This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

XDR Cortex Event Forwarding into AWS S3 bucket

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

XDR Cortex Event Forwarding into AWS S3 bucket

Go to solution
MBD-hunter
L1 Bithead

‎09-08-2022 03:09 AM

Hi!
I am looking for a way to export raw endpoint data from Cortex XDR to AWS S3 bucket,

I saw in the Event Forwarding option that it's possible to export these logs into Google Cloud Platform (GCP) bucket,

so I look for a similar option just into AWS S3 bucket. 

Has anyone else figured something out to achieve this?

Thanks!

 

Cortex XDR

Cortex XDR
Thumbnail of Cortex XDR
Palo Alto Networks
Cortex XDR
Security Operations
View on Product Page
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
afurze
L4 Transporter
In response to MBD-hunter

‎09-14-2022 07:15 AM

MBD-Hunter,

 

The bucket is maintained by Palo Alto, not the customer.  Buckets are only hosted in GCP.

View solution in original post

4 REPLIES 4

Go to solution
neelrohit
L5 Sessionator

‎09-08-2022 04:14 AM

Hi @MBD-hunter , 

 

Thank you for reaching out to Live Community!

 

The event forwarding from Cortex XDR to external destinations is possible only with an add-on license for Event Forwarding. 

Please ensure you have the add-on license for the same and if not kindly discuss with your sales representatives for getting the feature set enabled for configuration.

 

Regards.

0 Likes Likes

Go to solution
MBD-hunter
L1 Bithead
In response to neelrohit

‎09-08-2022 07:58 AM

Hi!
Thanks, I will check.
But if I have the right license I will be able to forward the data to AWS as well? 
Because in the docs (step 3) it looks like it is only possible to GCP...

"To retrieve the data, access GCP Cloud Storage through the Service Account. 

The Destination section displays the details of the Google Cloud Platform (GCP) bucket where your data is stored for 14 days. The data is compressed and saved as a line-delimited JSON gzip file."

 

@neelrohit

Preview file
58 KB
0 Likes Likes

Go to solution
MBD-hunter
L1 Bithead
In response to neelrohit

‎09-14-2022 06:58 AM

Hi @neelrohit !

I checked and at the moment, we do not have a license, but we are looking into getting one.  
We need to know if it is possible to export the raw data from the endpoints to AWS S3 and not only to GCP.
Thanks again for the response!

0 Likes Likes

Go to solution
afurze
L4 Transporter
In response to MBD-hunter

‎09-14-2022 07:15 AM

MBD-Hunter,

 

The bucket is maintained by Palo Alto, not the customer.  Buckets are only hosted in GCP.

  • 1 accepted solution
  • 2606 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks