07-13-2025 06:50 PM
07-15-2025 04:35 AM
Hi A.Faruq,
It is possible to integrate and send Audit Management logs to a SIEM, like Elastic search or other, There is no native integration, but there is a possibility to do such by:
1- Create a new syslog server configuration. Please follow the doc below, and ensure you are following the prerequisites:
2- Configure a new notification forwarding selecting the scope as Management Audit Logs which is what you want to send to your Elastic instance. In this step, the syslog server where you send the Management Audit Logs is the one you have created in the previous step. Please check the doc:
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Cloud-Documentation/Configure-notif...
If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.
KR,
Luis
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
