Cortex XDR natively integrates network, endpoint, and cloud data to stop sophisticated attacks. Cortex XDR accurately detects threats with behavioral analytics and reveals the root cause to speed up investigations.

 Device Details

Device Name

Palo Alto Cortex XDR

Vendor

Palo Alto

Device Type

Network and Endpoint Protection

Supported Model Name/Number

N/A

Supported Software Version

All

Collection Method

Syslog

Configurable Log Output

Yes

Log Source Type

Syslog - Palo Alto Cortex XDR

Log Processing Policy

LogRhythm Default v2.0

Exceptions

N/A

Additional Information

https://www.paloaltonetworks.com/cortex/cortex-xdr

https://docs.paloaltonetworks.com/cortex/cortex-xdr.html

Supported Log Messages

(List of LR Tags used to parse the log information for each message type)

TypeProduct VersionSupported Schema Fields
Catch All (Palo Alto Cortex XDR)N/A<severity>
Cortex Agent MessagesN/A<vmid>, <vendorinfo>, <tag1>, <severity>, <domainorigin>, <sname>, <action>, <tag2>, <result>, <tag3>, <reason>, <subject>
Cortex Alert MessagesN/A<threatname>, <severity>, <vendorinfo>, <process>, <command>, <parentprocessname>, <dip>, <dport>, <sip>, <sport>, <hash>, <object>, <action>, <tag1>
Cortex Management MessagesN/A<vendorinfo>, <tag1>, <severity>, <login>, <action>, <result>, <tag2>, <reason>, <subject>

Revision History

KB VersionLog TypeChange TypeDetails
KB 7.1.588.0Syslog - Palo Alto Cortex XDRNew Log Source Type and DocumentationNew device support