Configure your firewalls and Panorama for log forwarding
to Cortex® Data Lake.
With a Cortex® XDR™ Pro per TB license, if
you use Palo Alto Networks firewalls as a traffic log source, you
must configure your firewalls and Panorama log forwarding to Cortex
Data Lake. Ensure you have first deployed your network
Configure firewalls to forward Cortex XDR-required logs
to Cortex Data Lake.
The Cortex Data Lake provides centralized, cloud-based
log storage for firewalls, and Panorama provides an interface you
can use to view the stored logs. The rich log data that firewalls forward
to the Cortex Data Lake provides the Cortex XDR analytics engine
the network visibility it requires to perform data analytics.
support Cortex XDR, firewalls must forward at least Traffic logs
to the Cortex Data Lake. The complete set of log types that a firewall
should forward to the Cortex Data Lake are:
Threat (spyware, anti-exploit, anti-malware, dns security,
Enhanced application logs (PAN-OS 8.1.1 or later)
Enhanced application logs are
designed to increase visibility into network activity for Palo Alto
Networks Cloud Services apps, and Cortex XDR requires these logs
to support certain features.