Activate Cortex Data Lake

After purchasing Cortex Data Lake, you received an auth code that you’ll use to activate Cortex Data Lake. The steps here describe how to do that, which includes:
  • Generating the key that firewalls that fireawlls need to authenticate directly to Cortex Data Lake.
  • (Optional) Merging logs from a Traps Included Storage instance of Cortex Data Lake with a new Cortex Data Lake instance.
If you’re using Panorama or GlobalProtect cloud service:
If you want to forward logs to Cortex Data Lake from Panorama-managed firewalls, or you’re using GlobalProtect cloud service, you should use the Customer Support Portal to activate Cortex Data Lake instead of the Cortex hub. To learn more about when to use the Cortex hub or the Customer Support Portal to activate Cortex Data Lake, see Cortex Data Lake License and Activation.
  1. Activate Cortex Data Lake.
    1. Log in to the Cortex hub.
    2. Click
      Activate New App
    3. Enter the
      Auth Code
      you received to activate Cortex Data Lake and
    4. Enter an
      Instance Name
      so that you can identify this app instance in the Cortex hub, and provide an optional
    5. Select the
      you want to host the Cortex Data Lake instance:
    6. (If you’re using Traps management service) Select the
      Cortex Data Lake
      instance with Traps Included Storage-100GB so that you can merge the logs from the 100GB tenant into the Cortex Data Lake instance that you are activating.
    7. Click
      Agree and Activate
    8. Verify the Cortex Data Lake is successfully activated on the Cortex hub.
  2. In the Cortex hub, log in to the Cortex Data Lake app instance you just activated.
  3. Select
    and configure the log storage quota for the log types that you plan to forward to Cortex Data Lake.
    By default, when you add a new log source like the firewall, quota is not allocated for the log types that belong to this source. Until you configure the log storage quota, logs are not saved in Cortex Data Lake.
  4. Stop here if:
    Otherwise, if you’re planning to directly onboard firewalls to Cortex Data Lake without Panorama, continue to the next step.
  5. Select
    Firewall On-Boarding
    Generate PSK
    to generate the pre-shared key that firewalls need to securely connect to Cortex Data Lake.
    Copy this PSK—when you close out of this page, you will no longer be able to reference it, and you need it continue to set up firewalls to log to Cortex Data Lake.
    PSKs are valid for 24 hours, and generating a new PSK invalidates any PSKs generated earlier. You can use this PSK for as many firewalls as you’d like to onboard to Cortex Data Lake in the 24-hour period that it’s valid. You do not need to generate different PSKs for each firewall that you want to onboard.
  6. Continue to Forward Logs to Cortex Data Lake. This includes enabling the firewalls to connect to Cortex Data Lake, and specifying the log types that you want firewalls to forward.

Related Documentation