This Nominated Discussion Article is based on the post "Cortex XDR Firewall configuration query." by @Vinothkumar_SBA and responded to by @aleksandar.astardzhiev . Read on to see his response!
We have configured the Check Point firewall version (R81.10), but it is not supported for native log ingestion. However, we have checked the official Palo Alto documentation for this link: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Ingest-Logs....
-It states that log ingestion and data require a Cortex XDR Pro per GB license.
-We have purchased a TB license.
-I will need to confirm whether it is possible to ingest CEF logs from Check Point software version R81.10.
Hi @Vinothkumar_SBA ,
There is no change for the retention after license migration from "per TB" to "per GB".
As explained here - https://live.paloaltonetworks.com/t5/general-topics/cortex-xdr-firewall-configuration-query/td-p/547... "per GB/TB" license are ingestion only, meaning they don't effect retention periond.
Which means you should have (by default) 30days of hot retention for ingested data and 180 days of hot retention for alerts and incidents (created by XDR). If you need extend that you need to order license add-ons, details for which you can see in the link above.
