Ingest Apache Kafka Events as Datasets - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2023-10-31
Last date published
2024-02-28
Category
Administrator Guide
Abstract

Cortex XDR can receive logs and data from Apache Kafka directly to your log repository for query and visualization purposes.

Cortex XDR can receive events from Apache Kafka clusters directly to your log repository for query and visualization purposes. After you activate the Kafka Collector applet on a Broker VM in your network, which includes defining the connection details and settings related to the list of subscribed topics to monitor and upload to Cortex XDR, you can collect events as datasets.

After Cortex XDR begins receiving topic events from the Kafka clusters, Cortex XDR automatically parses the events and creates a dataset with the specific name you set as the target dataset when you configured the Kafka Collector, and adds the data in these files to the dataset. You can then use XQL Search queries to view events and create new Correlation Rules.

Configure Cortex XDR to receive events as datasets from topics in Kafka clusters.

  1. Activate the Kafka Collector applet on a Broker VM within your network.

  2. Use the XQL Search to query and review logs.