This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

XDR data lake and related questions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

XDR data lake and related questions

FWPalolearner
L4 Transporter

‎04-10-2024 12:22 PM - last edited on ‎04-18-2024 11:34 AM by

Hello people ,

 

I have started working on PANW XDR  study and currently i am in initial stages on my study .

1)Is PANW XDR uses its native inbuild data lake ? 

I am confused with Architecture diagram which says Data lake  and Data layer . Are these two different things ?

 

2) I consider Datalake as big pool data ( flat or any other form) where all the PANW products ( firewalls /SASE/Prisma) ingest the logs . 

 

Am i right in my understanding .?

 

3)Another point is about 3rd Party external integrations ; can Cortex XDR ingest logs from any vendor like fortigate FW , Cisco router, Juniper switch , Crowdstrike edr , Armis . ?

 

4) If answer to question 3 is yes , can XDR also run response actions on these 3rd parties ? like blocking an IP on fortigate or isolating a machine having crowdstrike antivirus disabled ?

 

If Cortex XDR can ingest 3rd party data in native datalake , can we consider Cortex XDR as Open XDR ?

 

5) What is the difference between XDR and XSOAR because XDR can also provide a response action . Is the response limited or XDR has limited number of playbooks ? I studied that XSOAR is for more mature environments (SOCs) . so i am confused why customer buy XSOAR if XDR is giving all the options .

 

6) About Cortex data lake , can cortex data lake ingest logs from fortigate , etc ? or cortex data lake is only for PANW products ?  at least this is what documentation says .

 

 

Labels:
0 Likes Likes
1 REPLY 1

FWPalolearner
L4 Transporter

‎04-11-2024 03:16 AM

Hello People , anyone please ? 

0 Likes Likes
  • 1582 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks