This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Strata Logging Service Discussions
Strata Logging Service (formerly known as Cortex Data Lake) enables AI-based innovations for cybersecurity with the industry’s only approach to normalizing and stitching together your enterprise’s data. Join the discussion now.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Strata Logging Service Discussions
Strata Logging Service (formerly known as Cortex Data Lake) enables AI-based innovations for cybersecurity with the industry’s only approach to normalizing and stitching together your enterprise’s data. Join the discussion now.
About Strata Logging Service Discussions
Welcome to the Strata Logging Service discussion area! Here, you can engage in conversations about Strata Logging Service, explore new insights, and stay updated on ongoing discussions. Check back regularly for the latest updates and community insights on Strata Logging Service.

Discussions

Start a conversation

Welcome to the Strata Logging Service Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4476 Views
  • 0 replies
  • 1 Likes

starta cl

I have a question regarding the licensing model for the Cloud Manager. Specifically, if I have four virtual machine firewalls and four physical firewalls, how should I measure the required licenses?

SpyrosK by L0 Member
  • 5171 Views
  • 0 replies
  • 0 Likes

Cortex XDR Pro GB

Hi, Understand that cortex XDR Pro GB can ingest data from multiple source. My customer would like to use this license to ingest data from Fortinet firewall. Previously, I did sizing based on strata logging service estimator by selecting Cortex XDR product and chose the Palo firewall model to estimate average log rate. But as I access the li...

nuranisnadiah_0-1717467602114.png

Configuring BGP within Service Connections timer

I needed to modify the earlier question; it was not a BGP keepalive timer, but as mentioned below. "I wish to edit the BGP timers for Service Connection from Prisma Access. The settings can be viewed from Workflow ---Prisma Access Setup---Service Connections---under "Links"---under "BGPIPv4" Column “Primary(status)” clicking on status an...

E.Acar by L0 Member
  • 7652 Views
  • 2 replies
  • 0 Likes

Resolved! IoT Security, Does not Require Data Lake | Without Panorama | Setup

Hi, I am currently in the process of setting up IoT Security, Does not Require Data Lake service but I am running into issues. I have managed to setup the portal and that is reachable. The problem seems to be sending the logs from the A/P units to the IoT service. As stated, we purchased the IoT without the use of Data Lake, therefore, what will...

MGiusti by L0 Member
  • 11888 Views
  • 4 replies
  • 0 Likes

Setup > Management > Cortex Data Lake > Cortex Data Lake Status > Show Status

Hi, Question #1: How do I get the CDL Status "Certificate" to go green? Question #2: What's the best way to send only alert logs from the FW to CDL so we can take advantage of the AIOps Free alerts? #Show Status has "certificate" greyed out and on hover, it say's "0/0 components succeeded. Device Certificate: Current Device Certificate Sta...

Critical version 7.5 agent unable to download

Hi Community people, we have a few machines with macOS 10.13 High Sierra, as per the documentation 7.5CE version should support it. in the agent installation option, we are unable to see 7.5 CE version agent installers. we could download only the 7.9 CE version. we don't have a clue about it. Could you please suggest a possible solution fo...

Prisma Access Logging Queries

Hello All, I would like to know few things Prisma Access logging: 1. From the documentation I can see that Prisma Access by default forward all logs to Cortex Data lake. We can forward syslog from cortex data lake to external syslog server in CSV, CEF & LEEF formats. We can also use filters to rearrange fields, but I want to know what would ...

Palo Alto Prisma Access Logging

Hello All, I would like to know few things Prisma Access logging: 1. From the documentation I can see that Prisma Access by default forward all logs to Cortex Data lake. We can forward syslog from cortex data lake to external syslog server in CSV, CEF & LEEF formats. We can also use filters to rearrange fields, but I want to know what would ...

XDR data lake and related questions

Hello people , I have started working on PANW XDR study and currently i am in initial stages on my study . 1)Is PANW XDR uses its native inbuild data lake ? I am confused with Architecture diagram which says Data lake and Data layer . Are these two different things ? 2) I consider Datalake as big pool data ( flat or any other form) where ...

Resolved! Cortex Data Lake Integration Migration

Hi everyone, Need your help in understanding the Cortex Data Lake integration migration request. We have received a notification indicating that the Cortex XDR request for migrating the Cortex Data Lake integration directly into Cortex XDR. Should we migrate manually or should we just wait for automatic migration without doing anything. Please...

Resolved! Filter a XQL Query of DNS requests

Hello, I'm trying to write a XQL query to find DNS requests from clients in multiple IP ranges, e.g. "10.0.0.0/24, 10.1.1.0/24, 10.5.2.0/24, ..." and also filter DNS query name based on hundreds of domain names obtained from Firewall logs. How should I filter my query? Below you see a template of what I'm trying to start with: preset= network_...

Resolved! XDR related questions

Hello all, I have a few questions related to Cortex XDR and I would be happy if you answer them. I have a license of Cortex XDR Pro per GB - 100 GB. But I do not have Cortex Data Lake. I want to integrate firewall with Cortex XDR. For this, I can use Broker VM. In order to keep logs in Broker VM for a month, I need 100*30=3 TB storage, But ...

Resolved! How to Disconnect a Firewall from Cortex Data lake and connect with XDR ?

Hi We are migrating our devices from CDL to XDR. We connected our Prisma Access with the XDR and getting logs for the SD-WAN ion devices. Sincne On Prem Firewalls are connected with the existing CDL, im not getting proper documentation for shifting the onprem firewalls to XDR tenant. The documents are not much helpful. They only mention straig...

Ariq_Aziz_0-1705289392728.png

Resolved! Cortex Data Lake - Looking for a sting of data in the Description field

I am trying to do a search in CDL which will show me when a user disables their Global Protect agent on their end point. I am able to perform this search in Panorama using the search "(opaque contains 'Agent Disable')" under GlobalProtect logs. I am not able to replicate this in CDL I can see the log in CDL looking in Firewall/GlobalProtect ...

John_J_0-1704997750305.png
John_J by L1 Bithead
  • 7461 Views
  • 1 replies
  • 0 Likes

Resolved! Exporting events from Cortex XDR

Hello,I have been doing some searching on if I can get XDR endpoint logs like processes and etc into a third party SIEM.Based on the XDR API there is no way to export events (You can technically run XQL queries using the API but this would get logged on XDR)It also looks like you cannot actually forward XDR data from the data lake to a syslog se...

  • 33 Posts
  • 38 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks