Resolved! Cortex Data Lake Integration Migration

Hi everyone,

Need your help in understanding the Cortex Data Lake integration migration request. We have received a notification indicating that the Cortex XDR request for migrating the Cortex Data Lake integration directly into Cortex XDR. Should

Resolved! Filter a XQL Query of DNS requests

Hello,

I'm trying to write a XQL query to find DNS requests from clients in multiple IP ranges, e.g. "10.0.0.0/24, 10.1.1.0/24, 10.5.2.0/24, ..." and also filter DNS query name based on hundreds of domain names obtained from Firewall logs. How should

Resolved! XDR related questions

Hello all, 

I have a few questions related to Cortex XDR and I would be happy if you answer them. 

1. I have a license of Cortex XDR Pro per GB - 100 GB. But I do not have Cortex Data Lake. I want to integrate firewall with Cortex XDR. For this, I can

Resolved! How to Disconnect a Firewall from Cortex Data lake and connect with XDR ?

Hi

We are migrating our devices from CDL to XDR. We connected our Prisma Access with the XDR and getting logs for the SD-WAN ion devices. Sincne On Prem Firewalls are connected with the existing CDL, im not getting proper documentation for shifting t

Resolved! Cortex Data Lake - Looking for a sting of data in the Description field

I am trying to do a search in CDL which will show me when a user disables their Global Protect agent on their end point.  I am able to perform this search in Panorama using the search "(opaque contains 'Agent Disable')" under GlobalProtect logs.  I a

Resolved! Exporting events from Cortex XDR

Hello,

I have been doing some searching on if I can get XDR endpoint logs like processes and etc into a third party SIEM.

Based on the XDR API there is no way to export events (You can technically run XQL queries using the API but this would get logged

Resolved! Rogue Device Discovery with Cortex XDR

Hi,

I would like to implement Rogue Device Discovery with Cortex XDR but it is not clear for me what I need to do this. We have Cortex XDR Pro per Endpoint license – do I need anything else (like datalike) to set the solution? Can I expect any issues

Resolved! No Security Data Populating in AIOps

• I first created a new Tenet for a Customer Support Account, selected the Americas Region, and left the CDL instance blank.
• I then associated the device in the Tenet view of the Hub by going to Common Services > Device Associations.
• I waited 24 hours an

Resolved! XDR Collectors and Data Collection Integrations missing in Configuration

Hi, I'm trying to forward external syslogs Cortex XDR and I'm unable to find XDR Collectors section and Data collection Integrations section in the Configurations. Below is what I see in the menu. I have account admin privileges. 

We have Advanced e