Configure your Network Devices

Configure your firewalls and Panorama for log forwarding to Cortex® Data Lake.
With a Cortex® XDR™ Pro per TB license, if you use Palo Alto Networks firewalls as a traffic log source, you must configure your firewalls and Panorama log forwarding to Cortex Data Lake. Ensure you have first deployed your network devices.
  1. Configure firewalls to forward Cortex XDR-required logs to Cortex Data Lake.
    The Cortex Data Lake provides centralized, cloud-based log storage for firewalls, and Panorama provides an interface you can use to view the stored logs. The rich log data that firewalls forward to the Cortex Data Lake provides the Cortex XDR analytics engine the network visibility it requires to perform data analytics.
    To support Cortex XDR, firewalls must forward at least Traffic logs to the Cortex Data Lake. The complete set of log types that a firewall should forward to the Cortex Data Lake are:
    • Traffic (required)
    • Threat (spyware, anti-exploit, anti-malware, dns security, etc)
    • URL Filtering
    • User-ID
    • HIP
    • Enhanced application logs (PAN-OS 8.1.1 or later)
    Enhanced application logs are designed to increase visibility into network activity for Palo Alto Networks Cloud Services apps, and Cortex XDR requires these logs to support certain features.

Recommended For You