Skip to main content

Cortex Data Lake by Palo Alto Networks

Download With Dependencies

Palo Alto Networks Cortex Data Lake XSOAR Connector provides cloud-based, centralized log storage and aggregation for your on-premise, virtual (private cloud and public cloud) firewalls, for Prisma Access, and for cloud-delivered services such as Cortex XDR

Palo Alto Cortex Data Lake provides customers with the ability to store, process, and analyze large data sets in a secure and compliant manner.

The Cortex Data Lake integration facilitates network security visualization and threat identification, automates incident response, and meets regulatory compliance requirements.

What does this pack do?

  • Perform queries on any field within the threat, traffic, URL, and file data firewall tables.
  • Reset the authentication limit cache if a call-limit error occurs.

This pack includes the following playbooks:

  • Cortex Data Lake - Traffic Indicators Hunting - queries Cortex Data Lake (CDL) for file indicators, including MD5 hashes, SHA256 hashes, SHA1 hashes, file names, and file types.
  • Cortex Data Lake - File Indicators Hunting - queries Cortex Data Lake (CDL) for traffic indicators, including IP addresses, geolocations, URLs, domains, and ports.
  • Cortex Data Lake - Indicators Hunting - facilitates threat hunting and detection of IOCs within Cortex Data Lake logs. The playbook and sub-playbooks query Cortex Data Lake for files, traffic, HTTP requests, and execution flows indicators. Supported IOCs for this playbook are SHA256, MD5, SHA1, IP addresses, geolocations, URLs, domains, port Numbers, file Names, file Types, URIs, Applications.

Pack Contributors:


  • Eric Partington

Contributions are welcome and appreciated. For more info, visit our Contribution Guide.

PUBLISHER

Cortex

PLATFORMS

Cortex XSOAR

INFO

CertificationRead more
Supported ByCortex
CreatedJuly 5, 2020
Last ReleaseNovember 5, 2023
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.