What’s New in Cortex Data Lake

Feature
Description
Quota Manager Enhancements
June 2020
The quota manager now features a detailed breakdown of firewall log types and a simpler method of allocating remaining storage to help you more easily manage your Cortex Data Lake log storage.
Instead of a single Detailed log type, the quota manager now displays the firewall log types individually. The Infrastructure & Audit log type now appears as System and Config logs.
To allocate all remaining storage to one or more log types, you can now leave the quota percentage of log types blank and the quota manager will automatically assign them the unallocated space.
New Quota Manager UI
April 2020
To help you more easily allocate log storage and visualize the data you're storing in Cortex Data Lake, the Cortex Data Lake app now features a completely redesigned quota manager.
The quota manager now visually displays your total storage capacity as a bar, with color-coded segments representing different log sources so you can instantly identify how much storage a service uses and adjust if necessary.
New Minimum PAN-OS Version for Cortex Data Lake Without Panorama
March 2020
To authenticate using the new G2 certificate chain, firewalls that you want to onboard to Cortex Data Lake without using Panorama must now run PAN-OS 9.0.6 or later.
Cortex Data Lake Without Panorama
July 2019
Until PAN-OS 9.0.3, Panorama was required to onboard firewalls to Cortex Data Lake, and to view logs stored in Cortex Data Lake. Now, firewalls running PAN-OS 9.0.3 and later can securely connect and log to Cortex Data Lake, without Panorama. The new app, Explore, allows you to see and interact with the log data stored in Cortex Data Lake.
New App-ID for Palo Alto Networks Shared Services
May 2019
For better application visibility and control, you now have a new App-ID for paloalto-shared-services, in addition to the App-ID for the palo-alto-logging-service. The paloalto-shared-services App-ID identifies traffic for any shared services that are used by Palo Alto Networks including Directory Sync Service, Logging Service, and Magnifier; any paloalto-shared-services traffic that was earlier identified as ssl, web-browsing will now be identified as paloalto-shared-services.
If you have a Palo Alto Networks next-generation firewall between the Panorama appliance and the internet, you must add a security policy rule on the firewall to allow the paloalto-logging-service and paloalto-shared-services App-IDs from the Panorama appliance to the internet. These applications allow SSL-secured communication to the Cortex Data Lake that the Panorama appliance uses to query logs, and enable communication to the shared services and the Cortex Data Lake for performing certificate status and revocation checks.
Connection Status Reporting Improvements
September 2018
To help with visibility on the status and connectivity to the Cortex Data Lake, the Cloud Services plugin 1.2 provides details on the connection status between Panorama and the Cortex Data Lake. On
Panorama
Cloud Services
Status
Status
, you can now verify that Panorama appliance was able to successfully retrieve the Logging Service certificate, view the Customer Identification number and the region in which your Cortex Data Lake instance is deployed, and confirm that the Panorama appliance is connected to the Logging Service. If any of these checks fail, the Status is reported as an error.
logging-service-detailed-status.png
New App-ID for Palo Alto Networks Shared Services
September 2018
For better application visbility and control, you now have a new App-ID for paloalto-shared-services, in addition to the App-ID for the palo-alto-logging-service. The paloalto-shared-services App-ID identifies traffic for any shared services that are used by Palo Alto Networks including Directory Sync Service, Logging Service, and Magnifier; any paloalto-shared-services traffic that was earlier identified as ssl, web-browsing will now be identified as paloalto-shared-services.
If you have a Palo Alto Networks next-generation firewall between the Panorama appliance and the internet, you must add a security policy rule on the firewall to allow the paloalto-logging-service and paloalto-shared-services App-IDs from the Panorama appliance to the internet. These applications allow SSL-secured communication to the Cortex Data Lake that the Panorama appliance uses to query logs, and enable communication to the shared services and the Cortex Data Lake for performing certificate status and revocation checks.
Expand Log Storage Capacity for Traps Logs
April 2018
You can now activate the Cortex Data Lake Auth code from the cloud services portal to upgrade the Traps Included Storage of 100GB to a Cortex Data Lake license with larger storage capacity.
Log Quota Management on the hub
March 2018
Starting March 19, 2018, you must use the cloud services portal to manage the log quota for logs stored on the Cortex Data Lake.
Log in to the cloud services portal using your Customer Support Portal credentials, and then refer to the Logging Service Getting Started Guide for instructions on activating licenses and deploying this service.

Recommended For You