Ingest authentication logs and data from PingFederate
for use in Cortex XDR authentication stories.
Ingesting Authentication Logs requires
a Cortex XDR Pro per TB license.
To receive authentication
logs from PingFederate, you must first write Audit and Provisioner
Audit Logs to CEF in PingFederate and then set up a Syslog Collector
in Cortex XDR to receive the logs. After you set up log collection,
Cortex XDR immediately begins receiving new authentication logs
from the source. Cortex XDR creates a dataset named
Logs from PingFederate are searchable in XQL queries using the dataset
and surfaced, when relevant, in authentication stories.