- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-09-2022 04:10 AM
We have the Prevent license and I am curious if anyone has been able to take their PA NGFW data and send it to the XDR console? I know this can be done with the Pro license for increased forensics and threat detection but I am not sure if I can do it with Prevent.
Also looking to implement the Cloud Identity solution. Has anyone done that before? What are your thoughts/tips/concerns with the process?
Thanks!
06-09-2022 12:42 PM - edited 06-09-2022 12:47 PM
Hi CraigV123,
With Cortex XDR Prevent, only the XDR Agent information can be ingested into XDR console, an XDR Pro license allows you to ingest alerts from 3rd party sources (including NGFW) and a Pro per TB license allows you to ingest the raw logs. Please refer to this doc page with detailed information on capabilities per license type (https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-...).
Correction: You can use the AD integration feature to bring in data from AD for alerts and incidents. It's the Identity Analytics that you won't be able to utilize. Check out https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr... for information on configuring this.
06-09-2022 04:59 AM
Also keep in mind you can integrate virus total and autofocus as well. I have the Cloud Identity solution (basically ad integration)
it was super simple.
06-09-2022 12:42 PM - edited 06-09-2022 12:47 PM
Hi CraigV123,
With Cortex XDR Prevent, only the XDR Agent information can be ingested into XDR console, an XDR Pro license allows you to ingest alerts from 3rd party sources (including NGFW) and a Pro per TB license allows you to ingest the raw logs. Please refer to this doc page with detailed information on capabilities per license type (https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-...).
Correction: You can use the AD integration feature to bring in data from AD for alerts and incidents. It's the Identity Analytics that you won't be able to utilize. Check out https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr... for information on configuring this.
06-10-2022 03:34 AM
I appreciate the response and additional information. Trying to get our organization to see the benefit in the upgrade. This sort of stuff helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!