External Data Ingestion Vendor Support

To augment your Cortex XDR data, you can set up Cortex XDR to ingest data from a variety of external third-party sources.
Ingesting logs and data requires a
Cortex
XDR
Pro per TB license.
To provide you with a more complete and detailed picture of the activity involved in an incident, you can ingest data from a variety of external, third-party sources in
Cortex
XDR
.
Log
/Data
Type
Vendor Support
Network Connections
Authentication Services/Audit Logs
Operation and System Loggers
Endpoint Logs
Cloud Assets
Custom External Sources
Cortex
XDR
can receive logs or both logs and alerts from the source. Depending on the data source,
Cortex
XDR
can provide visibility into your external data in the form of.
  • Log stitching with other logs such as to create network or authentication stories.
  • Raw data in queries from XQL Search.
  • Alerts reported by the vendor throughout
    Cortex
    XDR
    , such as in the Alerts table, incidents, and views.
  • Alerts raised by
    Cortex
    XDR
    on log data such as Analytics alerts
To ingest data, you must set up the Syslog Collector applet on a Broker VM within your network.

Recommended For You