03-04-2024 10:04 PM - last edited on 04-18-2024 11:37 AM by emgarcia
I kindly request how to ingest prophaze waf Logs in the cortex console. If possible, could you guide how to proceed with this integration? Additionally, please share any related documents or resources that could be helpful in this process.
Cortex XDR Cortex Data Lake
03-05-2024 05:25 AM
Hi @RajeshPremSingh, thanks for reaching us using the Live Community.
To ingest third party logs in the Cortex XDR tenant you need the Cortex XDR Pro Per-GB license.
If the Prophaze Waf supports sending logs to a syslog server, the procedure is the following:
Please let me know if this helps.
If this post answers your question, please mark it as the solution.
03-05-2024 08:11 AM
@jmazzeo possible to do API?
03-05-2024 09:35 AM
@RajeshPremSingh, not posible to ingest using API, only for the third party supported vendors.
03-05-2024 09:37 PM
Hi Jmazzeo,
I am Sreenadh, team member of Rajesh. could you please help with Create a custom parsing rule to convert the raw data into readable fields by the XDR console.
03-06-2024 04:34 AM - edited 03-06-2024 04:35 AM
Hi @PoojalaSreenadh, I'll recommend you to watch this Webinar Series about Parsing rules and correlation.
This is the first one with the Parsing basics and how they work: https://live.paloaltonetworks.com/t5/cortex-xdr-webinars/cortex-customer-success-webinar-series-part...
Also we have a full Youtube playlist about custom logs parsing from scratch: https://youtube.com/playlist?list=PLD6FJ8WNiIqXct0oWOxUfr0gDGOQLECGS&feature=shared
03-06-2024 12:15 PM
@jmazzeo ,
Thanks for the valuable information, we will go through the following videos and if additional information is required we connect with you.
03-07-2024 09:12 PM
Hi @jmazzeo ,
is there any possible way to ingest logs or alerts from prophase WAF through HTTP log collector to receive logs?
03-08-2024 05:10 AM
Hi @PoojalaSreenadh, yes, you can setup a HTTP collector to ingest logs in Raw, JSON, CEF, or LEEF formats.
Here is the official doc: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Set-up-an-H...
And at the top of that doc you can see all the supported additional log ingestion methods: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Additional-...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
