Cortex Data Lake Known Issues

View open issues with Cortex Data Lake.
Here are the known issues we’re working on for Cortex Data Lake.
Issue ID
Description
APL-12280
Log forwarding does not currently support GCM cipher suites.
APL-14693
(
PAN-OS 10.1 or later
) Firewalls with a device certificate that were onboarded through IoT Security do not appear among the list of devices in the Cortex Data Lake app.
APL-15000
(
PAN-OS 10.1 or later
) When you move a firewall from one Cortex Data Lake instance to another, it can take up to an hour for the firewall to begin sending logs to the new instance.
APL-19005
In your
Inventory
, connected Prisma Access firewalls may appear as only Partially Connected.
APL-19140
In your
Inventory
, the connection status of a firewall can take up to two minutes to reflect the latest changes.
APL-19264
On the
Dashboard
, you may experience longer than normal load times when trying to view Incoming Log Table or Forwarding Log Table over the last 7 or 30 days
APL-7831
(
Panorama 10.0.2 or later
) To see results for a custom report on Cortex Data Lake logs in Panorama (
Monitor
Manage Custom Reports
), you must add the same option that you have in the
Sort By
field to
Selected Columns
. For example, if you choose to sort the report by
Action
, you must also select
Action
from
Available Columns
.
APL-8269
(
Panorama 10.0
) For data retrieved from Cortex Data Lake, the Threat Name column in
Panorama
ACC
threat-activity
appears blank.
APL-9063
(
Panorama 10.0.2 or later
) You cannot schedule Threat Trend or Risk Trend pre-defined reports on Cortex Data Lake logs. This will cause the report to fail.
APO-1475
A Traffic Summary report on Panorama with the
Group By
set to
Virtual System
does not generate successfully. The report indicates that there are no matching records for the report.
APO-364
Scheduled reports are not supported. In addition, you cannot generate reports on detailed logs stored on the Cortex Data Lake.
Only 
Run Now
summary reports are available for now.
Workaround
: Upgrade to PAN-OS 10.0.2 or later and Cloud Services Plugin 1.8.0 or later to run Scheduled reports on Cortex Data Lake logs.
ATHNA-1054
When you form log queries for GlobalProtect Troubleshooting logs in
Explore
or
Log Forwarding
, using the proper name of a country in the Locale field will not return results.
Workaround:
Use a different name for the Locale for which you are querying. Example: Instead of
Locale = “United States”
use
Locale = “en-us;English”
.
CYR-2437
If you have configured Panorama to use a proxy server (
Panorama
Setup
Services
Proxy Server
), all traffic to Cortex Data Lake will bypass the proxy server.
Workaround
: (
PAN-OS 10.0 and later
) Send logs to Cortex Data Lake through a proxy server by selecting
Device
Setup
Services
Settings ( )
.
DIT-22298
In
Explore
, the same traffic may have different values for the
is_decrypt
field when viewed in
Traffic
or
Decryption
logs. For example, a
Traffic
log may have
is_decrypt == true
, and the
Decryption
log for the same event may have
is_decrypt
==
false
.
Workaround: Check the
is_proxy
field. That value should tell you whether the traffic was actually decrypted.
True
means it was decrypted and
False
means it wasn’t.

Recommended For You