XSOAR Community Edition -> Cortex Data Lake integration

Showing results for 
Show  only  | Search instead for 
Did you mean: 

XSOAR Community Edition -> Cortex Data Lake integration

L1 Bithead

I'm trying to get Cortex Data Lake integrated with our Cortex XSOAR Community Edition instance, and getting nowhere very quickly. 

Reviewing the documentation: https://xsoar.pan.dev/docs/reference/integrations/cortex-data-lake


I am completely lost finding the Token, ID, and Key values to tie it to our Cortex Data Lake instance. 


The documentation states:

  1. Insert the license ID and the Customer Name in the required fields and complete the authentication process in order to get the Authentication Token Registration ID Encryption Key

Anybody know what they mean by this? 


L3 Networker

Hi @Netwerx – Improved setup instructions for the Cortex Data Lake integration are in the works and can be reviewed here: https://github.com/demisto/content/blob/master/Packs/CortexDataLake/Integrations/CortexDataLake/Cort...


The changes will be reflected on the integration's Help page within XSOAR and on its documentation page soon.


Let us know if you have further questions about the setup! 

L1 Bithead

The github documentation also just states "from the authentication process". 


I'm trying to integrate our Cortex Data Lake instance with an on premises, community edition of Cortex XSOAR. Is this not possible or the community edition / on prem to ingest Cortex Data Lake logs? 


I checked with Palo Alto support on this, and they wouldn't assist as it was an implementation issue, and would require they bill us to get it working. 

As far as I know, this should work with the Community Edition. When logged into the HUB, do you have an activated instance of the Cortex XSOAR app? Once you have activated an instance of the Cortex XSOAR app and select it, you will get a screen where you can enter the License ID and Customer Name.

Ah, just to clarify, you need a paid for cloud / palo alto xsoar instance to be able to get your paid for cortex data lake data into your community edition, on premises cortex xsoar instance?

L4 Transporter

I am just looking at the hub now, it seems that the activation of the Cortex XSOAR requires the data lake configuration before continuing, @Netwerx have you tried entering the details there?

I have to admit I have not used Data Lake up until now but the community edition of XSOAR only has a few restrictions so I would have thought this would have been permitted.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!