Windows DHCP via Elasticsearch Filebeat - Learn more about the Windows DHCP Standard Collector and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex

Windows DHCP via Elasticsearch Filebeat - Learn more about the Windows DHCP Standard Collector and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-11

Category

Administrator Guide

Abstract

Learn more about the Windows DHCP Standard Collector and content pack integrations in Cortex XSIAM.

You can configure collecting Windows DHCP logs using a Standard Collector or with a content pack integration:

Windows DHCP vendor	Description
Standard Collector (basic) overview	Forward logs to Cortex XSIAM from Windows DHCP logs using Elasticsearch Filebeat with the Windows DHCP data source.
Link to Standard Collector instructions	Ingest logs from Windows DHCP using Elasticsearch Filebeat
Link to content pack details	The Microsoft DHCP content pack processes and normalizes audit logs from the Dynamic Host Configuration Protocol (DHCP) service for security analysis in Cortex XSIAM. It includes modeling Rules and parsing rules for events collected using the XDR Collector via the `microsoft_dhcp_raw dataset`.