Palo Alto Networks® Cortex Data Lake

Version: Palo Alto Networks® Cortex Data Lake

The Palo Alto Networks® Cortex Data Lake stores the context-rich enhanced network logs generated by the security products, including the next-generation firewalls, Prisma Access, and Cortex XDR.

Netsurion's Open XDR platform helps to monitor events from Palo Alto Networks® Cortex Data Lake. Its dashboard, alerts, and reports will help you track authentication activities, threat activities, traffic activities, and configuration changes. It will trigger an alert whenever user authentication fails, a threat is detected, configuration is successfully changed, and an unauthorized configuration change is attempted.

After Palo Alto Networks® Cortex Data Lake is configured to deliver events to Netsurion's Open XDR platform, the alerts, dashboards, and reports can be configured into Netsurion's Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security Palo Alto Networks Cortex DL - Authentication Failed This alert is triggered when authentication failure is detected in Palo Alto Networks® Cortex Data Lake.
Security Palo Alto Networks Cortex DL - Web traffic blocked This alert is triggered when web traffic is blocked in Palo Alto Networks® Cortex Data Lake.
Security Palo Alto Networks Cortex DL - Successful configuration changed This alert is triggered when successful configuration change is detected in Palo Alto Networks® Cortex Data Lake.
Security Palo Alto Networks Cortex DL - Threat detected This alert is triggered when a threat is detected in Palo Alto Networks® Cortex Data Lake.
Security Palo Alto Networks Cortex DL - Unauthorized configuration change action This alert is triggered when unauthorized configuration change action is detected in Palo Alto Networks® Cortex Data Lake.

Reports

Type Name Description
Security Palo Alto Networks Cortex DL - Configuration changes This report provides a detailed summary of configuration changes. It contains a source IP address, log source, destination username, and more.
Security Palo Alto Networks Cortex DL - Authentication Activities This report provides a detailed summary of authentication activity. It contains a source IP address, log source, source username, destination username, and more.
Security Palo Alto Networks Cortex DL - Threat activities This report provides a detailed summary of threat activity. It contains a source IP address, log source, source username, destination username, http request, direction of attack, and more.
Security Palo Alto Networks Cortex DL - Traffic Activities This report provides a detailed summary of traffic activity. It contains a source IP address, log source, source username, destination username, Protocol type, and more.

Documentation

The configuration details are consistent with Netsurion version 9.3 and later, and Palo Alto Networks® Cortex Data Lake.

Download Integration Guide and How-to Guide for more information and to configuration instructions.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept