Palo Alto Networks® Cortex Data Lake

Version: Palo Alto Networks® Cortex Data Lake

The Palo Alto Networks® Cortex Data Lake stores the context-rich enhanced network logs generated by the security products, including the next-generation firewalls, Prisma Access, and Cortex XDR.

Netsurion Open XDR helps to monitor events from Palo Alto Networks® Cortex Data Lake. Its dashboard, alerts, and reports will help you track authentication activities, threat activities, traffic activities, and configuration changes. It will trigger an alert whenever user authentication fails, a threat is detected, configuration is successfully changed, and an unauthorized configuration change is attempted.

After Palo Alto Networks® Cortex Data Lake is configured to deliver events to Netsurion Open XDR, the alerts, dashboards, and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Palo Alto Networks Cortex DL – Authentication Failed This alert is triggered when authentication failure is detected in Palo Alto Networks® Cortex Data Lake.
Security Palo Alto Networks Cortex DL – Web traffic blocked This alert is triggered when web traffic is blocked in Palo Alto Networks® Cortex Data Lake.
Security Palo Alto Networks Cortex DL – Successful configuration changed This alert is triggered when successful configuration change is detected in Palo Alto Networks® Cortex Data Lake.
Security Palo Alto Networks Cortex DL – Threat detected This alert is triggered when a threat is detected in Palo Alto Networks® Cortex Data Lake.
Security Palo Alto Networks Cortex DL – Unauthorized configuration change action This alert is triggered when unauthorized configuration change action is detected in Palo Alto Networks® Cortex Data Lake.

Reports

Type Name Description
Security Palo Alto Networks Cortex DL – Configuration changes This report provides a detailed summary of configuration changes. It contains a source IP address, log source, destination username, and more.
Security Palo Alto Networks Cortex DL – Authentication Activities This report provides a detailed summary of authentication activity. It contains a source IP address, log source, source username, destination username, and more.
Security Palo Alto Networks Cortex DL – Threat activities This report provides a detailed summary of threat activity. It contains a source IP address, log source, source username, destination username, http request, direction of attack, and more.
Security Palo Alto Networks Cortex DL – Traffic Activities This report provides a detailed summary of traffic activity. It contains a source IP address, log source, source username, destination username, Protocol type, and more.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Palo Alto Networks® Cortex Data Lake.

Download Integration Guide and How-to Guide for configuration instructions and more information.