- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-08-2022 03:09 AM
Hi!
I am looking for a way to export raw endpoint data from Cortex XDR to AWS S3 bucket,
I saw in the Event Forwarding option that it's possible to export these logs into Google Cloud Platform (GCP) bucket,
so I look for a similar option just into AWS S3 bucket.
Has anyone else figured something out to achieve this?
Thanks!
09-14-2022 07:15 AM
MBD-Hunter,
The bucket is maintained by Palo Alto, not the customer. Buckets are only hosted in GCP.
09-08-2022 04:14 AM
Hi @MBD-hunter ,
Thank you for reaching out to Live Community!
The event forwarding from Cortex XDR to external destinations is possible only with an add-on license for Event Forwarding.
Please ensure you have the add-on license for the same and if not kindly discuss with your sales representatives for getting the feature set enabled for configuration.
Regards.
09-08-2022 07:58 AM
Hi!
Thanks, I will check.
But if I have the right license I will be able to forward the data to AWS as well?
Because in the docs (step 3) it looks like it is only possible to GCP...
"To retrieve the data, access GCP Cloud Storage through the Service Account.
The Destination section displays the details of the Google Cloud Platform (GCP) bucket where your data is stored for 14 days. The data is compressed and saved as a line-delimited JSON gzip file."
09-14-2022 06:58 AM
Hi @neelrohit !
I checked and at the moment, we do not have a license, but we are looking into getting one.
We need to know if it is possible to export the raw data from the endpoints to AWS S3 and not only to GCP.
Thanks again for the response!
09-14-2022 07:15 AM
MBD-Hunter,
The bucket is maintained by Palo Alto, not the customer. Buckets are only hosted in GCP.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!