By Nabeel Syed, Senior Technical Marketing Engineer
Last Updated: 06/30/2025
Disclaimer: This doc was created using PAN-OS version 11.2. If you are using PAN-OS versions earlier than 10.1, please refer to official documentation for steps. Also, In previous PAN-OS versions, you may see older naming conventions like “Cortex Data Lake” or “Logging Service” instead of “Cloud Logging”.
Usecase 1: Ingest Self-Managed Firewall Logs to Strata Logging Service
Step 1: Activate Strata Logging Service
[Note: This Step is needed if you need to activate a new Strata logging Service instance]
- Activate the Strata Logging Service instance by clicking on the Activation link from the email.
Figure 1: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
a. Select your CSP Account from the “Customer Support Account” dropdown.
b. Specify the Tenant or TSG under “Specify the Recipient” where you want to deploy the strata logging service or create a new TSG/tenant from the dropdown, if needed.
c. Select the Region where you want your logs to be stored from “Select Region” dropdown.
d. Click on Activate.
Note: If you have Strata Cloud Manager Pro activation link, then Strata logging Service is activated as part of the Strata Cloud Manager Pro(SCM Pro) Magic link
Figure 2: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Once Strata Logging Service is activated, it takes 10-15 minutes to provision the tenant, until then Strata logging Service app on the Hub shows as “In Progress”.
Figure 3: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Once Provisioning is completed, the App becomes available on Hub and once its clicked it will take you to Strata Logging Service. You will also receive an email upon successful provisioning.
Figure 4: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Step 2: Install Device certificate for Firewalls
- Get the OTP from Support portal to fetch Device certificate on Firewall:
Go to the Support Portal: Support Portal and select your CSP Account under “Account Selector”.
Go to Products → Device Certificates → Generate OTP
Figure 5: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Select the Option 1: Generate OTP for Next Generation Firewall(PanOS). If installing a Device certificate for Panorama, then use Option 2 : Generate OTP for a Panorama. Select the Serial number and Click Next.
Figure 6: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Copy the OTP
Figure 7: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Update the OTP on Firewall:
Go to Device → Setup → Device Certificate → Get Certificate.
Figure 8: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Figure 9: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Step 3: Associate Device to Strata Logging Service
[Note: This step is needed to store logs on Strata Logging Service. Skip this step if you don’t have Strata Logging Service subscription and only have XSIAM with XDR PRO GB license. ]
- Log in to Hub: HUB and Select your Tenant, where you want the devices to be associated on the Strata logging Service.
- Go to Common Services > Device Associations [Available top right corner].
Figure 10: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Associate Strata logging service to firewall on Device Association page:
- Select the the correct Tenant
- Select the Firewall Device Serial number
- Click on Associate Products > select Strata Logging Service > Select the Serial number > Save.
Figure 11: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Step 4: Configure Firewalls to connect to Strata Logging Service or Cloud Logging
- Firewalls needs a device logging service license on Firewall, so that it can connect to Strata logging service; it is not a separate license. After adding the device on the Strata logging service, go to firewall UI and retrieve the license.
- On Firewall: Go to DEVICE > Licenses > Retrieve license keys from license server and ensure the Strata Logging Service [Device Logging service] exists.
Figure 12: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
[Note: If License is not seen on the Firewall, check on adminsite for PAN-LGS-DL]
b. Enable Cloud Logging: Go to DEVICE > Setup > Management > Cloud Logging and Select Enable Cloud logging for logging to Strata logging service
[Cloud Logging is referred as Cortex Data Lake or Logging Service if you are running older Panos versions]
c. Optional: Enable Enhanced Application logging [Needed for IOT and Cortex XSIAM]
d. Select the Region from the drop down and Commit the configuration
Figure 13: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
e. To check connection to Strata logging service/ Cloud logging: Go to DEVICE > Setup > Management > Cloud Logging and click on Show Status.
Figure 14: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
f. You can also Check the status of Firewalls to strata logging Service on Strata Logging Service UI. Go to Inventory > Firewalls > Check the connection status.
Figure 15: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Step 5: Forward Firewall logs to Strata Logging Services or Cloud Logging
- Log in to Firewall, Go to Objects → Log Forwarding → Add →Log Forwarding Profile.
- Add a name for the profile.
- + Add →Log Forwarding Profile Match List. Click on the drop down on the Log type to filter which log to forward.
Figure 16: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
c. Enable Cloud Logging.
[Cloud Logging is referred as Cortex Data Lake or Logging Service if you are running older Panos versions]
Figure 17: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Optional: Use Filter to filter specific log to send to Strata Logging Service.
d. Repeat step b and c for the log types that you want to forward to Strata logging service/Cloud Logging.
Figure 18: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Optional: Enable Enhanced Application Logging [EAL] Required for Cortex XDR or IOT Subscriptions
Enable EAL: Go to Device > Setup > Management > Logging Service.
Figure 19: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Optional: Create Log forwarding profile for Enhanced Application logging [Needed for IOT and Cortex XSIAM].
- Use any of the following:
- Use the predefined IoT Security Default Profile.
- Clone the predefined profile and customize it.
- Create a new Log forwarding profile.
- Create a new log forwarding profile with Enhanced Application logging enabled.
- Go to Objects > Log Forwarding > Add Log forwarding Profile.
- Select - Enable enhanced application logs in cloud logging (including traffic and url logs).
Figure 20: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Attach the Log forwarding profile or Enhanced log forwarding profile to Security rules:
Go to Security policy Rule > Actions > Log Forwarding > <profile-name>.
Figure 21: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Follow the steps below to forward the rest of the logs: System logs, Configuration logs, User-ID logs, HIP Match logs, Global Protect logs and IP-tag logs to Cloud Logging.
- Create profile for System logs : Go to Device > Log Settings > System > + Add > Select Cloud Logging. [Cloud Logging is referred as Cortex Data Lake or Logging Service if you are running older Panos versions]
- Similarly create profile for Configuration, User-ID, HIP Match, Global Protect, and IP tags.
Figure 22: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Figure 23: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- After the configuration is completed, Commit the configuration and you should start seeing logs on Strata logging Service UI > Explore.
Figure 24: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Usecase 2: Ingest Panorama managed Firewall logs to Strata Logging Service
Step 1: Activate Strata Logging Service
[Note: This Step is needed if you need to activate a new Strata logging Service instance]
- Activate the Strata Logging Service instance by clicking on the Activation link from the email.
Figure 25: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
a. Select your CSP Account from the “Customer Support Account” dropdown.
b. Specify the Tenant or TSG under “Specify the Recipient” where you want to deploy the strata logging service or create a new TSG/tenant from the dropdown, if needed.
c. Select the Region where you want your logs to be stored from “Select Region” dropdown.
d. Click on Activate.
e. Note: If you have Strata Cloud Manager Pro activation link, then Strata logging Service is activated as part of the Strata Cloud Manager Pro(SCM Pro) Magic link.
Figure 26: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Once Strata Logging Service is activated, it takes 10-15 minutes to provision the tenant and the Strata logging Service app on the Hub shows “In Progress”.
Figure 27: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Once Provisioning is completed, the App becomes available on Hub and once its clicked it will take you to Strata Logging Service. You will also receive an email upon successful provisioning.
Figure 28: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Step 2: Install Device Certificate for Panorama
- Get the OTP from Support portal to fetch Device certificate for Panorama:
- Go to Support Portal: Support Portal and select your CSP Account under “Account Selector”.
- Go to Products → Device Certificates → Generate OTP.
Figure 29: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
c. Select the Option 2: Generate OTP for Panorama,
Figure 30: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
d. Select the serial number of Panorama and generate the OTP. Copy the OTP.
e. Paste the OTP on Panorama UI. Go to PANORAMA > Setup > Management > Device Certificate >Get Certificate.
Figure 31: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Step 3: Device certificates for Panorama Managed Firewalls
- Generate OTP on Panorama for the selected Firewalls/devices. On Panorama, Go to PANORAMA > Managed Devices > Summary > Select the devices > Request OTP from CSP and copy the OTP.
Figure 32: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Figure 33: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Log in to CSP, and Select Products > Device Certificates and Generate OTP.
Figure 34: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- For the Device Type, select Generate OTP for Panorama managed firewalls and click Next.
Figure 35: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Once OTP is generated, you will get the below confirmation.
Figure 36: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Go to Products > Device Certificates > View OTP History. Wait for the OTP status to complete and then copy the OTP
Figure 37: Firewall Onboarding to Strata logging Service_PaloAltoNetworks[a][b]
Figure 38: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Paste the OTP on the panorama: Go to Panorama > Managed Devices > Summary > Upload OTP
Figure 39: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Figure 40: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Step 4: Associate Panorama to Strata Logging Service
[Note: This step is needed to store logs on Strata Logging Service. Skip this step if you don’t have Strata Logging Service subscription and only have XSIAM with XDR PRO GB license. ]
- Log in to HUB and select the Tenant, where you want the devices to be associated on the Strata logging Service.
- Go to Common Services > Device Associations [Available top right corner]
Figure 41: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Associate Strata logging service to firewall on Device Association page:
- Select the correct Tenant.
- Select the Firewall Device Serial number.
- Click on Associate Products > select Strata Logging Service > Select the Serial number > Save.
Figure 42: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Step 5: Associate Firewalls to Strata Logging Service
[Note: This step is needed to store logs on Strata Logging Service. Skip this step if you don’t have Strata Logging Service subscription and only have XSIAM with XDR PRO GB license. ]
- Log in to Hub : HUB and Select your Tenant, where you want the devices to be associated with the Strata logging Service.
- Go to Common Services > Device Associations [Available top right corner].
Figure 43: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Associate Strata logging service to firewall on Device Association page:
- Select the correct Tenant.
- Select the Firewall Device Serial number.
- Click on Associate Products > select Strata Logging Service > Select the Serial number > Save.
Figure 44: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Step 6: Configure Panorama to connect to Strata Logging Service/ Cloud Logging
- Although Panorama doesn’t forward any logs, this is needed to view logs of Firewall and Prisma access logs that are stored in Strata logging service.
- Panorama needs a Strata logging service license on it, so that it can connect to Strata logging service. It is not a separate license, After adding Panorama on Strata logging service.
Go to Panorama UI, Click on Panorama > Licenses > Retrieve license Keys from License Server.
Figure 45: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
[Note: If a License is not seen on the Panorama, check on adminsite for PAN-LGS-DL]
[Note: For Cortex XSIAM/XDR customers with no SLS license, Panorama may not see any Strata Logging Service license. Please open an IT ticket to get a device license for your Panorama Serial number and then apply it on Panorama, before moving to next steps. This way Panorama can connect to CLCS]
- Download and Install latest Cloud Services Plugin:
- PANORAMA > Plugins > Search for cloud_service and download. Install the supported version for your Panos.
Figure 46: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Figure 47: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
b. Generate the OTP from the Strata logging Service UI portal. Go To Inventory > Panorama Appliances > Generate OTP. Copy the OTP.
Figure 48: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
c. Go to Panorama > Cloud Services > Status, paste the OTP. Ensure NTP is configured on Firewalls and Panorama, otherwise you will not be allowed to proceed.
Figure 49: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
d. Once you paste the OTP, you will see the status of the Strata logging service.
Figure 50-51: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Step 7: Configure Panorama Managed Firewalls to connect to Strata Logging Service/ Cloud Logging and setup Log forwarding
- Update licenses on Managed Firewalls: Click on PANORAMA > Device Deployment > Licenses > Refresh > Select the device Name > Refresh.
Figure 52: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Enable Cloud Logging for Managed Firewalls: Templates > DEVICE > Setup > Management > Cloud Logging. Enable Cloud Logging and Select the Region, from the drop down list.
Optional: Enable Enhanced Application logging[Required for Cortex XSIAM and IOT
Figure 53: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
[Note: Cloud Logging is referred as Cortex Data Lake or Logging Service if you are running older Panos versions]
- Create Log Forwarding profile from Panorama and push it to Firewalls: Go to Device Groups > Objects > Log Forwarding > + Add [New Log forwarding profile].
Figure 54: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Add the log forwarding profile match list for each log type, by Clicking on Add > Log Forwarding profile Match List > Select the log type you want to forward and Select Panorama/Cloud Logging.
[Note: Cloud Logging is referred as Cortex Data Lake or Logging Service if you are running older Panos versions]
Figure 55: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Repeat the step 3 and 4 for all log types that you like to forward.
- Associate the Log forwarding profile to the security rule.
Figure 56: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Commit and Push the configuration to the firewalls.
- Optional: Enable EAL [Enhanced Application logging ] Needed for IOT and Cortex XSIAM.
- Go to Objects > Log Forwarding > + Add.
- In the log forwarding profile select Enable enhanced application logs in cloud logging (including traffic and url logs).
Figure 57: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
c. Associate the Log forwarding profile to the security rule.
d. Commit and Push the configuration to the firewalls.
- Forward rest of the Device logs:
- Go to Templates > Device > Log Settings > System > + Add.
- Provide a Name and select Panorama/Cloud Logging.
[Note: Cloud Logging is referred as Cortex Data Lake or Logging Service if you are running older Panos versions]
Figure 58: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
c. Follow the same steps as <a> and <b> for Configuration, User-ID, IP-tag, HIP Match, Global Protect, Correlation logs.
d. Commit and Push the configuration to the firewalls.
- Verify the log ingestion on Strata Logging Service UI > Explore.
Figure 59: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- You can also view it on the Panorama > Monitor page.
Usecase 3: Firewalls managed by Strata Cloud Manager
Step 1: Activate Strata Logging Service
[Note: This Step is needed if you need to activate a new Strata logging Service instance]
- Activate the Strata Logging Service instance by clicking on the Activation link from the email.
Figure 60: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
a. Select your CSP Account from the “Customer Support Account” dropdown.
b. Specify the Tenant or TSG under “Specify the Recipient” where you want to deploy the strata logging service or create a new TSG/tenant from the dropdown, if needed.
c. Select the Region where you want your logs to be stored from the “Select Region” dropdown.
d. Click on Activate.
e. Note: If you have Strata Cloud Manager Pro activation link, then Strata logging Service is activated as part of the Strata Cloud Manager Pro(SCM Pro) Magic link.
Figure 61: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Once Strata Logging Service is activated, it takes 10-15 minutes to provision the tenant and the Strata logging Service app on the Hub shows “In Progress”.
Figure 62: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Once Provisioning is completed, the App becomes available on HUB and once it’s clicked, it will take you to Strata Logging Service. You will also receive an email upon successful provisioning.
Figure 63: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Step 2: Install Device certificate for Firewalls
- Device Certificates for firewalls is a prerequisite to onboard to Strata Cloud Manager. Hence individual firewalls need to be installed with Device certificates in order to connect to Strata Logging Service.
You can refer to the steps for device certificate: Install Device certificate for Firewalls.
Step 3: Add Firewalls to Strata Logging Service
- Follow these steps to Associate the firewalls to Strata Logging Service:
Associate Firewalls to Strata Logging Service .
Step 4: Forward logs from Strata Cloud Manager managed firewalls to Strata Logging Service
[Note: Firewalls that are managed by Strata Cloud Manager, will automatically get default Log forwarding profiles to Strata Logging service and have Cloud logging enabled]
- For Log forwarding to Strata Logging service, just edit the Security policy, Go to Log Settings > Logging in Strata Logging Service > select Log at the Session Start/End depending on your use case. By default, all security Policy has Logging to Strata Logging service enabled, unless you explicitly disabled it.
Figure 64: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Device logs like System, Configuration, User-ID, HIP Match, Global Protect, IP-Tag logs are forwarded to Strata logging Service, by default.
- EAL logs are forwarded to strata logging service by default.
Usecase 4: Ingest NGFW Firewall logs on Cortex XSIAM:
Step 1: Install the Device Certificate on Firewalls
- If you have firewalls managed by Strata Cloud Manager, then you can skip installing certificates, as the firewalls already have Device certificates.
- If the Firewalls are self managed and device certificate doesn’t exist on firewalls, then follow the below steps to install device certificates on firewalls:
Install Device certificate for Firewalls.
- If you have Firewalls that are managed by Panorama, you can skip the previous steps.
- Install Device certificate on Panorama: Install Device Certificate for Panorama.
- Install Device Certificate on panorama managed firewalls: Device certificates for Panorama Managed Firewalls.
Step 2: Add Firewalls and Panorama to Cortex XSIAM Console
- Login to XSIAM Console, Go to Settings > Data Sources > Search NGFW > Connect > Add New Instance.
Figure 65: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Select the Firewall serial number from the drop down list and hit next.
