: Products that Use Cortex Data Lake
Focus
Focus

Products that Use Cortex Data Lake

Table of Contents

Products that Use
Cortex Data Lake

Learn about the different Palo Alto Networks products that interact with
Cortex Data Lake
Cortex Data Lake
interacts with several different products. Some products send logs to
Cortex Data Lake
, while others display and analyze the log data it contains.

Products that send logs to
Cortex Data Lake

You can onboard individual firewalls directly to
Cortex Data Lake
. Use the
Cortex Data Lake
app to view all log records that the firewalls forward to
Cortex Data Lake
.
If you’re using Panorama, you can onboard firewalls to
Cortex Data Lake
at scale, instead of onboarding each individual firewall. All
Cortex Data Lake
logs are visible directly in Panorama.
With Prisma Access, Palo Alto Networks deploys and manages the security infrastructure globally to secure your remote networks and mobile users. Prisma Access logs directly to
Cortex Data Lake
. You can view the logs, ACC, and reports from Panorama for an aggregated view into your remote network and mobile user traffic. To enable logging for Prisma Access, you must purchase a
Cortex Data Lake
license. Log traffic does not use the licensed bandwidth you purchased for Prisma Access.

Products that use logs stored in
Cortex Data Lake

AIOps for NGFW
uses
Cortex Data Lake
log data to assess the health of your firewalls and generate alerts. You can also view
Cortex Data Lake
log data from within
AIOps for NGFW
.
Prisma Access (Cloud-Managed)
Cloud-managed Prisma Access enables you to view and filter your log data, and it can generate reports on your log data.
IoT Security is a cloud-based app that ingests the device data that next-generation firewalls collect from network traffic and send to
Cortex Data Lake
. IoT Security then uses this data to discover the “things” on your network and identify normal device behavior and detect suspicious activity.
Panorama
Panorama displays logs stored in Cortex Data Lake. The Panorama ACC and reports give you an aggregated view into your remote network traffic.
SaaS Security Inline uses
Cortex Data Lake
logs to discover users and provide SaaS application usage data about those users.
Cortex XDR
If you extend your firewall security policy to mobile users and remote networks using Prisma Access or GlobalProtect, you can also forward related traffic logs to
Cortex Data Lake
. The analytics engine can then analyze those logs and raise alerts on anomalous behavior.
Cortex XSOAR
In
Cortex XSOAR
Marketplace, install the
Cortex Data Lake
Content Pack
to run queries for critical threat logs, social applications, threat logs, etc. You can also Install the
PAN-OS to
Cortex Data Lake
Monitoring content pack
to monitor the PAN-OS FW log in a recurring job.
Cortex
Xpanse™
Cortex
Xpanse™
consumes GlobalProtect login events on a daily basis to surface external exposures on employee networks.

Recommended For You