Learn how to forward logs from Cortex XDR to external services such as email, Slack, or a syslog receiver.
You can forward logs from Cortex XDR to an external service. This allows you to stay updated on important alerts and events. Available services include the following:
Slack channel and/or syslog receiver: Integrate the service with Cortex XDR. Once the integration is complete, configure notification forwarding specifying the log type you want to forward.
Email distribution list: Configure notification forwarding specifying the log type you want to forward.
The following table shows the log types supported for each notification type:
Log Type | Slack | Syslog | |
---|---|---|---|
Alerts | ✓ | ✓ | ✓ |
Agent Audit log NoticeRequires Cortex XDR Pro per Endpoint | ✓ | — | ✓ |
Management Audit log | ✓ | — | ✓ |
Data Ingestion Health alerts | ✓ | ✓ | ✓ |
Reports | ✓ | ✓ | — |