Ingest Prisma Access Browser logs into Cortex XDR.
Cortex Prisma Access Browser is a browser designed specifically for enterprise use, and is fortified with security features to protect users and organizations. You can configure Cortex XDR to ingest Prisma Access Browser logs into a dataset called panw_prisma_access_browser_raw, that can be queried using XQL. This integration gives you visibility into alerts that are generated by the browser. The ingested data can also be used for performing threat hunting queries and correlations within the Cortex platform.
Only one instance of this collector can be created per Cortex XDR tenant.
In Cortex XDR, select → → → .
On the Collection Integrations page, locate your Prisma Access Browser data source and select Add Instance to begin a new connection.
In the Connect Prisma Access Browser dialog box, select the checkbox for Connect Prisma Access Browser to this account.
Click Connect.
Connection can take up to several minutes.
On the Collection Integrations page, expand Prisma Access Browser to track the status of your instance.
Validate that data is streaming to your tenant by using XQL to query the dataset
panw_prisma_access_browser_raw.
After you have created a Prisma Access Browser instance, you can use the Collection Integrations page to view information about the integration, or delete the instance.