Cortex Data Lake by Palo Alto Networks

Palo Alto Networks Cortex Data Lake XSOAR Connector provides cloud-based, centralized log storage and aggregation for your on-premise, virtual (private cloud and public cloud) firewalls, for Prisma Access, and for cloud-delivered services such as Cortex XDR

Palo Alto Cortex Data Lake provides customers with the ability to store, process, and analyze large data sets in a secure and compliant manner.

The Cortex Data Lake integration facilitates network security visualization and threat identification, automates incident response, and meets regulatory compliance requirements.

What does this pack do?

Perform queries on any field within the threat, traffic, URL, and file data firewall tables.
Reset the authentication limit cache if a call-limit error occurs.

This pack includes the following playbooks:

Cortex Data Lake - Traffic Indicators Hunting - queries Cortex Data Lake (CDL) for file indicators, including MD5 hashes, SHA256 hashes, SHA1 hashes, file names, and file types.
Cortex Data Lake - File Indicators Hunting - queries Cortex Data Lake (CDL) for traffic indicators, including IP addresses, geolocations, URLs, domains, and ports.
Cortex Data Lake - Indicators Hunting - facilitates threat hunting and detection of IOCs within Cortex Data Lake logs. The playbook and sub-playbooks query Cortex Data Lake for files, traffic, HTTP requests, and execution flows indicators. Supported IOCs for this playbook are SHA256, MD5, SHA1, IP addresses, geolocations, URLs, domains, port Numbers, file Names, file Types, URIs, Applications.

Pack Contributors:

Eric Partington

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
MITRE ATT&CK	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Certification	Certified	Read more
Supported By	Cortex
Created	July 5, 2020
Last Release	May 2, 2023

Cortex Data Lake by Palo Alto Networks

What does this pack do?

Pack Contributors:

Integrations

Cortex Data Lake XSOAR Connector

Integrations

Cortex Data Lake XSOAR Connector

Playbooks

Cortex Data Lake - File Indicators Hunting

Cortex Data Lake - Indicators Hunting

Cortex Data Lake - Traffic Indicators Hunting

Integrations

Cortex Data Lake

Playbooks

New: Cortex Data Lake - File Indicators Hunting

New: Cortex Data Lake - Traffic Indicators Hunting

New: Cortex Data Lake - Indicators Hunting

Integrations

Cortex Data Lake

PUBLISHER

PLATFORMS

INFO

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Name	Description
Cortex Data Lake - File Indicators Hunting	This playbook queries Cortex Data Lake (CDL) for file indicators, including SHA256 hashes, file names, and file types. Note that multiple search values should be separated by commas only (without spaces or any special characters).
Cortex Data Lake - Indicators Hunting	The playbook facilitates threat hunting and detection of IOCs within Cortex Data Lake logs. The playbook and sub-playbooks query Cortex Data Lake for files, traffic, HTTP requests, and execution flows indicators. Note that multiple search values should be separated by commas only (without spaces or any special characters). Supported IOCs for this playbook: SHA256 IP Addresses Geolocation URLDomain Port Number File Name File Type URI Application Separate searches are conducted for each type of indicator in the playbook.
Cortex Data Lake - Traffic Indicators Hunting	This playbook queries Cortex Data Lake (CDL) for traffic indicators, including IP addresses, geolocations, URLs, domains, and ports. Note that multiple search values should be separated by commas only (without spaces or any special characters).