Configure Your Network Devices - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide

Configure your firewalls and Panorama for log forwarding to Cortex XDR.

With a Cortex XDR Pro per GB license, if you use Palo Alto Networks firewalls as a traffic log source, you must configure your firewalls and Panorama log forwarding to Cortex XDR. Ensure you have first deployed your network devices.

  1. Onboard Panorama-Managed Firewalls.

  2. Configure firewalls to forward the necessary logs to Cortex XDR.

    Cortex XDR provides centralized, cloud-based log storage for firewalls, and Panorama provides an interface you can use to view the stored logs. The rich log data forwarded by firewalls provides the Cortex XDR analytics engine the network visibility it requires to perform data analytics.

    To support Cortex XDR, firewalls must forward at least Traffic logs to Cortex XDR. The complete set of log types that a firewall must forward is listed below.

    • Traffic (required)

    • Threat (spyware, anti-exploit, anti-malware, dns security, etc)

    • URL Filtering

    • User-ID

    • HIP

    • Enhanced application logs (PAN-OS 8.1.1 or later)

    Enhanced application logs are designed to increase visibility into network activity for Palo Alto Networks Cloud Services apps, and Cortex XDR requires these logs to support certain features.

    Follow the complete workflow to configure Panorama-managed firewalls to forward logs to Cortex XDR.