Figure 66: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- If you also have Panorama, then you can also add Panorama Instance:
Figure 67: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Step 3: Configure Firewalls to forward the logs to Cloud Logging
- For Self Managed Firewalls, follow the below steps:
- Configure Firewalls to Connect to Cloud Logging
- Forward Firewall logs to Cloud Logging
- If Firewalls are managed by Panorama, follow these steps instead of 1:
- Configure Panorama Managed Firewalls to connect to Cloud Logging.
- For Firewalls managed by Strata Cloud Manager:
Firewalls managed by Strata Cloud Manager
- Verify the logs on XSIAM. Go to Cortex XSIAM UI, Incident Response > Investigation > Query Center > + New XQL Query and use the query below:
dataset = panw_ngfw_system_raw| filter log_source_id = "[NGFW device SN]
Figure 68: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Usecase 5: Ingest NGFW Firewall logs to both Strata Logging Service and Cortex XSIAM:
Step 1: Activate Strata Logging Service
[Note: This Step is needed, if you need to activate a new Strata logging Service instance]
- Activate the Strata Logging Service instance by clicking on the Activation link from the email.
Figure 69: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
a. Select your CSP Account from the “Customer Support Account” dropdown.
b. Specify the Tenant or TSG under “Specify the Recipient”, where you want to deploy the Strata logging service or create a new TSG/tenant from the dropdown, if needed.
c. Select the Region where you want your logs to be stored from the “Select Region” dropdown.
d. Click on Activate.
e. Note: If you have the Strata Cloud Manager Pro activation link, then Strata logging Service is activated as part of the Strata Cloud Manager Pro(SCM Pro) Magic link.
Figure 70: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Once Strata Logging Service is activated, it takes 10-15 minutes to provision the tenant and the Strata logging Service app on the Hub shows “In Progress”.
Figure 71: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Once Provisioning is completed, the App becomes available on Hub. Once the app is clicked, it will take you to Strata Logging Service. You will also receive an email upon successful provisioning.
Figure 72: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Step 2: Install the Device Certificate on Firewalls
- If you have firewalls managed by Strata Cloud Manager, then you can skip installing certificates, as the firewalls already have Device certificates.
- If the Firewalls are self managed and device certificate doesn’t exist on firewalls, then follow the below steps to install device certificates on firewalls:
Install Device certificate for Firewalls.
- If you have Firewalls that are managed by Panorama, you can skip the previous steps.
- Install Device certificate on Panorama: Install Device Certificate for Panorama.
- Install Device Certificate on panorama managed firewalls: Device certificates for Panorama Managed Firewalls.
Step 3: Add Firewalls and Panorama to Strata Logging Service
- For Self Managed Firewalls, follow the below steps:
Associate Firewalls to Strata Logging Service.
- For Firewalls managed by Panorama, follow the below Steps:
- Associate Panorama to Strata logging Service
- Associate Panorama Managed Firewalls to Strata logging Service
Step 4: Add Firewalls and Panorama to Cortex XSIAM Console
- Login to XSIAM Console, Go to Settings > Data Sources > Search NGFW > Connect > Add New Instance.
Figure 73: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Select the Firewall serial number from the drop down list and hit next.
Figure 74: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- If you also have Panorama, then you can also add Panorama Instance:
Figure 75: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
Step 5: Configure Firewalls to forward the logs to Strata Logging Service or Cloud Logging
- For Self Managed Firewalls, follow the below steps:
- Configure Firewalls to Connect to Cloud Logging
- Forward Firewall logs to Cloud Logging
- For Firewalls managed by Panorama:
- Configure Panorama Managed Firewalls to connect to Cloud Logging
- For Firewalls managed by Strata Cloud Manager:
Firewalls managed by Strata Cloud Manager
- Verify the Logs on Strata Logging Service UI> Explore.
Figure 76: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
- Verify the logs on XSIAM. Go to Cortex XSIAM UI, Incident Response > Investigation > Query Center > + New XQL Query and use the query below:
dataset = panw_ngfw_system_raw| filter log_source_id = "[NGFW device SN]
Figure 77: Firewall Onboarding to Strata logging Service_PaloAltoNetworks
References:
- Introduction to Strata Logging Service
- HUB
