https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/amazon-waf-log-ingestion-in-cortex-xdr-management-console/m-p/568120#M5647 <P>Hi Nsinghvirk,</P> <P>&nbsp;</P> <P>Thank you for the information. We have another query: How can a Palo Alto firewall integrate with Cortex XDR?</P> <P>One method involves forwarding Palo Alto firewall logs to the Cortex data lake. Are there any other possible methods?</P> Sat, 02 Dec 2023 04:50:02 GMT Vinothkumar_SBA 2023-12-02T04:50:02Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/amazon-waf-log-ingestion-in-cortex-xdr-management-console/m-p/567392#M5628 <P>Dear Team,</P> <P>&nbsp;</P> <P>I kindly request confirmation regarding the feasibility of integrating Cortex XDR with Amazon WAF logs. If possible, could you provide guidance on how to proceed with this integration? Additionally, please share any related documents or resources that could be helpful in this process.</P> Tue, 28 Nov 2023 13:55:42 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/amazon-waf-log-ingestion-in-cortex-xdr-management-console/m-p/567392#M5628 Vinothkumar_SBA 2023-11-28T13:55:42Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/amazon-waf-log-ingestion-in-cortex-xdr-management-console/m-p/567759#M5635 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/243138">@Vinothkumar_SBA</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thanks for reaching out on LiveCommunity!</P> <P>One of the way by which you can ingest logs from any third party firewall is through syslog collector applet on broker vm. Syslog collector allow you to ingest logs in any of these logs format&nbsp;<SPAN class="guilabel">CEF</SPAN><SPAN>,&nbsp;</SPAN><SPAN class="guilabel">LEEF</SPAN><SPAN>,&nbsp;</SPAN><SPAN class="guilabel">CISCO</SPAN><SPAN>,&nbsp;</SPAN><SPAN class="guilabel">CORELIGHT</SPAN><SPAN>, or&nbsp;</SPAN><SPAN class="guilabel">RAW. Please follow below guide to activate and config syslog collector to ingest firewall logs.</SPAN></P> <P><SPAN class="guilabel"><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Activate-the-Syslog-Collector" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Activate-the-Syslog-Collector</A></SPAN></P> <P>&nbsp;</P> <P><SPAN class="guilabel">One more possible solution is through Cloudwatch integration. XDR provide direct integration to Cloudwatch. Hence if you can forward WAF logs to Cloudwatch, those logs can be ingested to XDR. Below is the documentation for Cloudwatch integration.</SPAN></P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Ingest-Logs-from-Amazon-CloudWatch" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Ingest-Logs-from-Amazon-CloudWatch</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 30 Nov 2023 12:27:04 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/amazon-waf-log-ingestion-in-cortex-xdr-management-console/m-p/567759#M5635 nsinghvirk 2023-11-30T12:27:04Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/amazon-waf-log-ingestion-in-cortex-xdr-management-console/m-p/568120#M5647 <P>Hi Nsinghvirk,</P> <P>&nbsp;</P> <P>Thank you for the information. We have another query: How can a Palo Alto firewall integrate with Cortex XDR?</P> <P>One method involves forwarding Palo Alto firewall logs to the Cortex data lake. Are there any other possible methods?</P> Sat, 02 Dec 2023 04:50:02 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/amazon-waf-log-ingestion-in-cortex-xdr-management-console/m-p/568120#M5647 Vinothkumar_SBA 2023-12-02T04:50:02Z