1. Home
    2. Security Operations
    3. Cortex XDR
    4. Cortex XDR™ Pro Administrator’s Guide
    5. Log Forwarding
    6. Configure Notification Forwarding

    Configure Notification Forwarding

    With Cortex XDR you can choose to receive notifications to keep up with the alerts
    and events
     that matter to your teams.
    With Cortex XDR you can choose to receive notifications to keep up with the alerts
    and events
     that matter to your teams. To forward notifications, you create a forwarding configuration that specifies the log type you want to forward. You can also add filters to your configuration to send notifications that match specific criteria.
    Cortex XDR applies the filter only to future alerts
    and events
    .
    Use this workflow to configure notifications for alerts
    , agent audit logs, and management audit logs
    . To receive notifications about reports, see Create a Report from Scratch.
    1. Select
      Settings ( )
      Configurations
      General
      Notifications
      .
    2. + Add Forwarding Configuration
      .
    3. Define the configuration
      Name
       and
      Description
      .
    4. Select the
      Log Type
       you want to forward, one of the following:
      • Alerts
        —Send notifications for specific alert types (for example, XDR Agent
        or BIOC
        ).
      • Agent Audit Logs
        —Send notifications for audit logs reported by your Cortex XDR agents.
      • Management Audit Logs
        —Send notifications for audit logs about events related to your Cortex XDR management console.
    5. In the
      Configuration Scope
      ,
      Filter
       the type of information you want included in a notification.
      For example, set a filter
      Severity = Medium, Alert Source = XDR Agent
      . Cortex XDR sends the alerts or events matching this filter as a notification.
    6. (
      Optional
      ) Define your
      Email Configuration
      .
      1. In
        Email Distribution
        , add the email addresses to which you want to send email notifications.
      2. Define the
        Email Grouping Time Frame
        , in minutes, to specify how often Cortex XDR sends notifications. Every 30 alerts
        or 30 events
         aggregated within this time frame are sent together in one notification, sorted according to the severity. To send a notification when one alert
        or event
         is generated, set the time frame to
        0
        .
      3. Choose whether you want Cortex XDR to provide an auto-generated subject.
      4. If you previously used the Log Forwarding app and want to continue forwarding logs in the same format, you can
        Use Legacy Log Format
        . See Cortex® XDR™ Log Notification Formats.
    7. Configure additional forwarding options.
      Depending on the notification integrations supported by the Log Type, configure the desired Slack channel or Syslog receiver notification settings.
      Before you can select a Slack channel or Syslog receiver you must Integrate Slack for Outbound Notifications and Integrate a Syslog Receiver.
      1. Enter the
        Slack
         channel name and select from the list of available channels.
        Slack channels are managed independently of Cortex XDR in your Slack workspace. After integrating your Slack account with your Cortex XDR tenant, Cortex XDR displays a list of specific Slack channels associated with the integrated Slack workspace.
      2. Select a
        Syslog
         receiver.
        Cortex XDR displays the list of receivers integrated with your Cortex XDR tenant.
    8. Select
      Done
       to create the forwarding configuration.
    9. (
      Optional
      ) To later modify a saved forwarding configuration, right-click the configuration, and
      Edit
      ,
      Disable
      , or
      Delete
       it.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo