The logs stored in the Cortex Data Lake are available for queries and reports using Panorama and the Application Framework. If you need to fulfill your organization's legal compliance requirements, the Log Forwarding app enables you to easily forward logs stored in the Cortex Data Lake to external destinations. For example, you can forward logs using Syslog to a SIEM for long term storage, SOC, or internal audit obligations, and forward email notifications for critical events to an email address. 

Log Forwarding App Highlights

Date Highlight
June 2020 You can now forward logs directly to a cloud syslog receiver by entering an identifying token when you configure a syslog forwarding profile.
July 2019 The Log Forwarding app can now send your Cortex XDR alerts to a Syslog or email destination.
April 2019 Get an email update when the Log Forwarding app is not able to connect to your Syslog server, so that you can quickly restore Syslog connectivity and resume log forwarding.

Log Forwarding App Documentation

Log Forwarding App Release Notes

Log Forwarding App Getting Started Guide