Ingest Authentication Logs and Data - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Pro Administrator Guide

Product
Cortex XDR
License
Pro
Creation date
2024-07-16
Last date published
2024-11-04
Category
Administrator Guide
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XDR/Cortex-XDR-Documentation
Abstract

Ingest authentication logs from external authentication services—such as Okta and Azure AD—into authentication stories with Cortex XDR.

Note

Ingesting Authentication Logs and Data requires a Cortex XDR Pro per GB license.

When you ingest authentication logs and data from an external source, Cortex XDR can weave that information into authentication stories. An authentication story unites logs and data regardless of the information source (for example, from an on-premise KDC or from a cloud-based authentication service) into a uniform schema. To search authentication stories, you can use the Query Builder or XQL Search.

Cortex XDR can ingest authentication logs and data from various authentication services.