Retrieve support logs from an endpoint when additional
forensic data is needed.
you need to send additional forensic data to Palo Alto Networks
Technical Support, you can initiate a request to retrieve all support
logs and alert data dump files from an endpoint. After Cortex XDR
receives the logs, you can then download and send them to Technical
Log in to Cortex
+ New Action
Retrieve Support File
Select the target endpoints (up to 10) from which you
want to retrieve logs.