Ingesting logs and data requires a Cortex XDR Pro per TB license.
Cortex XDR can receive data from a client relational database directly to your log repository for query and visualization purposes. After you activate the Database Collector applet on a broker VM in your network, which includes defining the database connection details and settings related to the query details for collecting the data from the database to monitor and upload to Cortex XDR, you can collect data as datasets.
After Cortex XDR begins receiving data from a client relational database, Cortex XDR automatically parses the logs and creates a dataset with the specific name you set as the target dataset when you configured the Database Collector using the format
<Vendor>_<Product>_raw. The Database Collector checks for any changes in the configured database based on the SQL Query defined in the database connection according to the execution frequency of collection that you configured and appends the data to the dataset. You can then use XQL Search queries to view data and create new Correlation Rules.
Configure Cortex XDR to receive data as datasets data from a client relational database.
Activate the Database Collector applet on a broker VM within your network.
Use the XQL Search to query and review logs.