The Palo Alto Networks Cortex Data Lake stores the context-rich enhanced network logs generated by our security products, including our next-generation firewalls, Prisma Access, and Cortex XDR. With Cortex Data Lake, you can collect ever-expanding volumes of data without needing to plan for local compute and storage, and it's ready to scale from the start. And most Cortex apps use the Cortex Data Lake to access, analyze, and report on your network data.

This cloud-based logging infrastructure is available in multiple regions. Review the Cortex Data Lake privacy datasheet for details on how network data is captured, processed, and stored.

Date Highlight
24 February 2021 For an improved log management experience, Cortex Data Lake now supports additional log fields, a new format for log forwarding through email, and log forwarding profile enhancements. Visit the release notes to learn more.
15 January 2021 The Cortex Data Lake app now enables you to Explore your log data and generate onboarding keys in a redesigned user interface.
9 December 2020 For compliance with regional data privacy regulations, you can now select Australia as a host region when you activate Cortex Data Lake.
2 November 2020

You can now forward logs from within the Cortex Data Lake app, enabling you to conveniently manage onboarding, storage, and log transmission in a single application.

As a result of this change, you may notice additional log filters and filters that you are unable to modify. For more information, see the release notes.

26 October 2020 To help you better monitor your Cortex Data Lake data using Panorama, you can now generate scheduled reports on it if you have the proper version of Panorama and the Cloud Services plugin.
30 September 2020 For compliance with regional data privacy regulations, you can now select Japan as a host region when you activate Cortex Data Lake.
31 July 2020 For compliance with regional data privacy regulations, you can now select Canada as a host region when you activate Cortex Data Lake.
17 July 2020 Firewalls running PAN-OS 10.0 or later can now connect to Cortex Data Lake through a proxy server.
10 July 2020 As a result of an infrastructure upgrade, Cortex Data Lake now has new FQDNs.  If you are sending logs from another vendor's firewall, please allow access to the FQDNs for your Cortex Data Lake region. Failure to do so will cause log transmission to cease.
1 July 2020

For compliance with regional data privacy regulations, you can now select the UK or Singapore as a host region when you activate Cortex Data Lake.

15 June 2020 The quota manager now features a detailed breakdown of firewall log types and a simpler method of allocating remaining storage to help you more easily manage your Cortex Data Lake log storage.

Documentation

Cortex Data Lake Getting Started Guide


Everything you need to start sending logs to Cortex Data Lake.

Palo Alto Networks Compatibility Matrix


Find compatibility information for Cortex Data Lake.

Cortex Data Lake Release Notes


Learn about new features, and what we're working on to make Cortex Data Lake even better.

Log Forwarding Schema Reference


View log field names, their descriptions, and their equivalents in other log record formats to help you configure log forwarding from Cortex Data Lake.

Additional Resources

Canadian Cloud Hosting Option for Cortex Data Lake


Read about the option to host Cortex Data Lake in Canada and our ongoing commitment to data residency and privacy.