Device Details
|
Device Name |
Palo Alto Cortex XDR |
|---|---|
|
Vendor |
Palo Alto |
|
Device Type |
Network and Endpoint Protection |
|
Supported Model Name/Number |
N/A |
|
Supported Software Version |
All |
|
Collection Method |
Syslog |
|
Configurable Log Output |
Yes |
|
Log Source Type |
Syslog - Palo Alto Cortex XDR |
|
Log Processing Policy |
LogRhythm Default v2.0 |
|
Exceptions |
N/A |
|
Additional Information |
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
|
Type |
Product Version |
Supported Schema Fields |
|---|---|---|
|
Catch All |
N/A |
<severity> |
|
Cortext Agent Messages |
N/A |
<version>, <vmid>, <vendorinfo>, <severity>, <sname>, <domainorigin>, <login> , <threatname>, <threatid>, <url>, <process>, <command>, <hash>, <object>, <parentprocesspath>, <reason>, <action> |
|
Cortex Agent Audit Messages |
N/A |
<version>, <vmid>, <vendorinfo>, <tag1>, <severity>, <domainorigin>, <sname>, <threatname>, <action>, <tag2>, <result>, <tag3>, <reason>, <subject> |
|
Cortex Alert Messages |
N/A |
<version>, <vmid>, <vendorinfo>, <severity>, <sname>, <domainorigin>, <login>, <threatname>,<tag2>, <threatid>, <url>, <process>, <command>, <status>, <parentprocessname>, <dip>, <dport>, <sip>, <sport>, <protname>, <hash>, <object>, <hash>, <reason>, <action>, <tag1>, <subject> |
|
Cortex BIOC Messages |
N/A |
<version>, <vmid>, <vendorinfo>, <severity>, <sname>, <domainorigin>, <login>, <threatname>, <threatid>, <url>, <process>, <command>, <hash>, <object> <parentprocesspath>, <action> |
|
Cortex IOC Messages |
N/A |
<version>, <vmid>, <vendorinfo>, <severity>, <sname>, <login>, <domainorigin>, <threatname>, <threatid>, <url>, <process>, <command>, <dip>, <dport>, <sip>, <sport>, <protname>, <hash>, <object>, <parentprocesspath>, <action> |
|
Cortex Management Audit Messages |
N/A |
<version>, <vmid>, <vendorinfo>, <tag1>, <severity>, <threatid>, <login>, <domainorigin>, <action>, <result>, <tag2>, <reason>, <subject> |
Revision History
|
KB Version |
Log Type |
Change Type |
Details |
|---|---|---|---|
|
KB 7.1.588.0 |
Syslog - Palo Alto Cortex XDR |
New Log Source Type and Documentation |
New device support |