Configure Your Network Devices - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Cortex XDR
Creation date
Last date published
Administrator Guide

With a Cortex XDR Pro per GB license, if you use Palo Alto Networks firewalls as a traffic log source, you must configure your firewalls and Panorama log forwarding to Data Lake. Ensure you have first deployed your network devices.

  1. Onboard Panorama-Managed Firewalls to Cortex Data Lake.

  2. Configure firewalls to forward Cortex XDR -required logs to Data Lake.

    The Data Lake provides centralized, cloud-based log storage for firewalls, and Panorama provides an interface you can use to view the stored logs. The rich log data that firewalls forward to the Data Lake provides the Cortex XDR analytics engine the network visibility it requires to perform data analytics.

    To support Cortex XDR , firewalls must forward at least Traffic logs to the Data Lake. The complete set of log types that a firewall should forward to the Data Lake are:

    • Traffic (required)

    • Threat (spyware, anti-exploit, anti-malware, dns security, etc)

    • URL Filtering

    • User-ID

    • HIP

    • Enhanced application logs (PAN-OS 8.1.1 or later)

    Enhanced application logs are designed to increase visibility into network activity for Palo Alto Networks Cloud Services apps, and Cortex XDR requires these logs to support certain features.

    Follow the complete workflow to configure Panorama-managed firewalls to forward logs to the Cortex Data Lake.