https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-solutions-for-log-collection-without-an-official/m-p/997545#M7569 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/80707">@mgreer</a>, thanks for reaching us using the Live Community.</P> <P>&nbsp;</P> <P>XDR can't connect to an unsupported API to retrieve the events. You can create a HTTP Custom collector and send the logs to the tenant using the API and saving them in the configured dataset.</P> <P>More info here:&nbsp;<A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Set-up-an-HTTP-Log-Collector-to-Receive-Logs" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Set-up-an-HTTP-Log-Collector-to-Receive-Logs</A></P> <P>&nbsp;</P> <P>Keep in mind that this will only store the events and no stitching or correlation with the alerts will be done. If you want to correlate events <A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Create-a-correlation-rule" target="_self">you can do it manually</A>.</P> <P>&nbsp;</P> <P>If this post answers your question, please mark it as the solution.</P> Tue, 10 Dec 2024 20:52:18 GMT jmazzeo 2024-12-10T20:52:18Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-solutions-for-log-collection-without-an-official/m-p/997030#M7554 <P>Has anyone found a good approach for collecting logs from an API when there isn't an official Cortex XDR integration?&nbsp; For example, Automox has released a Splunk and DataDog app, but the custom collection in Cortex XDR isn't a good fit.&nbsp; We use the Broker VM for syslog, but most SaaS apps don't support syslog of course.<BR /><BR />What are people using to get "unsupported" logs into Cortex (without upgrading to XSIAM)?</P> Fri, 06 Dec 2024 21:28:52 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-solutions-for-log-collection-without-an-official/m-p/997030#M7554 mgreer 2024-12-06T21:28:52Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-solutions-for-log-collection-without-an-official/m-p/997545#M7569 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/80707">@mgreer</a>, thanks for reaching us using the Live Community.</P> <P>&nbsp;</P> <P>XDR can't connect to an unsupported API to retrieve the events. You can create a HTTP Custom collector and send the logs to the tenant using the API and saving them in the configured dataset.</P> <P>More info here:&nbsp;<A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Set-up-an-HTTP-Log-Collector-to-Receive-Logs" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Set-up-an-HTTP-Log-Collector-to-Receive-Logs</A></P> <P>&nbsp;</P> <P>Keep in mind that this will only store the events and no stitching or correlation with the alerts will be done. If you want to correlate events <A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Create-a-correlation-rule" target="_self">you can do it manually</A>.</P> <P>&nbsp;</P> <P>If this post answers your question, please mark it as the solution.</P> Tue, 10 Dec 2024 20:52:18 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-solutions-for-log-collection-without-an-official/m-p/997545#M7569 jmazzeo 2024-12-10T20:52:18Z