XDR data lake and related questions

FWPalolearner — Thu, 18 Apr 2024 18:34:29 GMT

Hello people ,

I have started working on PANW XDR study and currently i am in initial stages on my study .

1)Is PANW XDR uses its native inbuild data lake ?

I am confused with Architecture diagram which says Data lake and Data layer . Are these two different things ?

2) I consider Datalake as big pool data ( flat or any other form) where all the PANW products ( firewalls /SASE/Prisma) ingest the logs .

Am i right in my understanding .?

3)Another point is about 3rd Party external integrations ; can Cortex XDR ingest logs from any vendor like fortigate FW , Cisco router, Juniper switch , Crowdstrike edr , Armis . ?

4) If answer to question 3 is yes , can XDR also run response actions on these 3rd parties ? like blocking an IP on fortigate or isolating a machine having crowdstrike antivirus disabled ?

If Cortex XDR can ingest 3rd party data in native datalake , can we consider Cortex XDR as Open XDR ?

5) What is the difference between XDR and XSOAR because XDR can also provide a response action . Is the response limited or XDR has limited number of playbooks ? I studied that XSOAR is for more mature environments (SOCs) . so i am confused why customer buy XSOAR if XDR is giving all the options .

6) About Cortex data lake , can cortex data lake ingest logs from fortigate , etc ? or cortex data lake is only for PANW products ? at least this is what documentation says .

Re: XDR data lake and related questions

FWPalolearner — Thu, 11 Apr 2024 10:16:06 GMT

Hello People , anyone please ?

topic Re: XDR data lake and related questions in Strata Logging Service Discussions

XDR data lake and related questions

Re: XDR data lake and related questions