Cortex Data Lake Log Sources

See the products and services that can send logs to Cortex Data Lake.
Here are the products and services that can send logs to Cortex Data Lake:
  • Palo Alto Networks Firewalls: You can onboard individual firewalls directly to Cortex Data Lake. Use the Explore app to view all log records that the firewalls forward to Cortex Data Lake.
  • Panorama-Managed Firewalls: If you’re using Panorama, you can onboard firewalls to Cortex Data Lake at scale, instead of onboarding each individual firewall. All Cortex Data Lake logs are visible directly in Panorama.
  • Prisma Access: With Prisma Access, Palo Alto Networks deploys and manages the security infrastructure globally to secure your remote networks and mobile users. Prisma Access logs directly to Cortex Data Lake. You can view the logs, ACC, and reports from Panorama for an aggregated view into your remote network and mobile user traffic. To enable logging for Prisma Access, you must purchase a Cortex Data Lake license. Log traffic does not use the licensed bandwidth you purchased for Prisma Access.
  • Cortex XDR: Cortex XDR alerts are automatically written to Cortex Data Lake as log records. This is done so that other apps can read and respond to alerts. These log records are not visible in Explore; however, you can use the Log Forwarding app to forward Cortex XDR alerts to the email or Syslog destination of your choice. You can also configure email alert notifications within Cortex XDR.

Recommended For You