Cortex XDR and Data Lake activation

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex XDR and Data Lake activation

L3 Networker

Hi everyone,

 

  sorry if posting in the wrong place.

 

I'm reading through the XDR and Data Lake documentation to understand how to proceed with the product activation. About Data Lake (formerly logging service), the documentation states that:

  • if you are using Traps Management Service and/or firewalls that are not managed by Panorama, you should activate Cortex Data Lake on the Hub (formerly Cortex Hub)
  • if you are using Panorama managed firewalls and/or Global Protect Cloud service you should activate Cortex Data Lake using the Customer Support Portal.

 

The problem here is that one of my customers bought the Traps Management Service and also needs to send Panorama managed firewalls' logs to Data Lake. They are using PAN-OS 8.0 on their firewall, so there is no chance to directly onboard the firewalls on Data Lake. In this case, which is the correct procedure to activate Cortex Data Lake?

 

Thank you in advance.

Linus does not push the flush toilet button. He simply says: make clean!
1 accepted solution

Accepted Solutions

L1 Bithead

Hi,

 

if you are running a 8.x version, I think then to onboard the LS (logging service) on those Firewall, you HAVE to go through Panorama.

 

In Panorama, deploy the plugin Cloud_Services. (bear in mind the version of Panorama, I think you need at least a 9.x but that doesn't mean you have to run your Firewalls at version 9.x)

Create a profile to log to Logging Service

and then deploy this profile to the Firewall.

Fairly straight forward

 

Regards

Frank

 

Senior Security Engineer

View solution in original post

1 REPLY 1

L1 Bithead

Hi,

 

if you are running a 8.x version, I think then to onboard the LS (logging service) on those Firewall, you HAVE to go through Panorama.

 

In Panorama, deploy the plugin Cloud_Services. (bear in mind the version of Panorama, I think you need at least a 9.x but that doesn't mean you have to run your Firewalls at version 9.x)

Create a profile to log to Logging Service

and then deploy this profile to the Firewall.

Fairly straight forward

 

Regards

Frank

 

Senior Security Engineer
  • 1 accepted solution
  • 7714 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!