Note
Ingesting logs and data requires a Cortex XDR Pro per GB license.
To provide you with a more complete and detailed picture of the activity involved in an incident, you can ingest data from a variety of external, third-party sources in Cortex XDR .
Log/Data Type | Vendor Support |
---|---|
Network Connections | |
Authentication Services/Audit Logs | |
Operation and System Loggers | |
Cloud Assets | |
Custom External Sources |
Cortex XDR can receive logs or both logs and alerts from the source. Depending on the data source, Cortex XDR can provide visibility into your external data in the form of:
Log stitching with other logs such as to create network or authentication stories.
Raw data in queries from XQL Search.
Alerts reported by the vendor throughout Cortex XDR , such as in the Alerts table, incidents, and views.
Alerts raised by Cortex XDR on log data such as Analytics alerts
To ingest data, you must set up the Syslog Collector applet on a Broker VM within your network.