rules won’t be able to detect cyber events. For a full list of affected detectors, see Detectors connected to URL and File log types.

You can also calculate the amount of ingestion that URL and File log types are consuming by looking at the NGFW dashboard. This dashboard provides an overview of the PAN-NGFW ingestion status of all log types (including URL and File log types) and their daily consumption quota. For more information, see Predefined dashboards.

You can turn on or off URL and File log types collection on the Collection Integrations page.