https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-collector-installations-query/m-p/563282#M5430 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/243138">@Vinothkumar_SBA</a>&nbsp;</P> <P>&nbsp;</P> <P>Thanks for reaching out on Live Community!</P> <P>Deployment of XDR collector depends on what kind of logs you want to collect. If you only want to collect logs from DHCP server as an endpoint from security point of perspective then XDR agent itself collect a good amount of logs. Please refer to below link to see what kind of data XDR agent collects.</P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Endpoint-Data-Collection" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Endpoint-Data-Collection</A></P> <P>However, if you particularly wants to collect DHCP service logs then you can deploy XDR collector or as an alternate can use elastic search filebeat that can be integrated with XDR tenant directly and push logs. More information on collecting DHCP logs can be found in below link.</P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Ingest-Logs-from-Windows-DHCP-using-Elasticsearch-Filebeat?tocId=FWLYuyT54W_un30sGaw9jw" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Ingest-Logs-from-Windows-DHCP-using-Elasticsearch-Filebeat?tocId=FWLYuyT54W_un30sGaw9jw</A></P> <P>&nbsp;</P> <P>XDR collector is only for log collection and cannot provide prevention capabilities.</P> Thu, 26 Oct 2023 17:53:40 GMT nsinghvirk 2023-10-26T17:53:40Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-collector-installations-query/m-p/562831#M5421 <DIV class="lia-quilt-row lia-quilt-row-message-main"> <DIV class="lia-quilt-column lia-quilt-column-24 lia-quilt-column-single lia-quilt-column-message-main-content"> <DIV class="lia-quilt-column-alley lia-quilt-column-alley-single"> <DIV id="bodyDisplay" class="lia-message-body lia-component-message-view-widget-body lia-component-body-signature-highlight-escalation lia-component-message-view-widget-body-signature-highlight-escalation"> <DIV class="lia-message-body-content"> <P style="margin: 0px;">Hi Team,</P> <P style="margin: 0px;">&nbsp;</P> <P style="margin: 0px;">We are planning to install XDR collectors on our DHCP server. At the same time, we already have Cortex XDR agents installed on the DHCP server. Could you please confirm whether we should install both agents or just one of them?</P> <P style="margin: 0px;">&nbsp;</P> <P style="margin: 0px;">Additionally, we are unsure if XDR collectors are solely responsible for log collection or if they also serve a dual purpose of <STRONG>log collection</STRONG> and <STRONG>prevention</STRONG>. We haven't identified any <STRONG>prevention policies</STRONG> in the <STRONG>XDR collectors</STRONG>' settings.</P> </DIV> </DIV> </DIV> </DIV> </DIV> Tue, 24 Oct 2023 06:06:19 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-collector-installations-query/m-p/562831#M5421 Vinothkumar_SBA 2023-10-24T06:06:19Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-collector-installations-query/m-p/563282#M5430 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/243138">@Vinothkumar_SBA</a>&nbsp;</P> <P>&nbsp;</P> <P>Thanks for reaching out on Live Community!</P> <P>Deployment of XDR collector depends on what kind of logs you want to collect. If you only want to collect logs from DHCP server as an endpoint from security point of perspective then XDR agent itself collect a good amount of logs. Please refer to below link to see what kind of data XDR agent collects.</P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Endpoint-Data-Collection" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Endpoint-Data-Collection</A></P> <P>However, if you particularly wants to collect DHCP service logs then you can deploy XDR collector or as an alternate can use elastic search filebeat that can be integrated with XDR tenant directly and push logs. More information on collecting DHCP logs can be found in below link.</P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Ingest-Logs-from-Windows-DHCP-using-Elasticsearch-Filebeat?tocId=FWLYuyT54W_un30sGaw9jw" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Ingest-Logs-from-Windows-DHCP-using-Elasticsearch-Filebeat?tocId=FWLYuyT54W_un30sGaw9jw</A></P> <P>&nbsp;</P> <P>XDR collector is only for log collection and cannot provide prevention capabilities.</P> Thu, 26 Oct 2023 17:53:40 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-collector-installations-query/m-p/563282#M5430 nsinghvirk 2023-10-26T17:53:40Z