Products that Use Cortex Data Lake
Table of Contents
Expand all | Collapse all
-
- Cortex Data Lake for Panorama-Managed Firewalls
- Start Sending Logs to a New Cortex Data Lake Instance
- Configure Panorama in High Availability for Cortex Data Lake
- Allocate Storage Based on Log Type
- View Cortex Data Lake Status
- View Logs in Cortex Data Lake
- TCP Ports and FQDNs Required for Cortex Data Lake
- Sizing for Cortex Data Lake Storage
-
- Forward Logs from Cortex Data Lake to a Syslog Server
- Forward Logs from Cortex Data Lake to an HTTPS Server
- Forward Logs from Cortex Data Lake to an Email Server
- Log Record Formats
- Create Log Filters
- Server Certificate Validation
- List of Trusted Certificates for Syslog and HTTPS Forwarding
- Log Forwarding Errors
Products that Use Cortex
Data Lake
Cortex
Data Lake
Learn about the different Palo Alto Networks products
that interact with
Cortex
Data Lake
Cortex
Data Lake
interacts with several
different products. Some products send logs to Cortex
Data Lake
,
while others display and analyze
the log data it contains.Products that send logs to Cortex
Data Lake
Cortex
Data Lake
You can onboard individual firewalls directly to Cortex
Data Lake . Use the
Cortex
Data Lake app to view all log records
that the firewalls forward to Cortex
Data Lake . | |
If you’re using Panorama, you can onboard firewalls
to Cortex
Data Lake at scale, instead of onboarding each individual
firewall. All Cortex
Data Lake logs are visible directly in Panorama. | |
With Prisma Access, Palo Alto Networks deploys
and manages the security infrastructure globally to secure your
remote networks and mobile users. Prisma Access logs directly to
Cortex
Data Lake . You can view the logs, ACC, and reports from Panorama
for an aggregated view into your remote network and mobile user
traffic. To enable logging for Prisma Access, you must purchase
a Cortex
Data Lake license. Log traffic does not use the licensed
bandwidth you purchased for Prisma Access. |
Products
that use logs stored in Cortex
Data Lake
Cortex
Data Lake
AIOps for NGFW uses Cortex
Data Lake log data to assess the health of your firewalls
and generate alerts. You can also view Cortex
Data Lake log data
from within AIOps for NGFW . | |
Prisma Access (Cloud-Managed) | Cloud-managed Prisma Access enables you to view and filter your log data, and
it can generate reports on your
log data. |
IoT Security is a cloud-based app that ingests
the device data that next-generation firewalls collect from network
traffic and send to Cortex
Data Lake . IoT Security then uses this
data to discover the “things” on your network and identify normal
device behavior and detect suspicious activity. | |
SaaS Security Inline uses Cortex
Data Lake logs
to discover users and provide SaaS application usage data about
those users. | |
Cortex XDR | If you extend your firewall security policy to mobile
users and remote networks using Prisma Access or GlobalProtect,
you can also forward related traffic logs to Cortex
Data Lake .
The analytics engine can then analyze those logs and raise
alerts on anomalous behavior. |
Cortex XSOAR | In Cortex XSOAR Marketplace, install the
Cortex
Data Lake Content Pack PAN-OS to to monitor the PAN-OS FW log in a recurring
job.Cortex
Data Lake Monitoring content
pack |
Cortex
Xpanse™ | Cortex
Xpanse™ consumes GlobalProtect login
events on a daily basis to surface external exposures on
employee networks. |