PAN-OS to Cortex Data Lake Monitoring

Details
Content
Dependencies
Version History

Monitor the PAN-OS FW log upload to the Cortex Data Lake in a reoccurring job. The key pre-requisite is the configuration of the Cortex Data Lake integration.

Layouts

Name	Description
PAN-OS logging to Cortex Data Lake - Action Required
Cortex Data Lake Monitoring

Incident Fields

Name	Description
fwserials	Comma separated list of PAN-OS Firewall serial numbers.
panosintegrationinstancename	The name of the PAN-OS integration instance.

Automations

Name	Description
PANOStoCortexDataLakeMonitoring	Verify that all firewalls successfully pushed logs to the Cortex Data Lake for the last 12 hours. It's an easy way to do monitoring of the FW connection to CDL. You can use either a manual list of FW serials or a Panorama integration to get the list of equipment to monitor.

Incident Types

Name	Description
Cortex Data Lake Monitoring
PAN-OS logging to Cortex Data Lake - Action Required

Playbooks

Name	Description
PAN-OS to Cortex Data Lake Monitoring - Cron Job	This playbook verifies that your FWs sent logs to the Cortex Data Lake in the last 12 hours. An email notification will be sent if it's not the case. This playbook is designed to run as a job.
PAN-OS logging to Cortex Data Lake - Action Required	This Playbook initiates the steps needed to investigate the PAN-OS logging to Cortex Data Lake problems.

Required Content Packs (4)

Pack Name	Pack By
Base	By: Cortex XSOAR
Cortex Data Lake by Palo Alto Networks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
PAN-OS by Palo Alto Networks	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (9)

Pack Name	Pack By
PAN-OS by Palo Alto Networks	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
MITRE ATT&CK	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Cortex Data Lake by Palo Alto Networks	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR

PUBLISHER

Brice RENAUD

PLATFORMS

Cortex XSOAR

INFO

Supported By	Community
Created	April 12, 2021
Last Release	July 25, 2023

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.