Cortex Data Lake Known Issues

View open issues with Cortex Data Lake.
Here are the known issues we’re working on for Cortex Data Lake.
Issue ID
Description
APL-9063
(
Panorama 10.0.2 or later
) You cannot schedule Threat Trend or Risk Trend pre-defined reports on Cortex Data Lake logs. This will cause the report to fail.
APL-7831
(
Panorama 10.0.2 or later
) To see results for a custom report on Cortex Data Lake logs in Panorama (
Monitor
Manage Custom Reports
), you must add the same option that you have in the
Sort By
field to
Selected Columns
. For example, if you choose to sort the report by
Action
, you must also select
Action
from
Available Columns
.
APL-8269
(
Panorama 10.0
) For data retrieved from Cortex Data Lake, the Threat Name column in
Panorama
ACC
threat-activity
appears blank.
DIT-2422
Cortex Data Lake shows endpoint logs from Traps as 0 MB, but Traps data is being received.
CYR-2437
If you have configured Panorama to use a proxy server (
Panorama
Setup
Services
Proxy Server
), all traffic to Cortex Data Lake will bypass the proxy server.
Workaround
: (
PAN-OS 10.0 and later
) Send logs to Cortex Data Lake through a proxy server by selecting
Device
Setup
Services
Settings ( edit-cog.png )
.
APO-1646
On Panorama, you cannot view the virtual system information in the logs for firewalls with multiple virtual systems, when the firewall is configured to send logs to the Cortex Data Lake.
Workaround
: This issue is fixed in Panorama 8.0.9. Upgrade your Panorama to 8.0.9 or later.
APO-1485
Firewalls on occasion disconnect with the Cortex Data Lake. To check whether the firewalls are connected to the Cortex Data Lake, on Panorama use the CLI command
show logging status
.
Workaround
: To reconnect the firewall to the Cortex Data Lake, you must manually disable and re-enable Cortex Data Lake on the firewall that is disconnected.
  1. On the firewall web interface, select
    Device
    Setup
    Management
    and in the Cortex Data Lake section, clear and select
    Enable Logging Service
    .
  2. Commit your changes on the firewall.
  3. Verify that the firewall is reconnected to the Cortex Data Lake. Log in to the Panorama CLI, and enter the command
    show logging service status
    .
APO-1475
A Traffic Summary report on Panorama with the
Group By
set to
Virtual System
does not generate successfully. The report indicates that there are no matching records for the report.
APO-364
Scheduled reports are not supported. In addition, you cannot generate reports on detailed logs stored on the Cortex Data Lake.
Only 
Run Now
summary reports are available for now.
Workaround
: Upgrade to PAN-OS 10.0.2 or later and Cloud Services Plugin 1.8.0 or later to run Scheduled reports on Cortex Data Lake logs.
PAN-107852
With the PA-7000 Series or the PA-5200 Series firewalls that are sending logs to the Logging Service, you may experience a delay in viewing the latest logs on Panorama. This issue occurs because the firewalls must reconnect to the Cortex Data Lake whenever you commit changes or an auto commit happens due to an event such as an update of an External Dynamic List, Dynamic Address Group, or a content update on the firewall.
PAN-100333
If you deploy a new Panorama virtual appliance running version 8.1.2, or you have not enabled the Cortex Data Lake before you upgraded the Panorama appliance to 8.1.2, Panorama cannot establish a connection with the Cortex Data Lake.
Workaround
—Set up the connection between Panorama and the Cortex Data Lake before you upgrade to PAN-OS 8.1.2.
PAN-103008
If your Panorama is managing firewalls running PAN-OS 8.0 that are sending logs to the Cortex Data Lake and you have enabled Secure Client Communication, the TLS communication with the Cortex Data Lake cannot be established successfully unless you use the default certificates.
Workaround
:
  1. Disable Secure Client Communication (
    Device
    Setup
    Management
    ) for managed firewalls that are running PAN-OS 8.0.
  2. Upgrade the managed firewalls to PAN-OS 8.1 so that you can chose a custom (non-default) certificates for communicating with the Cortex Data Lake (firewall to Log Collector communication).

Recommended For You