Explore a new application on the hub (formerly Cortex Hub) that helps you view and search for Network (PAN-OS) and Endpoints (Traps management service) log records stored on Cortex Data Lake, which can then be exported into a comma-separated (csv) file. The Explore app will be available on the hub for a customer account that has Cortex Data Lake activated, and users who have roles to access at least one instance of Cortex Data Lake.
Explore by Palo Alto Networks® retrieves log records stored in your Cortex Data Lake. Explore supports retrieval of the following log categories:
Endpoint (Traps management service)
To retrieve log records, use the Explore user interface to identify the following:
The log record type that you want to retrieve.
A time range over which you want to perform the retrieval.
(optional) A query which identifies the data that should or should not be present in the log records.
Once you have retrieved the log records that you want, you can export them to a comma-separated (CSV) file, and then download that file to your local drive.
To access Explore, use your Palo Alto Networks Customer Support credentials to log into the hub:
If Cortex Data Lake has been activated for your organization's account and if you have role access to at least one Cortex Data Lake instance, then Explore is listed as one of your Cortex apps. When you are in the apps portal, click on the Explore icon to access the Explore user interface as illustrated below.
View of Explore in Your Cortex Apps.
For information on app activation, see App Activation in the hub Getting Started Guide.
Once you have retrieved log records, you can export them to a CSV file. Click Export as illustrated below.
Explore web interface, pointing out the export options for Endpoint/Analytics
For all the details, make sure to check out the following: