Cortex Data Lake Known Issues
Table of Contents
Cortex Data Lake Known Issues
View open issues with Cortex Data Lake.
Here are the known issues we’re
working on for Cortex Data Lake.
Issue ID | Description |
|---|---|
APL-12280 | Log forwarding does not currently support GCM cipher
suites. |
APL-14693 | ( PAN-OS 10.1 or later ) Firewalls with a device certificate
that were onboarded through IoT Security do not appear among the
list of devices in the Cortex Data Lake app. |
APL-15000 | ( PAN-OS 10.1 or later ) When you move a firewall from one
Cortex Data Lake instance to another, it can take up to an hour for
the firewall to begin sending logs to the new instance. |
APL-19005 | In your Inventory , connected Prisma Access
firewalls may appear as only Partially Connected. |
APL-19140 | In your Inventory , the connection status of a
firewall can take up to two minutes to reflect the latest
changes. |
APL-19264 | On the Dashboard , you may experience longer than
normal load times when trying to view Incoming Log Table or Forwarding
Log Table over the last 7 or 30 days |
APL-7831 | ( Panorama 10.0.2 or later ) To see results for a custom
report on Cortex Data Lake logs in Panorama (), you must add the same option that you have in the
Sort By field to
Selected Columns . For example, if
you choose to sort the report by Action , you
must also select Action from
Available Columns . |
APL-8269 | ( Panorama 10.0 ) For data retrieved from Cortex Data Lake,
the Threat Name column in appears blank. |
APL-9063 | ( Panorama 10.0.2 or later ) You cannot schedule Threat Trend
or Risk Trend pre-defined reports on
Cortex Data Lake logs. This will cause the report to fail. |
APO-1475 | A Traffic Summary report on Panorama with the
Group By set to Virtual
System does not generate successfully. The report
indicates that there are no matching records for the report. |
APO-364 | Scheduled reports are not supported. In
addition, you cannot generate reports on detailed logs stored on the
Cortex Data Lake. Only Run Now summary
reports are available for now.Workaround : Upgrade to
PAN-OS 10.0.2 or later and Cloud Services Plugin 1.8.0 or later to
run Scheduled reports on Cortex Data Lake logs. |
ATHNA-1054 | When you form log queries for GlobalProtect Troubleshooting logs in
Explore or Log
Forwarding , using the proper name of a country in
the Locale field will not return results. Workaround: Use a different name for the Locale for which you
are querying. Example: Instead of Locale = “United
States” use Locale =
“en-us;English” . |
CYR-2437 | If you have configured Panorama to use a proxy server (), all traffic to Cortex Data Lake will bypass the proxy
server. Workaround : (PAN-OS 10.0 and later )
Send logs to Cortex Data Lake through a proxy server by selecting Device Setup Services Settings (
) |
DIT-22298 | In Explore , the same traffic may have
different values for the is_decrypt field when viewed in
Traffic or Decryption logs. For example, a
Traffic log may have is_decrypt == true , and the
Decryption log for the same event may have
is_decrypt == false .is_proxy field. That value should tell you whether the
traffic was actually decrypted. True means it was decrypted and
False means it wasn’t. |