Incorporating NGFW and Active Directory information into the management console

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Incorporating NGFW and Active Directory information into the management console

L3 Networker

We have the Prevent license and I am curious if anyone has been able to take their PA NGFW data and send it to the XDR console? I know this can be done with the Pro license for increased forensics and threat detection but I am not sure if I can do it with Prevent. 

Also looking to implement the Cloud Identity solution. Has anyone done that before? What are your thoughts/tips/concerns with the process? 

 

Thanks! 

1 accepted solution

Accepted Solutions

L4 Transporter

Hi CraigV123,

 

With Cortex XDR Prevent, only the XDR Agent information can be ingested into XDR console, an XDR Pro license allows you to ingest alerts from 3rd party sources (including NGFW) and a Pro per TB license allows you to ingest the raw logs.  Please refer to this doc page with detailed information on capabilities per license type (https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-...).

 

Correction: You can use the AD integration feature to bring in data from AD for alerts and incidents.  It's the Identity Analytics that you won't be able to utilize.  Check out https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr... for information on configuring this.

View solution in original post

3 REPLIES 3

L3 Networker

Also keep in mind you can integrate virus total and autofocus as well. I have the Cloud Identity solution (basically ad integration)

it was super simple. 

L4 Transporter

Hi CraigV123,

 

With Cortex XDR Prevent, only the XDR Agent information can be ingested into XDR console, an XDR Pro license allows you to ingest alerts from 3rd party sources (including NGFW) and a Pro per TB license allows you to ingest the raw logs.  Please refer to this doc page with detailed information on capabilities per license type (https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-...).

 

Correction: You can use the AD integration feature to bring in data from AD for alerts and incidents.  It's the Identity Analytics that you won't be able to utilize.  Check out https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr... for information on configuring this.

I appreciate the response and additional information. Trying to get our organization to see the benefit in the upgrade. This sort of stuff helps. 

  • 1 accepted solution
  • 2442 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!