PAN-OS Cortex Data Lake Logging Quickplays

Brief Description

A set of skillets, set commands, and playbooks to simplify implementation and validation of Cortex Data Lake for the NGFW.

Target Audience

This skillet is intended for Palo Alto Networks SEs, PSEs, Partners, and Customers that are using Cortex Data Lake with the NGFW.

Prerequisites

Active Cortex Data Lake license
Preshared key for on-boarding firewalls to Cortex Data Lake
panHandler version 4.0 or later

Solution Details

Documentation: https://github.com/PaloAltoNetworks/panos-logging-skillets/blob/master/README.md

Github Location: https://github.com/PaloAltoNetworks/panos-logging-skillets.git

Github Branches: master

PAN-OS Versions Supported: 9.x, 10.0

Type of Skillet: panos

Collections:

Full Description

Validation

The validation skillet checks required elements for a successful Cortex Data Lake (CDL) install. Key items include licensing, global CDL configuration, fetch CDL certificates, and CDL/EAL enablement in log forwarding profiles.

Configuration Playbook

Inline validation checks and configuration using an Ansible playbook. The playbook can be run in three ways:

Native Ansible playbook for existing environments
Python script including needed packages, roles, and collections
Skillet with a simple web UI input

CLI Set Commands

Operational and configuration set commands for deployments without API access.

Update Existing Log Forwarding Profiles

Allow the user to select an existing log forwarding profile and update to use Cortex Data Lake log forwarding for all log types and enable Enhanced Application Logging.