https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/integrating-log-audit-management-xdr-xsoar/m-p/1234027#M8548 <P>Hi A.Faruq,&nbsp;</P> <P>&nbsp;</P> <P>It is possible to integrate and send Audit Management logs to a SIEM, like Elastic search or other, There is no native integration, but there is a possibility to do such by:</P> <P>&nbsp;</P> <P>1- Create a new syslog server configuration. Please follow the doc below, and ensure you are following the prerequisites:</P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Integrate-a-syslog-receiver" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Integrate-a-syslog-receiver</A></P> <P>2- Configure a new notification forwarding selecting the scope as Management Audit Logs which is what you want to send to your Elastic instance. In this step, the syslog server where you send the Management Audit Logs is the one you have created in the previous step. Please check the doc:&nbsp;<BR /><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Cloud-Documentation/Configure-notification-forwarding#" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Cloud-Documentation/Configure-notification-forwarding#</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.</P> <P>&nbsp;</P> <P>KR,&nbsp;</P> <P>Luis</P> Tue, 15 Jul 2025 11:35:21 GMT eluis 2025-07-15T11:35:21Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/integrating-log-audit-management-xdr-xsoar/m-p/1233871#M8545 <P>Dear Community,</P> <P>&nbsp;</P> <P>Is there any documentation about how to integrate Audit Management XDR and XSOAR for a SIEM like Elastic? I need a centralized log audit for monitoring.</P> <P>&nbsp;</P> <P>Thanks</P> Mon, 14 Jul 2025 01:50:14 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/integrating-log-audit-management-xdr-xsoar/m-p/1233871#M8545 A.Faruq 2025-07-14T01:50:14Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/integrating-log-audit-management-xdr-xsoar/m-p/1234027#M8548 <P>Hi A.Faruq,&nbsp;</P> <P>&nbsp;</P> <P>It is possible to integrate and send Audit Management logs to a SIEM, like Elastic search or other, There is no native integration, but there is a possibility to do such by:</P> <P>&nbsp;</P> <P>1- Create a new syslog server configuration. Please follow the doc below, and ensure you are following the prerequisites:</P> <P><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Integrate-a-syslog-receiver" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Integrate-a-syslog-receiver</A></P> <P>2- Configure a new notification forwarding selecting the scope as Management Audit Logs which is what you want to send to your Elastic instance. In this step, the syslog server where you send the Management Audit Logs is the one you have created in the previous step. Please check the doc:&nbsp;<BR /><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Cloud-Documentation/Configure-notification-forwarding#" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Cloud-Documentation/Configure-notification-forwarding#</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.</P> <P>&nbsp;</P> <P>KR,&nbsp;</P> <P>Luis</P> Tue, 15 Jul 2025 11:35:21 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/integrating-log-audit-management-xdr-xsoar/m-p/1234027#M8548 eluis 2025-07-15T11:35:21Z