https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incorporating-ngfw-and-active-directory-information-into-the/m-p/502174#M2159 <P>We have the Prevent license and I am curious if anyone has been able to take their PA NGFW data and send it to the XDR console? I know this can be done with the Pro license for increased forensics and threat detection but I am not sure if I can do it with Prevent.&nbsp;</P><P>Also looking to implement the Cloud Identity solution. Has anyone done that before? What are your thoughts/tips/concerns with the process?&nbsp;</P><P>&nbsp;</P><P>Thanks!&nbsp;</P> Thu, 09 Jun 2022 11:10:21 GMT CraigV123 2022-06-09T11:10:21Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incorporating-ngfw-and-active-directory-information-into-the/m-p/502174#M2159 <P>We have the Prevent license and I am curious if anyone has been able to take their PA NGFW data and send it to the XDR console? I know this can be done with the Pro license for increased forensics and threat detection but I am not sure if I can do it with Prevent.&nbsp;</P><P>Also looking to implement the Cloud Identity solution. Has anyone done that before? What are your thoughts/tips/concerns with the process?&nbsp;</P><P>&nbsp;</P><P>Thanks!&nbsp;</P> Thu, 09 Jun 2022 11:10:21 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incorporating-ngfw-and-active-directory-information-into-the/m-p/502174#M2159 CraigV123 2022-06-09T11:10:21Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incorporating-ngfw-and-active-directory-information-into-the/m-p/502186#M2160 <P>Also keep in mind you can integrate virus total and autofocus as well. I have the&nbsp;<SPAN>Cloud Identity solution (basically ad integration)</SPAN></P><P><SPAN>it was super simple.&nbsp;</SPAN></P> Thu, 09 Jun 2022 11:59:18 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incorporating-ngfw-and-active-directory-information-into-the/m-p/502186#M2160 P.Jacob 2022-06-09T11:59:18Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incorporating-ngfw-and-active-directory-information-into-the/m-p/502411#M2170 <P>Hi CraigV123,</P><P>&nbsp;</P><P>With Cortex XDR Prevent, only the XDR Agent information can be ingested into XDR console, an XDR Pro license allows you to ingest alerts from 3rd party sources (including NGFW) and a Pro per TB license allows you to ingest the raw logs.&nbsp; Please refer to this doc page with detailed information on capabilities per license type (<A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licenses/features-by-cortex-xdr-license-type#features-by-cortex-xdr-license-type" target="_blank" rel="noopener">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licenses/features-by-cortex-xdr-license-type#features-by-cortex-xdr-license-type</A>).</P><P>&nbsp;</P><P>Correction: You can use the AD integration feature to bring in data from AD for alerts and incidents.&nbsp; It's the Identity Analytics that you won't be able to utilize.&nbsp; Check out&nbsp;<A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr-pro/set-up-cloud-identity-engine" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr-pro/set-up-cloud-identity-engine</A>&nbsp;for information on configuring this.</P> Thu, 09 Jun 2022 19:47:32 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incorporating-ngfw-and-active-directory-information-into-the/m-p/502411#M2170 afurze 2022-06-09T19:47:32Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incorporating-ngfw-and-active-directory-information-into-the/m-p/502578#M2171 <P>I appreciate the response and additional information. Trying to get our organization to see the benefit in the upgrade. This sort of stuff helps.&nbsp;</P> Fri, 10 Jun 2022 10:34:40 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/incorporating-ngfw-and-active-directory-information-into-the/m-p/502578#M2171 CraigV123 2022-06-10T10:34:40Z