Configure Your Network Devices

Configure your firewalls and Panorama for log forwarding to Cortex Data Lake.
With a
Cortex
XDR
Pro per TB license, if
you use Palo Alto Networks firewalls as a traffic log source, you must configure your firewalls and Panorama log forwarding to
Cortex
Data Lake. Ensure you have first deployed your network devices.
  1. Configure firewalls to forward
    Cortex
    XDR
    -required logs to
    Cortex
    Data Lake.
    The
    Cortex
    Data Lake provides centralized, cloud-based log storage for firewalls, and Panorama provides an interface you can use to view the stored logs. The rich log data that firewalls forward to the
    Cortex
    Data Lake provides the
    Cortex
    XDR
    analytics engine the network visibility it requires to perform data analytics.
    To support
    Cortex
    XDR
    , firewalls must forward at least Traffic logs to the
    Cortex
    Data Lake. The complete set of log types that a firewall should forward to the
    Cortex
    Data Lake are:
    • Traffic (required)
    • Threat (spyware, anti-exploit, anti-malware, dns security, etc)
    • URL Filtering
    • User-ID
    • HIP
    • Enhanced application logs (PAN-OS 8.1.1 or later)
    Enhanced application logs are designed to increase visibility into network activity for Palo Alto Networks Cloud Services apps, and
    Cortex
    XDR
    requires these logs to support certain features.

Recommended For You