New Cortex XDR Features for October 2019

Showing results for 
Show  only  | Search instead for 
Did you mean: 
L7 Applicator

Cortex XDR has new features for October 2019, including External Alert Investigation and Analytics for Check Point Firewall Logs. Read about these new features and how they can contribute to keeping your network secure. Got questions? Get answers on LIVEcommunity!

Cortex XDR October featuresCortex XDR October features


Hello Everyone, 

For October 2019, Cortex XDR has introduced two new features:  

  • External Alert Investigation in Cortex XDR
  • Analytics for Check Point Firewall Logs
These new features are just two ways to allow you to be more effective as a security professional. 

Here are the New Cortex XDR Features Introduced in October 2019

External Alert Investigation in Cortex XDR
To provide you with a more complete and detailed picture of the activity involved in an incident, you can now investigate alerts from external sources in Cortex XDR. Setting up Cortex XDR to receive alerts from an external source is easy. You simply set up a syslog collector and configure your alert source to forward alerts (in CEF format) to the syslog collector. You can also ingest alerts from external sources using the Cortex XDR API. If you use Cortex XDR Analytics for Check Point firewall logs, Cortex XDR automatically maps fields for Check Point firewall alerts. However, for other external alert sources, you must map required fields to the Cortex XDR format. Cortex XDR can then stitch the alerts it receives from any external source with relevant log data, such as endpoint and user data. These alerts are available in your incidents, alerts tables, and Causality view.
Cortex XDR Analytics for Check Point Firewall Logs
For network deployments consisting of Check Point firewalls or a mix of Check Point and Palo Alto Networks firewalls, you can now forward your Check Point firewall logs to Cortex XDR for analysis. This enables you to take advantage of Cortex XDR anomalous behavior detection and investigation capabilities if you use Check Point firewalls in your network. Similar to setting up Cortex XDR to ingest alerts from external sources, you set up a syslog collector and configure the firewall to forward logs to the syslog collector. However, unlike external alerts, no additional mapping of fields is required to begin analyzing Check Point firewall logs and detecting threats in your network. As soon as Cortex XDR begins receiving logs from Check Point firewalls, the analytics engine applies detectors to raise Analytics alerts on anomalous activity.


To read all of the details inside of the release notes for Cortex XDR, please see the Cortex XDR release notes.


If you want to see the new features that have been introduced, please see the Cortex XDR New Features.


Continue to come back to read the latest and greatest information from Palo Alto Networks.


Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumbs up) button, and don't forget to subscribe to the LIVEcommunity Blog.


As always, we welcome all comments and feedback in the comments section below.


Stay Secure,
Joe Delio
End of line

1 Comment
Register or Sign-in
Top Liked Authors