Forward logs from Cortex XDR to external services - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-01
Category
Administrator Guide
Abstract

Learn how to forward logs from Cortex XDR to external services such as email, Slack, or a syslog receiver.

You can forward logs from Cortex XDR to an external service. This allows you to stay updated on important alerts and events. Available services include the following:

  • Slack channel and/or syslog receiver: Integrate the service with Cortex XDR. Once the integration is complete, configure notification forwarding specifying the log type you want to forward.

  • Email distribution list: Configure notification forwarding specifying the log type you want to forward.

The following table shows the log types supported for each notification type:

Log Type

Email

Slack

Syslog

Alerts

Agent Audit log

Notice

Requires Cortex XDR Pro per Endpoint

Management Audit log

Data Ingestion Health alerts

Reports