https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-cortex-event-forwarding-into-aws-s3-bucket/m-p/514823#M2811 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/142551">@neelrohit</a>&nbsp;!</P> <P><SPAN>I checked and at the moment, we do not have a license, but we are looking into getting one.&nbsp;&nbsp;</SPAN><BR /><SPAN>We need to know if it is possible to export the raw data from the endpoints to AWS S3 and not only to GCP.</SPAN><BR /><SPAN>Thanks again for the response!</SPAN></P> Wed, 14 Sep 2022 13:58:48 GMT MBD-hunter 2022-09-14T13:58:48Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-cortex-event-forwarding-into-aws-s3-bucket/m-p/514247#M2772 <P>Hi!<BR />I am looking for a way to&nbsp;<SPAN>export raw endpoint data from Cortex XDR to AWS S3 bucket,<VAR class="" data-product="admin-pro-only"></VAR></SPAN></P> <P>I saw in the <A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/data-management/event-forwarding" target="_self">Event Forwarding option</A>&nbsp;<SPAN>that it's possible to export these logs into&nbsp;Google Cloud Platform (GCP) bucket, </SPAN></P> <P><SPAN>so I look for a similar option just into AWS S3 bucket.&nbsp;</SPAN></P> <P><SPAN>Has anyone else figured something out to achieve this?</SPAN></P> <P><SPAN>Thanks!</SPAN></P> <P data-unlink="true">&nbsp;</P> <P><SPAN><LI-PRODUCT title="Cortex XDR" id="Cortex_XDR"></LI-PRODUCT></SPAN></P> Thu, 08 Sep 2022 10:09:52 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-cortex-event-forwarding-into-aws-s3-bucket/m-p/514247#M2772 MBD-hunter 2022-09-08T10:09:52Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-cortex-event-forwarding-into-aws-s3-bucket/m-p/514255#M2776 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/235210">@MBD-hunter</a>&nbsp;,&nbsp;</P> <P>&nbsp;</P> <P>Thank you for reaching out to Live Community!</P> <P>&nbsp;</P> <P>The event forwarding from Cortex XDR to external destinations is possible only with an add-on license for&nbsp;<SPAN>Event Forwarding.&nbsp;</SPAN></P> <P>Please ensure you have the add-on license for the same and if not kindly discuss with your sales representatives for getting the feature set enabled for configuration.</P> <P>&nbsp;</P> <P>Regards.</P> Thu, 08 Sep 2022 11:14:44 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-cortex-event-forwarding-into-aws-s3-bucket/m-p/514255#M2776 neelrohit 2022-09-08T11:14:44Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-cortex-event-forwarding-into-aws-s3-bucket/m-p/514284#M2777 <P>Hi!<BR />Thanks, I will check.<BR />But if I have the right license I will be able to forward the data to AWS as well?&nbsp;<BR />Because in <A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/data-management/event-forwarding" target="_self">the docs</A>&nbsp;(step 3) it looks like it is only possible to GCP...</P> <P>"To retrieve the data, access GCP Cloud Storage through the Service Account.&nbsp;</P> <P><SPAN>The</SPAN><SPAN>&nbsp;Destination&nbsp;section displays the details of the Google Cloud Platform (GCP) bucket where your data is stored for 14 days. The data is compressed and saved as a line-delimited JSON gzip file."</SPAN></P> <P>&nbsp;</P> <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/142551">@neelrohit</a></P> Thu, 08 Sep 2022 14:58:39 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-cortex-event-forwarding-into-aws-s3-bucket/m-p/514284#M2777 MBD-hunter 2022-09-08T14:58:39Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-cortex-event-forwarding-into-aws-s3-bucket/m-p/514823#M2811 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/142551">@neelrohit</a>&nbsp;!</P> <P><SPAN>I checked and at the moment, we do not have a license, but we are looking into getting one.&nbsp;&nbsp;</SPAN><BR /><SPAN>We need to know if it is possible to export the raw data from the endpoints to AWS S3 and not only to GCP.</SPAN><BR /><SPAN>Thanks again for the response!</SPAN></P> Wed, 14 Sep 2022 13:58:48 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-cortex-event-forwarding-into-aws-s3-bucket/m-p/514823#M2811 MBD-hunter 2022-09-14T13:58:48Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-cortex-event-forwarding-into-aws-s3-bucket/m-p/514825#M2812 <P>MBD-Hunter,</P> <P>&nbsp;</P> <P>The bucket is maintained by Palo Alto, not the customer.&nbsp; Buckets are only hosted in GCP.</P> Wed, 14 Sep 2022 14:15:50 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/xdr-cortex-event-forwarding-into-aws-s3-bucket/m-p/514825#M2812 afurze 2022-09-14T14:15:50Z