Cortex® XDR™ can receive logs from files and folders
via FTP, FTPS, and SFTP directly to your log repository for query
and visualization purposes
Ingesting logs and data requires a Cortex®
XDR™ Pro per TB license.
Cortex XDR can receive logs
from files and folders via FTP, FTPS, or SFTP directly to your log
repository for query and visualization purposes. After you activate the FTP Collector applet
on a broker VM in your network, which includes defining the connection
details and settings related to the list of files to monitor and
upload to Cortex XDR, you can collect files as datasets.
Cortex XDR begins receiving logs from files and folders via FTP,
FTPS, or SFTP, Cortex XDR automatically parses the logs and creates
a dataset with the specific name you set as the target dataset when
you configured the FTP Collector using the format
The FTP Collector reads and processes the configured FTP files one
by one, as well as any new FTP files added to the configured files
and folders, in the FTP directory according to the execution frequency
of collection that you configured and adds the data in these files
to the dataset. You can then use XQL Search queries to view logs
and create new Correlation Rules.
Configure Cortex XDR to
receive logs as datasets from files and folders via FTP, FTPS, or