Syslog - Palo Alto Cortex XDR
Device Details
Device Name | Palo Alto Cortex XDR |
|---|---|
Vendor | Palo Alto |
Device Type | Network and Endpoint Protection |
Supported Model Name/Number | N/A |
Supported Software Version | All |
Collection Method | Syslog |
Configurable Log Output | Yes |
Log Source Type | Syslog - Palo Alto Cortex XDR |
Log Processing Policy | LogRhythm Default v2.0 |
Exceptions | N/A |
Additional Information |
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
| Type | Product Version | Supported Schema Fields |
|---|---|---|
| Catch All | N/A | <severity> |
| Cortex Agent Messages | N/A | <version>, <vmid>, <vendorinfo>, <severity>, <sname>, <domainorigin>, <login> , <threatname>, <threatid>, <url>, <process>, <command>, <hash>, <object>, <parentprocesspath>, <action> |
| Cortex Agent Audit Messages | N/A | <version>, <vmid>, <vendorinfo>, <tag1>, <severity>, <domainorigin>, <sname>, <threatname>, <action>, <tag2>, <result>, <tag3>, <reason>, <subject> |
| Cortex Alert Messages | N/A | <version>, <vmid>, <vendorinfo>, <severity>, <sname>, <domainorigin>, <login>, <threatname>,<tag2>, <threatid>, <url>, <process>, <command>, <status>, <parentprocessname>, <dip>, <dport>, <sip>, <sport>, <protname>, <hash>, <object>, <hash>, <reason>, <action>, <tag1>, <subject> |
| Cortex BIOC Messages | N/A | <version>, <vmid>, <vendorinfo>, <severity>, <sname>, <domainorigin>, <login>, <threatname>, <threatid>, <url>, <process>, <command>, <hash>, <object> <parentprocesspath>, <action> |
| Cortex IOC Messages | N/A | <version>, <vmid>, <vendorinfo>, <severity>, <sname>, <login>, <domainorigin>, <threatname>, <threatid>, <url>, <process>, <command>, <dip>, <dport>, <sip>, <sport>, <protname>, <hash>, <object>, <parentprocesspath>, <action> |
| Cortex Management Audit Messages | N/A | <version>, <vmid>, <vendorinfo>, <tag1>, <severity>, <threatid>, <login>, <domainorigin>, <action>, <result>, <tag2>, <reason>, <subject> |
Revision History
| KB Version | Log Type | Change Type | Details |
|---|---|---|---|
| KB 7.1.588.0 | Syslog - Palo Alto Cortex XDR | New Log Source Type and Documentation | New device support |