Collecting URL and File log types - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-16
Category
Administrator Guide
Abstract

Learn about the implications of turning off or on collection of URL and File logs.

For Palo Alto Networks integrations, you can choose whether to collect URL and File type logs. These logs enhance your cyber analytics, correlation rules and visibility for investigation. However, if you want to reduce ingestion charges, you can globally turn off collection of URL and File log types for all PALO ALTO NETWORKS INTEGRATIONS.

When collection is turned off, some detectors won’t detect cyber attacks or provide full context, and correlation rules won’t be able to detect cyber events. For a full list of affected detectors, see Detectors connected to URL and File log types.

You can also calculate the amount of ingestion that URL and File log types are consuming by looking at the NGFW dashboard. This dashboard provides an overview of the PAN-NGFW ingestion status of all log types (including URL and File log types) and their daily consumption quota. For more information, see NGFW Ingestion Dashboard.

You can turn on or off URL and File log types collection on the Data Sources page.