Cortex XDR can receive logs from files and folders in a network share directly to your log repository for query and visualization purposes.
Note
Ingesting logs and data requires a Cortex XDR Pro per GB license.
Cortex XDR can receive logs from files and folders in a network share directly to your log repository for query and visualization purposes. After you activate the Files and Folders Collector applet on a Broker VM in your network, which includes defining the connection details and settings related to the list of files to monitor and upload to Cortex XDR, you can collect files as datasets.
After Cortex XDR begins receiving logs from files and folders in a network share, Cortex XDR automatically parses the logs and creates a dataset with the specific name you set as the target dataset when you configured the Files and Folders Collector using the format <Vendor>_<Product>_raw
. The Files and Folders Collector reads and processes the configured files one by one, as well as any new files added to the configured files and folders, in the network share according to the execution frequency of collection that you configured and adds the data in these files to the dataset. You can then use XQL Search queries to view logs and create new Correlation Rules.
Note
The Files and Folders Collector applet only starts to collect files that are more than 256 bytes.
Configure Cortex XDR to receive logs as datasets from files and folders in a network share.
Activate the Files and Folders Collector applet on a Broker VM within your network.
Use the XQL Search to query and review logs.