Connect SaaS Security Inline and Cortex Data Lake

Connect SaaS Security Inline to Cortex Data Lake to retrieve firewall logs.
You already connected SaaS Security Inline with Cortex Data Lake (CDL) as part of your SaaS Security Inline activation. However, if you need to update SaaS Security Inline with a new CDL after activation, contact SaaS Security Technical Support.
When your CDL (Cortex Data Lake) is configured to receive logs from your Palo Alto Networks firewalls, after activation, SaaS Security Inline discovers all SaaS applications and users.
SaaS Security Inline discovers users by using CDL (Cortex Data Lake) logs, specifically the
source_user_info
field. If the firewall forwards a log to CDL and this field is not populated for a given user, SaaS Security Inline considers that user unknown. The SaaS Security web interface excludes all application usage data for unknown users.
  • If you created this connection in advance or at the time of SaaS Security Inline activation, the connection status indicates
    Monitoring
    .
  • If the connection message indicates
    Not Connected
    , contact SaaS Security Technical Support to manually add the Cortex Data Lake serial number.
  • If the connection status indicates
    Error
    with
    Connection Unsuccessful
    message, contact SaaS Security Technical Support to update the Cortex Data Lake serial number.
  1. Log in to SaaS Security web interface.
  2. Select
    Settings
    SaaS Visibility
    .
  3. Verify that the status indicates
    Monitoring
    .

Recommended For You