Cortex XSIAM can receive logs from files and folders via FTP, FTPS, and SFTP directly to your log repository for query and visualization purposes.
Cortex XSIAM can receive logs from files and folders via FTP, FTPS, or SFTP directly to your log repository for query and visualization purposes. After you activate the FTP Collector applet on a Broker VM in your network, which includes defining the connection details and settings related to the list of files to monitor and upload to Cortex XSIAM, you can collect files as datasets.
After Cortex XSIAM begins receiving logs from files and folders via FTP, FTPS, or SFTP, Cortex XSIAM automatically parses the logs and creates a dataset with the specific name you set as the target dataset when you configured the FTP Collector using the format <Vendor>_<Product>_raw
. The FTP Collector reads and processes the configured FTP files one by one, as well as any new FTP files added to the configured files and folders, in the FTP directory according to the execution frequency of collection that you configured, and adds the data in these files to the dataset. You can then use XQL Search queries to view logs and create new Correlation Rules.
Configure Cortex XSIAM to receive logs as datasets from files and folders via FTP, FTPS, or SFTP.
Activate the FTP Collector applet on a Broker VM within your network.
Use the XQL Search to query and review logs.