Cortex XSIAM can receive logs and data from Apache Kafka directly to your log repository for query and visualization purposes.
Cortex XSIAM can receive events from Apache Kafka clusters directly to your log repository for query and visualization purposes. After you activate the Kafka Collector applet on a Broker VM in your network, which includes defining the connection details and settings related to the list of subscribed topics to monitor and upload to Cortex XSIAM, you can collect events as datasets.
After Cortex XSIAM begins receiving topic events from the Kafka clusters, Cortex XSIAM automatically parses the events and creates a dataset with the specific name you set as the target dataset when you configured the Kafka Collector, and adds the data in these files to the dataset. You can then use XQL Search queries to view events and create new Correlation Rules.
Configure Cortex XSIAM to receive events as datasets from topics in Kafka clusters.
Activate the Kafka Collector applet on a Broker VM within your network.
Use the XQL Search to query and review logs.