1. Home
    2. Security Operations
    3. Cortex Data Lake
    4. Cortex Data Lake Getting Started
    5. Monitor Cortex Data Lake
    6. Inventory

    Inventory

    Manage the devices connected to
    Cortex Data Lake
     from the Inventory tab.
    From the
    Inventory
     page, you can view a list of Panorama appliances, firewalls, and Prisma Access tenants onboarded to your
    Cortex Data Lake
     instance.
    The list does not show the mapping of a Panorama to its managed firewalls.

    Panorama Appliances

    Generate OTP
     to create the one-time password used to onboard Panorama-managed firewalls to your
    Cortex Data Lake
     instance.
    Add
     a Panorama appliance to onboard a new appliance to your
    Cortex Data Lake
     instance or move an appliance from one instance to another.
    Panorama uses this OTP to install the logging service certificate. For Panorama 10.1 or later, go to the Customer Support Portal to get the OTP for installing the device certificate.
    Name
    The name given to the Panorama when it was registered in the Customer Support Portal. If it was not named, then the name appears as
    Panorama
    .
    Model
    The model of the Panorama
    Serial Number
    The unique serial number of the Panorama
    PAN-OS Version
    The version of PAN-OS that the Panorama is running
    Last Contact Time
    The last time that the Panorama communicated with
    Cortex Data Lake
    , either to query logs or fetch reports
    Certificate Status
    Whether the Panorama has the certificate necessary to connect to
    Cortex Data Lake
    . Hover over the certificate status to see which certificate the Panorama is using to connect to Cortex Data Lake: logging service certificate or device certificate.
    • Needs Certificate
      —The certificate is not installed. This device is not connected to
      Cortex Data Lake
      .
    • Activated
      —This device has the certificate necessary to connect to
      Cortex Data Lake
    • Expired
      —The certificate has expired. The device is unable to connect to
      Cortex Data Lake
       until you renew the certificate.
    • Expiring in 7 Days
      —The certificate will expire in 7 days. Renew the certificate as soon as possible to remain connected to
      Cortex Data Lake
    You can only have one Panorama (or high availability pair) associated with your instance at a time.

    Firewalls

    Check
    only show firewalls that are storing logs
     to hide the firewalls that send data to
    Cortex Data Lake
     only for ingestion and further streaming to other Palo Alto Networks applications.
    Generate PSK
     to create the pre-shared key used to onboard a firewall running PAN-OS 10.0 or earlier to your
    Cortex Data Lake
     instance.
    Add
     a firewall to onboard a new firewall to your
    Cortex Data Lake
     instance or move a firewall from one instance to another.
    Above the firewalls table, you can see the number of firewalls with each connection status.
    Select the chart icon ( ) on any table row to view a chart of the incoming log rate and connectivity history for the firewall:
    Name
    The name given to the firewall when it was registered in the Customer Support Portal. If it was not named, then the name appears as
    Firewall
    .
    Model
    The model of the firewall
    Serial Number
    The unique serial number of the firewall
    PAN-OS Version
    The version of PAN-OS that the firewall is running
    Managed By Panorama
    Whether a firewall is managed by Panorama or is unmanaged
    Connection Status
    Whether the firewall is connected to Cortex Data Lake. This can have four different values:
    • Connected
      —The firewall has an active channel through which it is sending session logs to
      Cortex Data Lake
      .
    • Partially Connected
      —The firewall does not have an active channel through which it is sending session logs to Cortex Data Lake. However, it is sending Enhanced Application logs on a second channel.
    • Disconnected
      —The firewall does not have an active channel through which to send sessions logs to
      Cortex Data Lake
      , and it is not sending Enhanced Application Logs.
    • Need Certificate
      —The firewall does not have the certificate to connect to
      Cortex Data Lake
    Ingestion Rate
    The rate, in logs per second, at which the firewall is sending logs to
    Cortex Data Lake
    Storage Used
    The amount of your
    Cortex Data Lake
     storage capacity that a firewall is using at this point in time
    Apps Using Log Data
    All apps that consume data from the firewall
    Store Log Data
    Choose whether
    Cortex Data Lake
     stores firewall data or only ingests it.
    • On
      Cortex Data Lake
       will store the log data.
    • Off
      Cortex Data Lake
       will only ingest the log data.
    After you toggle
    On
    ,
    Cortex Data Lake
     can take up to 15 minutes to start storing log data for the firewall.
    If this switch is toggled
    On
     and greyed out, this means that the IoT Security package to which you’re subscribed requires that you store log data.
    You can set log retention policy for your entire
    Cortex Data Lake
     instance from
    Storage
    Configuration
    .
    Last Contact Time
    The last time that the device communicated with
    Cortex Data Lake
    , either to send logs or to report telemetry
    Certificate Status
    Whether the firewall has the certificate necessary to connect to
    Cortex Data Lake
    . Hover over the certificate status to see which certificate the Panorama is using to connect to Cortex Data Lake: logging service certificate or device certificate
    • Needs Certificate
      —The certificate is not installed. This device is not connected to
      Cortex Data Lake
      .
    • Activated
      —This device has the certificate necessary to connect to
      Cortex Data Lake
    • Expired
      —The certificate has expired. The device is unable to connect to
      Cortex Data Lake
       until you renew the certificate.
    • Expiring in 7 Days
      —The certificate will expire in 7 days. Renew the certificate as soon as possible to remain connected to
      Cortex Data Lake

    Prisma Access

    View the
    Prisma Access
     instances associated with your
    Cortex Data Lake
     instance.
    Instance Name
    The name given to the
    Prisma Access
     instance when it was registered in the Customer Support Portal. If it was not named, then the name appears as
    Prisma Access
    .
    Ingestion Rate
    The rate, in logs per second, at which
    Prisma Access
     is sending logs to
    Cortex Data Lake
    Storage Used
    The amount of your
    Cortex Data Lake
     storage capacity that the
    Prisma Access
     instance is using is using at this point in time.
    Last Contact Time
    The last time that the
    Prisma Access
     instance communicated with
    Cortex Data Lake

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo