Verify that all firewalls successfully pushed logs to the Cortex Data Lake for the last 12 hours. It's an easy way to do monitoring of the FW connection to CDL.
You can use either a manual list of FW serials or a Panorama integration to get the list of equipment to monitor.
PAN-OS to Cortex Data Lake Monitoring
- Details
- Content
- Dependencies
- Version History
Monitor the PAN-OS FW log upload to the Cortex Data Lake in a reoccurring job. The key pre-requisite is the configuration of the Cortex Data Lake integration.
Automations
| Name | Description |
|---|---|
PANOStoCortexDataLakeMonitoring |
Incident Types
| Name | Description |
|---|---|
Cortex Data Lake Monitoring | |
PAN-OS logging to Cortex Data Lake - Action Required |
Incident Fields
| Name | Description |
|---|---|
panosintegrationinstancename | The name of the PAN-OS integration instance. |
fwserials | Comma separated list of PAN-OS Firewall serial numbers. |
Layouts
| Name | Description |
|---|---|
Cortex Data Lake Monitoring | |
PAN-OS logging to Cortex Data Lake - Action Required |
Playbooks
| Name | Description |
|---|---|
| PAN-OS logging to Cortex Data Lake - Action Required | This Playbook initiates the steps needed to investigate the PAN-OS logging to Cortex Data Lake problems. |
| PAN-OS to Cortex Data Lake Monitoring - Cron Job | This playbook verifies that your FWs sent logs to the Cortex Data Lake in the last 12 hours. An email notification will be sent if it's not the case. |
Automations
| Name | Description |
|---|---|
PANOStoCortexDataLakeMonitoring | Verify that all firewalls successfully pushed logs to the Cortex Data Lake for the last 12 hours. It's an easy way to do monitoring of the FW connection to CDL. |
Incident Types
| Name | Description |
|---|---|
PAN-OS logging to Cortex Data Lake - Action Required |
Incident Fields
| Name | Description |
|---|---|
panosintegrationinstancename | The name of the PAN-OS integration instance. |
Playbooks
| Name | Description |
|---|---|
| PAN-OS logging to Cortex Data Lake - Action Required | This Playbook initiates the steps needed to investigate the PAN-OS logging to Cortex Data Lake problems. |
Required Content Packs (4)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
| Common Scripts | By: Cortex XSOAR |
| PAN-OS by Palo Alto Networks | By: Cortex XSOAR |
| Cortex Data Lake by Palo Alto Networks | By: Cortex XSOAR |
Optional Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Common Types | By: Cortex XSOAR |
All level dependencies (8)
| Pack Name | Pack By |
|---|---|
| Filters And Transformers | By: Cortex XSOAR |
| Cortex Data Lake by Palo Alto Networks | By: Cortex XSOAR |
| MITRE ATT&CK | By: Cortex XSOAR |
| Common Scripts | By: Cortex XSOAR |
| Cortex REST API | By: Cortex XSOAR |
| Common Playbooks | By: Cortex XSOAR |
| Rasterize | By: Cortex XSOAR |
| PAN-OS by Palo Alto Networks | By: Cortex XSOAR |
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Supported By | Community | |
| Created | April 12, 2021 | |
| Last Release | May 2, 2023 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
