Cortex Data Lake Known Issues
View open issues with Cortex Data Lake.
Here are the known issues we’re working on for Cortex Data Lake.
Log forwarding does not currently support GCM cipher suites.
PAN-OS 10.1 or later) Firewalls with a device certificate that were onboarded through IoT Security do not appear among the list of devices in the Cortex Data Lake app.
PAN-OS 10.1 or later) When you move a firewall from one Cortex Data Lake instance to another, it can take up to an hour for the firewall to begin sending logs to the new instance.
Inventory, connected Prisma Access firewalls may appear as only Partially Connected.
Inventory, the connection status of a firewall can take up to two minutes to reflect the latest changes.
Dashboard, you may experience longer than normal load times when trying to view Incoming Log Table or Forwarding Log Table over the last 7 or 30 days
Panorama 10.0.2 or later) To see results for a custom report on Cortex Data Lake logs in Panorama (
), you must add the same option that you have in the
Manage Custom Reports
Sort Byfield to
Selected Columns. For example, if you choose to sort the report by
Action, you must also select
Panorama 10.0) For data retrieved from Cortex Data Lake, the Threat Name column in
A Traffic Summary report on Panorama with the
Group Byset to
Virtual Systemdoes not generate successfully. The report indicates that there are no matching records for the report.
Scheduled reports are not supported. In addition, you cannot generate reports on detailed logs stored on the Cortex Data Lake.
Run Nowsummary reports are available for now.
Workaround: Upgrade to PAN-OS 10.0.2 or later and Cloud Services Plugin 1.8.0 or later to run Scheduled reports on Cortex Data Lake logs.
When you form log queries for GlobalProtect Troubleshooting logs in
Log Forwarding, using the proper name of a country in the Locale field will not return results.
Workaround:Use a different name for the Locale for which you are querying. Example: Instead of
Locale = “United States”use
Locale = “en-us;English”.
If you have configured Panorama to use a proxy server (
), all traffic to Cortex Data Lake will bypass the proxy server.
PAN-OS 10.0 and later) Send logs to Cortex Data Lake through a proxy server by selecting
Settings ( )
Workaround: Check the
Explore, the same traffic may have different values for the
is_decryptfield when viewed in
Decryptionlogs. For example, a
Trafficlog may have
is_decrypt == true, and the
Decryptionlog for the same event may have
is_proxyfield. That value should tell you whether the traffic was actually decrypted.
Truemeans it was decrypted and
Falsemeans it wasn’t.
Recommended For You
Recommended videos not found.