- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-28-2023 05:55 AM
Dear Team,
I kindly request confirmation regarding the feasibility of integrating Cortex XDR with Amazon WAF logs. If possible, could you provide guidance on how to proceed with this integration? Additionally, please share any related documents or resources that could be helpful in this process.
11-30-2023 04:27 AM
Hello @Vinothkumar_SBA ,
Thanks for reaching out on LiveCommunity!
One of the way by which you can ingest logs from any third party firewall is through syslog collector applet on broker vm. Syslog collector allow you to ingest logs in any of these logs format CEF, LEEF, CISCO, CORELIGHT, or RAW. Please follow below guide to activate and config syslog collector to ingest firewall logs.
One more possible solution is through Cloudwatch integration. XDR provide direct integration to Cloudwatch. Hence if you can forward WAF logs to Cloudwatch, those logs can be ingested to XDR. Below is the documentation for Cloudwatch integration.
12-01-2023 08:50 PM
Hi Nsinghvirk,
Thank you for the information. We have another query: How can a Palo Alto firewall integrate with Cortex XDR?
One method involves forwarding Palo Alto firewall logs to the Cortex data lake. Are there any other possible methods?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!