Cortex XDR is a security application cloud based solution relying on Palo Alto Application Frameworks which leverages Palo Alto Networks Logging Service.
Logging Service receives data from Palo Alto Networks devices whether they are on premise or in the cloud as well as from Global Protect Cloud Service.
To get the best out of it, Cortex XDR must see traffic between users and servers and traffic going from internal networks to Internet. Other traffic logs are a nice to have to collect as well but not mandatory.
To answer your question, traffic generated at internet edge, which logs are sent to Logging Service, is one of the must-have traffic we recommend but not the only one as described above.
I hope this answers your question.
... View more