This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Strata Logging Service Discussions
Strata Logging Service (formerly known as Cortex Data Lake) enables AI-based innovations for cybersecurity with the industry’s only approach to normalizing and stitching together your enterprise’s data. Join the discussion now.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Discussions

Start a conversation

Welcome to the Strata Logging Service Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4471 Views
  • 0 replies
  • 1 Likes

Resolved! IoT Security, Does not Require Data Lake | Without Panorama | Setup

Hi, I am currently in the process of setting up IoT Security, Does not Require Data Lake service but I am running into issues. I have managed to setup the portal and that is reachable. The problem seems to be sending the logs from the A/P units to the IoT service. As stated, we purchased the IoT without the use of Data Lake, therefore, what will...

MGiusti by L0 Member
  • 11876 Views
  • 4 replies
  • 0 Likes

Setup > Management > Cortex Data Lake > Cortex Data Lake Status > Show Status

Hi, Question #1: How do I get the CDL Status "Certificate" to go green? Question #2: What's the best way to send only alert logs from the FW to CDL so we can take advantage of the AIOps Free alerts? #Show Status has "certificate" greyed out and on hover, it say's "0/0 components succeeded. Device Certificate: Current Device Certificate Sta...

Critical version 7.5 agent unable to download

Hi Community people, we have a few machines with macOS 10.13 High Sierra, as per the documentation 7.5CE version should support it. in the agent installation option, we are unable to see 7.5 CE version agent installers. we could download only the 7.9 CE version. we don't have a clue about it. Could you please suggest a possible solution fo...

Prisma Access Logging Queries

Hello All, I would like to know few things Prisma Access logging: 1. From the documentation I can see that Prisma Access by default forward all logs to Cortex Data lake. We can forward syslog from cortex data lake to external syslog server in CSV, CEF & LEEF formats. We can also use filters to rearrange fields, but I want to know what would ...

Palo Alto Prisma Access Logging

Hello All, I would like to know few things Prisma Access logging: 1. From the documentation I can see that Prisma Access by default forward all logs to Cortex Data lake. We can forward syslog from cortex data lake to external syslog server in CSV, CEF & LEEF formats. We can also use filters to rearrange fields, but I want to know what would ...

XDR data lake and related questions

Hello people , I have started working on PANW XDR study and currently i am in initial stages on my study . 1)Is PANW XDR uses its native inbuild data lake ? I am confused with Architecture diagram which says Data lake and Data layer . Are these two different things ? 2) I consider Datalake as big pool data ( flat or any other form) where ...

Resolved! Cortex Data Lake Integration Migration

Hi everyone, Need your help in understanding the Cortex Data Lake integration migration request. We have received a notification indicating that the Cortex XDR request for migrating the Cortex Data Lake integration directly into Cortex XDR. Should we migrate manually or should we just wait for automatic migration without doing anything. Please...

Resolved! Filter a XQL Query of DNS requests

Hello, I'm trying to write a XQL query to find DNS requests from clients in multiple IP ranges, e.g. "10.0.0.0/24, 10.1.1.0/24, 10.5.2.0/24, ..." and also filter DNS query name based on hundreds of domain names obtained from Firewall logs. How should I filter my query? Below you see a template of what I'm trying to start with: preset= network_...

Resolved! XDR related questions

Hello all, I have a few questions related to Cortex XDR and I would be happy if you answer them. I have a license of Cortex XDR Pro per GB - 100 GB. But I do not have Cortex Data Lake. I want to integrate firewall with Cortex XDR. For this, I can use Broker VM. In order to keep logs in Broker VM for a month, I need 100*30=3 TB storage, But ...

Resolved! How to Disconnect a Firewall from Cortex Data lake and connect with XDR ?

Hi We are migrating our devices from CDL to XDR. We connected our Prisma Access with the XDR and getting logs for the SD-WAN ion devices. Sincne On Prem Firewalls are connected with the existing CDL, im not getting proper documentation for shifting the onprem firewalls to XDR tenant. The documents are not much helpful. They only mention straig...

Ariq_Aziz_0-1705289392728.png

Resolved! Cortex Data Lake - Looking for a sting of data in the Description field

I am trying to do a search in CDL which will show me when a user disables their Global Protect agent on their end point. I am able to perform this search in Panorama using the search "(opaque contains 'Agent Disable')" under GlobalProtect logs. I am not able to replicate this in CDL I can see the log in CDL looking in Firewall/GlobalProtect ...

John_J_0-1704997750305.png
John_J by L1 Bithead
  • 7452 Views
  • 1 replies
  • 0 Likes

Resolved! Exporting events from Cortex XDR

Hello,I have been doing some searching on if I can get XDR endpoint logs like processes and etc into a third party SIEM.Based on the XDR API there is no way to export events (You can technically run XQL queries using the API but this would get logged on XDR)It also looks like you cannot actually forward XDR data from the data lake to a syslog se...

Resolved! Rogue Device Discovery with Cortex XDR

Hi, I would like to implement Rogue Device Discovery with Cortex XDR but it is not clear for me what I need to do this. We have Cortex XDR Pro per Endpoint license – do I need anything else (like datalike) to set the solution? Can I expect any issues with it or it is working well?

Resolved! No Security Data Populating in AIOps

I first created a new Tenet for a Customer Support Account, selected the Americas Region, and left the CDL instance blank. I then associated the device in the Tenet view of the Hub by going to Common Services > Device Associations. I waited 24 hours and the firewall was onboarded. It appears to be pulling Heath information - Metrics and Servi...

Resolved! XDR Collectors and Data Collection Integrations missing in Configuration

Hi, I'm trying to forward external syslogs Cortex XDR and I'm unable to find XDR Collectors section and Data collection Integrations section in the Configurations. Below is what I see in the menu. I have account admin privileges. We have Advanced endpoint protection, data collection and response for 800 agents and Cortex Data Lake for 4TB. Is ...

Isuru_0-1693907369393.png
Isuru by L1 Bithead
  • 2777 Views
  • 1 replies
  • 0 Likes
Labels
  • Strata Logging Service 15
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks