https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/monitor-and-collect-enhanced-endpoint-data-in-xdr/m-p/588550#M6781 <P>Many thanks for taking the time to respond and helping to clarify CDL / Strata logging service.</P> Sun, 02 Jun 2024 23:28:19 GMT DannyMulheran 2024-06-02T23:28:19Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/monitor-and-collect-enhanced-endpoint-data-in-xdr/m-p/586431#M6660 <P><SPAN class="ng-star-inserted">When setting the Agent profile in Cortex XDR, Under the check box when enabling "Monitor and Collect Enhanced Endpoint Data" is the following note:</SPAN></P> <P><SPAN class="ng-star-inserted">Note: Before enabling enhanced endpoint data collection make sure your Strata Logging Service storage capacity and quota allocation can support it. Please refer to the <A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVMCA0" target="_blank" rel="noopener">Strata Logging Service quota configuration</A> guidelines and <A href="https://apps.paloaltonetworks.com/logging-service-calculator" target="_blank" rel="noopener">storage calculator</A> for more details.</SPAN></P> <P>&nbsp;</P> <P><SPAN class="ng-star-inserted">Can anyone tell me how to do this for a Cortex XDR enviroment. I did not find the documention provided any clarity (although I probably missed something!)</SPAN></P> <P>&nbsp;</P> <P><SPAN class="ng-star-inserted">Thanks</SPAN></P> <P><SPAN class="ng-star-inserted">Danny</SPAN></P> <P>&nbsp;</P> Mon, 13 May 2024 00:34:48 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/monitor-and-collect-enhanced-endpoint-data-in-xdr/m-p/586431#M6660 DannyMulheran 2024-05-13T00:34:48Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/monitor-and-collect-enhanced-endpoint-data-in-xdr/m-p/587930#M6734 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/150849">@DannyMulheran</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thank you for writing to live community!</P> <P>&nbsp;</P> <P>The information provided below refers to the use case for customers who have Cortex XDR Pro Per GB license and Strata Logging service as part of their native data lake licensing. In the old cases, customers would have an option to setup a quota of cortex xdr agent logs and alert logs as a use case.&nbsp;</P> <P>&nbsp;</P> <P>However, with the advent of new data retention and licensing changes, this does not apply for customers who are not on the native data lake licenses(new/existing customers who have purchased/renewed after December, 2022). Example screenshot below:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="neelrohit_3-1716703083651.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/60046iC2AD249218C0F395/image-size/large?v=v2&amp;px=999" role="button" title="neelrohit_3-1716703083651.png" alt="neelrohit_3-1716703083651.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>However, if you go to the current configurations for Strata Logging Service, this field is not applicable anymore because the Cortex Endpoint storage and Endpoint alerts data storage, though one is still separate and is managed as per the default retention policy or your retention licenses procured.</P> <P>&nbsp;</P> <P>Hope this helps! Please mark the response as "Accept as Solution" if this helps</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Sun, 26 May 2024 05:58:24 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/monitor-and-collect-enhanced-endpoint-data-in-xdr/m-p/587930#M6734 neelrohit 2024-05-26T05:58:24Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/monitor-and-collect-enhanced-endpoint-data-in-xdr/m-p/588550#M6781 <P>Many thanks for taking the time to respond and helping to clarify CDL / Strata logging service.</P> Sun, 02 Jun 2024 23:28:19 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/monitor-and-collect-enhanced-endpoint-data-in-xdr/m-p/588550#M6781 DannyMulheran 2024-06-02T23:28:19Z