Amazon WAF Log Ingestion in Cortex XDR Management Console

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Amazon WAF Log Ingestion in Cortex XDR Management Console

L3 Networker

Dear Team,

 

I kindly request confirmation regarding the feasibility of integrating Cortex XDR with Amazon WAF logs. If possible, could you provide guidance on how to proceed with this integration? Additionally, please share any related documents or resources that could be helpful in this process.

2 REPLIES 2

L4 Transporter

Hello @Vinothkumar_SBA ,

 

Thanks for reaching out on LiveCommunity!

One of the way by which you can ingest logs from any third party firewall is through syslog collector applet on broker vm. Syslog collector allow you to ingest logs in any of these logs format CEFLEEFCISCOCORELIGHT, or RAW. Please follow below guide to activate and config syslog collector to ingest firewall logs.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Activate-th...

 

One more possible solution is through Cloudwatch integration. XDR provide direct integration to Cloudwatch. Hence if you can forward WAF logs to Cloudwatch, those logs can be ingested to XDR. Below is the documentation for Cloudwatch integration.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Ingest-Logs...

 

 

Hi Nsinghvirk,

 

Thank you for the information. We have another query: How can a Palo Alto firewall integrate with Cortex XDR?

One method involves forwarding Palo Alto firewall logs to the Cortex data lake. Are there any other possible methods?

  • 997 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!